virus - help

Hi,

I have several problems - seems to be virus(es) (windows opened automatically with advertising, slower windows,etc ).

I an norton anti virus (I had mcaffee and remove it - but for some reasons the mcaffe security center refuse to be remove).

anyway, the hijackthis.log, Deckard's and SmitFraudFix logs are below,
(it is divided in separate threads since the logs are too much long )

Regards,
llan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:01, on 2007-11-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\WINDOWS\SYSTEM32\DNTUS26.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\system32\xrxcisdh.exe
C:\WINDOWS\System32\CNDNDlg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tlv.sap.corp;*.dhcp.tlv.sap.corp;*.wdf.sap.corp;*.sap.corp;*.wdf.sap-ag.de;*.pal.sap.corp;*.perflab.com;10.*.*.*;<local>
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: febooti ie&Zoom - {605F5EB4-E40B-4000-BD60-70CF5494ED9F} - C:\Program Files\febooti ieZoom\ieZoom.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\IXOS-eCONtext\bin\CfgDownload.exe
O4 - HKLM\..\Run: [AdminCheck] wscript "C:\Program Files\sap\eus\_admincheck.vbs "
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [hglclcti] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hglclcti.dll "
O4 - HKLM\..\Run: [BDSwitchAgent] C:\PROGRA~1\Softwin\BITDEF~2\bdswitch.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [f0a87353] rundll32.exe "C:\WINDOWS\system32\agmjabjk.dll ",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-20 Startup: Set_IE_Settings.vbs (User 'NETWORK SERVICE')
O4 - S-1-5-20 Startup: TA_Start.lnk = C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun11.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Fix_GUI620.vbs (User 'Default user')
O4 - .DEFAULT User Startup: LoadSAPDefault.lnk = C:\Program Files\SAP\EUS\!startup.vbs (User 'Default user')
O4 - .DEFAULT User Startup: Set_IE_Settings.vbs (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BGinfo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AbsoluteToolbar - {5614CCAE-1E8F-49a4-B64B-BD846A2DCAF6} - C:\Program Files\AbsoluteToolbar\AbsoluteToolbar152.dll
O9 - Extra 'Tools' menuitem: AbsoluteToolbar - {5614CCAE-1E8F-49a4-B64B-BD846A2DCAF6} - C:\Program Files\AbsoluteToolbar\AbsoluteToolbar152.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://intranet.sap.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142456071785
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142456055612
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.zoom2foto.co.il/Modules/Main/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tlv.sap.corp
O17 - HKLM\Software\..\Telephony: DomainName = tlv.sap.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tlv.sap.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tlv.sap.corp,dhcp.tlv.sap.corp,wdf.sap.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tlv.sap.corp
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINDOWS\SYSTEM32\DNTUS26.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\xrxcisdh.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Rescue_Account - Unknown owner - C:\WINDOWS\srvany.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9856 bytes



-

SmitFraudFix v2.252

Scan done at 9:07:12.99, 2007-11-13
Run from C:\Documents and Settings\i026024\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: 3Com EtherLink 10/100 PCI TX NIC (3C905B-TX) - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

Description: Ralink Turbo Wireless LAN Card - Packet Scheduler Miniport
DNS Server Search Order: 10.0.0.138

HKLM\SYSTEM\CCS\Services\Tcpip\..\{109D4BE1-A2ED-4E09-B7B5-F5EB608BD5C4}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CCS\Services\Tcpip\..\{74FFBCB7-469F-41E8-8936-B7147E05AD73}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{74FFBCB7-469F-41E8-8936-B7147E05AD73}: DhcpNameServer=10.26.164.10 10.26.164.11
HKLM\SYSTEM\CS2\Services\Tcpip\..\{109D4BE1-A2ED-4E09-B7B5-F5EB608BD5C4}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{74FFBCB7-469F-41E8-8936-B7147E05AD73}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

conitnue last post

Deckard's System Scanner v20071014.68
Run by i026024 on 2007-11-13 08:49:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2007-11-13 06:49:46 UTC - RP637 - Deckard's System Scanner Restore Point
43: 2007-11-12 10:06:10 UTC - RP636 - System Checkpoint
42: 2007-11-08 19:18:58 UTC - RP635 - System Checkpoint
41: 2007-11-07 18:18:54 UTC - RP634 - System Checkpoint
40: 2007-11-06 17:33:14 UTC - RP633 - System Checkpoint


-- First Restore Point --
1: 2007-09-30 06:48:46 UTC - RP594 - System Checkpoint


Performed disk cleanup.

System Drive C: has 0.88 GiB (less than 15%) free.


-- HijackThis (run as i026024.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52, on 2007-11-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\WINDOWS\SYSTEM32\DNTUS26.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\system32\xrxcisdh.exe
C:\WINDOWS\System32\CNDNDlg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\i026024\Desktop\dss.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\i026024.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.tlv.sap.corp;*.dhcp.tlv.sap.corp;*.wdf.sap.corp;*.sap.corp;*.wdf.sap-ag.de;*.pal.sap.corp;*.perflab.com;10.*.*.*;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\iohbaxul.dll
O2 - BHO: (no name) - {A8846D43-D083-4280-9402-F42CB8AA5529} - C:\WINDOWS\system32\pmkih.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: febooti ie&Zoom - {605F5EB4-E40B-4000-BD60-70CF5494ED9F} - C:\Program Files\febooti ieZoom\ieZoom.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [CfgDownload] C:\Program Files\IXOS\IXOS-eCONtext\bin\CfgDownload.exe
O4 - HKLM\..\Run: [AdminCheck] wscript "C:\Program Files\sap\eus\_admincheck.vbs "
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O4 - HKLM\..\Run: [hglclcti] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\hglclcti.dll "
O4 - HKLM\..\Run: [BDSwitchAgent] C:\PROGRA~1\Softwin\BITDEF~2\bdswitch.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [f0a87353] rundll32.exe "C:\WINDOWS\system32\agmjabjk.dll ",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-20 Startup: Set_IE_Settings.vbs (User 'NETWORK SERVICE')
O4 - S-1-5-20 Startup: TA_Start.lnk = C:\Documents and Settings\NetworkService\Local Settings\Temp\stdrun11.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Fix_GUI620.vbs (User 'Default user')
O4 - .DEFAULT User Startup: LoadSAPDefault.lnk = C:\Program Files\SAP\EUS\!startup.vbs (User 'Default user')
O4 - .DEFAULT User Startup: Set_IE_Settings.vbs (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BGinfo.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AbsoluteToolbar - {5614CCAE-1E8F-49a4-B64B-BD846A2DCAF6} - C:\Program Files\AbsoluteToolbar\AbsoluteToolbar152.dll
O9 - Extra 'Tools' menuitem: AbsoluteToolbar - {5614CCAE-1E8F-49a4-B64B-BD846A2DCAF6} - C:\Program Files\AbsoluteToolbar\AbsoluteToolbar152.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://intranet.sap.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142456071785
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1142456055612
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.zoom2foto.co.il/Modules/Main/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tlv.sap.corp
O17 - HKLM\Software\..\Telephony: DomainName = tlv.sap.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tlv.sap.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = tlv.sap.corp,dhcp.tlv.sap.corp,wdf.sap.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tlv.sap.corp
O20 - Winlogon Notify: winbft32 - C:\WINDOWS\
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DameWare NT Utilities 2.6 (DNTUS26) - DameWare Development - C:\WINDOWS\SYSTEM32\DNTUS26.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\xrxcisdh.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Rescue_Account - Unknown owner - C:\WINDOWS\srvany.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10541 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071001-121230-113 O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
backup-20071001-121230-135 O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
backup-20071001-121230-182 O4 - HKUS\S-1-5-20\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'NETWORK SERVICE')
backup-20071001-121230-249 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
backup-20071001-121230-388 O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
backup-20071001-121230-395 O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
backup-20071001-121230-715 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
backup-20071001-121230-746 O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
backup-20071001-121230-783 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
backup-20071001-121230-787 O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
backup-20071001-121230-825 O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
backup-20071001-121230-872 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
backup-20071001-121230-912 O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
backup-20071001-121230-918 O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Gernuwa - c:\windows\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awlegacy - c:\windows\system32\drivers\awlegacy.sys <Not Verified; Symantec Corporation; pcAnywhere>
R3 Eacfilt (Eacfilt Miniport) - c:\windows\system32\drivers\eacfilt.sys <Not Verified; Nortel Networks; Filter Driver for CVC>
R3 IPSECSHM (Nortel IPSECSHM Adapter) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R4 black - c:\windows\system32\drivers\blackdrv.sys <Not Verified; Internet Security Systems, Inc.; ICEpac>

S1 bdpredir - c:\program files\softwin\bitdefender10\bdpredir.sys (file missing)
S2 BDRSDRV - c:\program files\softwin\bitdefender10\bdrsdrv.sys (file missing)
S2 IPSECEXT (Nortel Extranet Access Protocol) - c:\windows\system32\drivers\ipsecw2k.sys <Not Verified; Nortel Networks; Contivity VPN Client>
S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 bdfdll - c:\program files\softwin\bitdefender10\bdfdll.sys (file missing)
S3 BDFSDRV - c:\program files\softwin\bitdefender10\bdfsdrv.sys (file missing)
S3 prepdrvr (SMS Process Event Driver) - c:\windows\system32\ccm\prepdrv.sys <Not Verified; Microsoft Corporation; Systems Management Server>
S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 SANDRA - c:\program files\sisoftware\sisoftware sandra pro home 2007\sandra.sys (file missing)
S4 AW_HOST - c:\windows\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlackICE - "c:\program files\iss\isssensors\desktopprotection\blackd.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems Inc. blackd>
R2 CcmExec (SMS Agent Host) - c:\windows\system32\ccm\ccmexec.exe <Not Verified; Microsoft Corporation; Systems Management Server>
R2 DNTUS26 (DameWare NT Utilities 2.6) - c:\windows\system32\dntus26.exe <Not Verified; DameWare Development; DameWare Development Remote Command Server>
R2 DomainService - c:\windows\system32\xrxcisdh.exe /service <Not Verified; ; DDC>

S2 DWMRCS (DameWare Mini Remote Control) - c:\windows\system32\dwrcs.exe -service <Not Verified; DameWare Development; DameWare Development DWRCS>
S2 Rescue_Account - c:\windows\srvany.exe (file missing)
S3 awhost32 (pcAnywhere Host Service) - c:\program files\symantec\pcanywhere\awhost32.exe <Not Verified; Symantec Corporation; pcAnywhere>
S3 RapApp - "c:\program files\iss\isssensors\desktopprotection\rapapp.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems, Inc. Rap Protection System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: Multimedia Controller
Device ID: PCI\VEN_1105&DEV_8300&SUBSYS_00000000&REV_02\4&3A33F01C&0&48F0
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_1105&DEV_8300&SUBSYS_00000000&REV_02\4&3A33F01C&0&48F0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-11-09 20:00:00 534 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - i026024.job


-- Files created between 2007-10-13 and 2007-11-13 -----------------------------

2007-11-13 08:50:56 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-13 08:50:55 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-13 08:50:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-13 08:50:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-13 08:50:53 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-13 08:48:29 89664 --a------ C:\WINDOWS\system32\agmjabjk.dll
2007-11-13 08:45:54 71232 --a------ C:\WINDOWS\system32\skoxrwpi.exe <Not Verified; ; DDC>
2007-11-13 05:52:40 89664 --a------ C:\WINDOWS\system32\joivwlsn.dll
2007-11-13 05:52:23 71232 --a------ C:\WINDOWS\system32\wmdrmjhs.exe <Not Verified; ; DDC>
2007-11-12 05:55:28 88128 -----n--- C:\WINDOWS\system32\pumewdad.dll
2007-11-12 05:50:03 71232 --a------ C:\WINDOWS\system32\xrxcisdh.exe <Not Verified; ; DDC>
2007-11-05 21:41:53 85568 -----n--- C:\WINDOWS\system32\rhfibxgu.dll
2007-11-04 07:30:25 87616 --a------ C:\WINDOWS\system32\oxklkssg.dll
2007-11-04 07:10:57 98 --a------ C:\FrmInstRemoveXP1.bat
2007-11-04 06:58:35 0 d-------- C:\WINDOWS\35C03C043F1F42C2A989A757EE691F65.TMP
2007-10-26 06:50:13 0 d-------- C:\Program Files\SymNetDrv
2007-10-22 08:18:06 4608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys <Not Verified; Symantec Corporation; Symantec Core Component>
2007-10-22 08:17:47 0 d-------- C:\Program Files\Norton AntiVirus
2007-10-16 08:50:27 0 d-------- C:\Program Files\McAfee
2007-10-16 08:50:27 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-10-16 08:49:03 0 d-------- C:\Program Files\McAfee.com
2007-10-16 08:28:35 85056 --a------ C:\WINDOWS\system32\oonfvmxs.dll
2007-10-16 01:30:21 85056 --a------ C:\WINDOWS\system32\htrnhilv.dll
2007-10-15 10:26:39 85056 --a------ C:\WINDOWS\system32\jnqbtokj.dll
2007-10-15 06:11:34 0 d-------- C:\Documents and Settings\i026024\Application Data\WinRAR
2007-10-15 06:10:31 85056 --a------ C:\WINDOWS\system32\jftdmmem.dll


-- Find3M Report ---------------------------------------------------------------

2007-11-13 08:53:33 107445 ---hs---- C:\WINDOWS\system32\hikmp.ini2
2007-11-13 08:45:48 115339 ---hs---- C:\WINDOWS\system32\hikmp.bak2
2007-11-13 05:50:04 112251 ---hs---- C:\WINDOWS\system32\hikmp.bak1
2007-11-12 05:55:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-12 05:46:29 0 d-------- C:\Program Files\Common Files
2007-11-04 21:32:08 0 d-------- C:\Program Files\Acjtrvdl
2007-10-26 06:50:43 0 d-------- C:\Program Files\Symantec
2007-10-11 19:52:21 84032 --a------ C:\WINDOWS\system32\epdxsfvy.dll
2007-10-11 12:38:44 0 d-------- C:\Program Files\xujutibu
2007-10-09 12:19:15 0 d-------- C:\Program Files\Network Associates
2007-10-09 12:13:58 81984 --a------ C:\WINDOWS\system32\bdod.bin
2007-10-08 21:58:26 0 d-------- C:\Program Files\VS Revo Group
2007-10-08 21:57:47 0 d-------- C:\Program Files\CrazyPug Software
2007-10-08 21:15:10 14 --a------ C:\WINDOWS\system32\getfile.dat
2007-10-03 08:57:40 77376 --a------ C:\WINDOWS\system32\iohbaxul.dll
2007-10-01 08:56:12 85056 -----n--- C:\WINDOWS\system32\qrswwami.dll
2007-10-01 08:12:07 0 d-------- C:\Documents and Settings\i026024\Application Data\Symantec
2007-10-01 07:31:15 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-30 09:19:38 3442 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-30 09:15:22 84032 --a------ C:\WINDOWS\system32\ptyfanuh.dll
2007-09-30 08:48:27 316000 --a------ C:\WINDOWS\system32\pmkih.dll
2007-09-30 08:32:34 1032570 --a------ C:\SmitfraudFix.exe <SMITFR~1.EXE>
2007-09-28 18:57:45 0 d-------- C:\Program Files\Trend Micro


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
2007-10-03 08:57 77376 --a------ C:\WINDOWS\system32\iohbaxul.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8846D43-D083-4280-9402-F42CB8AA5529}]
2007-09-30 08:48 316000 --a------ C:\WINDOWS\system32\pmkih.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7092FE0A-9993-4A48-8949-619A3C4C76B9} "= C:\Program Files\AbsoluteToolbar\AbsoluteToolbar152.dll [2006-01-04 15:35 237568]

[-HKEY_CLASSES_ROOT\CLSID\{7092FE0A-9993-4A48-8949-619A3C4C76B9}]
[HKEY_CLASSES_ROOT\DBrowser.DBrowserBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5141BCBA-3395-4c83-B723-B7BF1FBC9E24}]
[HKEY_CLASSES_ROOT\DBrowser.DBrowserBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCameraAssistant "= "C:\Program Files\Logitech\Video\CameraAssistant.exe" []
"CfgDownload "= "C:\Program Files\IXOS\IXOS-eCONtext\bin\CfgDownload.exe" []
"AdminCheck "= "wscript C:\Program Files\sap\eus\_admincheck.vbs" []
"LogitechVideo[inspector] "= "C:\Program Files\Logitech\Video\InstallHelper.exe" []
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" []
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 02:43]
"hglclcti "= "regsvr32 /u C:\Documents and Settings\All Users\Application Data\hglclcti.dll" []
"BDSwitchAgent "= "C:\PROGRA~1\Softwin\BITDEF~2\bdswitch.exe" []
"MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-07-01 19:22]
"MCUpdateExe "= "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2005-07-08 17:16]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"Symantec NetDriver Monitor "= "C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-10-26 06:50]
"f0a87353 "= "C:\WINDOWS\system32\agmjabjk.dll" [2007-11-13 08:48]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:56]
"LogitechSoftwareUpdate "= "C:\Program Files\Logitech\Video\ManifestEngine.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
BGinfo.lnk - C:\WINDOWS\Bginfo\Bginfo.exe [2005-06-16 16:04:24]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-10-13 19:41:46]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [2006-10-18 18:59:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents "=1 (0x1)
"NoMSAppLogo5ChannelNotify "=0 (0x0)
"NoToolbarCustomize "=0 (0x0)
"NoBandCustomize "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFavoritesMenu "=0 (0x0)
"NoChangeStartMenu "=0 (0x0)
"NoRecentDocsMenu "=0 (0x0)
"NoRecentDocsHistory "=0 (0x0)
"ClearRecentDocsOnExit "=0 (0x0)
"NoLogoff "=0 (0x0)
"NoSetTaskbar "=0 (0x0)
"NoTrayContextMenu "=0 (0x0)
"NoFileMenu "=0 (0x0)
"EnforceShellExtensionSecurity "=0 (0x0)
"LinkResolveIgnoreLinkInfo "=0 (0x0)
"NoNetConnectDisconnect "=0 (0x0)
"NoDeletePrinter "=0 (0x0)
"NoAddPrinter "=0 (0x0)
"NoPrinterTabs "=0 (0x0)
"Btn_Back "=0 (0x0)
"Btn_Forward "=0 (0x0)
"Btn_Stop "=0 (0x0)
"Btn_Refresh "=0 (0x0)
"Btn_Home "=0 (0x0)
"Btn_Search "=0 (0x0)
"Btn_History "=0 (0x0)
"Btn_Favorites "=0 (0x0)
"Btn_Media "=0 (0x0)
"Btn_Folders "=0 (0x0)
"Btn_Fullscreen "=0 (0x0)
"Btn_Tools "=0 (0x0)
"Btn_MailNews "=0 (0x0)
"Btn_Size "=0 (0x0)
"Btn_Print "=0 (0x0)
"Btn_Edit "=0 (0x0)
"Btn_Discussions "=0 (0x0)
"Btn_Cut "=0 (0x0)
"Btn_Copy "=0 (0x0)
"Btn_Paste "=0 (0x0)
"Btn_Encoding "=0 (0x0)
"Btn_PrintPreview "=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429} "= C:\PROGRA~1\DVDIDL~1\DVDShell.dll [2003-01-29 14:58 40960]
"{0868E7A4-82FD-48ED-942F-AC7CEC0280C3} "= C:\WINDOWS\system32\urqpomn.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 12:51 24638 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winbft32]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\\WINDOWS\\system32\\pmkih

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^i026024^Start Menu^Programs^Startup^PartMetBackup.lnk]
backup=C:\WINDOWS\pss\PartMetBackup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ShStatEXE "= "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1067f00-3931-11da-a1d5-806d6172696f}]
AutoRun\command- C:\CDStart.Exe
Install\Command- C:\navsetup.exe




-- End of Deckard's System Scanner: finished at 2007-11-13 08:55:34 ------------

 

conitnue last post

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 511.46 MiB / 142.96 MiB
Pagefile Memory (total/avail): 1248.46 MiB / 930.57 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.41 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 28.63 GiB total, 0.88 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - Maxtor 6E030L0 - 28.63 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 28.63 GiB - C:

\\.\PHYSICALDRIVE1 - USB Disk USB Disk USB Device - 243.17 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 244.98 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.

FW: Norton Internet Worm Protection v2005 (Symantec)
FW: Bitdefender Firewall v8.0 (Softwin) Disabled
AV: Bitdefender Antivirus v8.0 (Softwin) Disabled Outdated
AV: Norton AntiVirus 2005 v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\emuleextreme\\Copy of emule.exe "= "C:\\emuleextreme\\Copy of emule.exe:*:Enabled:eMule "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"C:\\WINDOWS\\system32\\athhbyyk.exe "= "C:\\WINDOWS\\system32\\ath "
"C:\\Program Files\\Internet Explorer\\iexplore.exe "= "C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer "
"C:\\Program Files\\Messenger\\Msmsgs.exe "= "C:\\Program Files\\Messenger\\Msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\WINDOWS\\system32\\eqncxvpw.exe "= "C:\\WINDOWS\\system32\\eqn "
"C:\\WINDOWS\\system32\\ttamwdsa.exe "= "C:\\WINDOWS\\system32\\tta "
"C:\\WINDOWS\\system32\\dmqtorfn.exe "= "C:\\WINDOWS\\system32\\dmq "
"C:\\WINDOWS\\system32\\xrxcisdh.exe "= "C:\\WINDOWS\\system32\\xrx "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\i026024\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=P026024H
ComSpec=C:\WINDOWS\system32\cmd.exe
CREDDIR=\\pse.wdf.sap.corp\serving.pse\I026024\secude
DIRCMD=/OGN /P
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
homeloc=TLV
HOMEPATH=\Documents and Settings\i026024
LOGONSERVER=\\SAPTLV00
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\SECUDE\SECUDE~1;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\IXOS\IXOS-eCONtext\bin;;C:\Program Files\IXOS\IXOS-eCONtext\opt\ORA\bin;C:\Program Files\Common Files\OpSession\Shared;C:\Program Files\Common Files\OpSession\Viewer Shared;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
PSEServer=\\pse.wdf.sap.corp
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SNC_LIB=C:\Program Files\SECUDE\SECUDE for R3\secude.dll
SSF_LIBRARY_PATH=\\dwdf040\security\secude5.2\libssf.dll
SystemDrive=C:
SystemRoot=C:\WINDOWS
TDW_Timeout=240
TEMP=C:\DOCUME~1\i026024\LOCALS~1\Temp
Thin=0
TMP=C:\DOCUME~1\i026024\LOCALS~1\Temp
USERDNSDOMAIN=SAP.CORP
USERDOMAIN=SAP_ALL
USERNAME=i026024
USERPROFILE=C:\Documents and Settings\i026024
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

(new local, admin)
(new local, admin)
(new local, admin)
L2MFIX (new local, admin)
Administrator (admin)
(admin)
i026024 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
##CAMERADRIVERNAME## --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l0409
פותחים חשבון א-ג --> C:\CETDATA\TFN2\Uninst\Uncet.exe
AbsoluteToolbar 1.5.2 --> "C:\Program Files\AbsoluteToolbar\unins000.exe "
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Autodesk MapGuide(R) Viewer ActiveX Control Release 6.3 --> MsiExec.exe /I{ECD94AA1-D865-4EF4-8F7C-5AA68D37ABE9}
Avaya Voice Player 2.0 --> C:\PROGRA~1\Avaya\lvp32\UNWISE.EXE C:\PROGRA~1\Avaya\lvp32\INSTALL.LOG
Babylon --> C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe
BGinfo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9EBA348-4904-403F-855C-72C00CBD9093}\Setup.exe" -l0x9
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe "
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5ADA9741-0570-4096-B5FE-1D55E57537D4}
Canon PhotoRecord --> MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}
Canon PIXMA iP1000 --> C:\WINDOWS\System32\CNMCP6e.exe "-PRINTERNAMECanon PIXMA iP1000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP1000 Installer\Inst2\cnmi0409.dll "
Canon PowerShot G3 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE99B4DC-754E-4D40-AFA6-AB43248231EC}
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Canon Utilities Easy-PrintToolBox --> C:\WINDOWS\BJPSUNST.EXE
Canon Utilities File Viewer Utility 1.2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB3AC39D-9915-435D-ACC4-9881E75326BC}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Cinderella Doll's House --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\DISNEY~1\DeIsL1.isu
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
DominateGame 20050929 (dominate) --> C:\PROGRA~1\DOMINA~1\Setup.exe /remove
DVDIdle Pro 2.18 --> "C:\Program Files\DVDIdle Pro\unins000.exe "
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Canon\Easy-WebPrint\Uninst.isu "
Elecard MPEG-2 Decoder&Streaming Pack --> "C:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Pack 3.0.50824\Uninstall.exe" "C:\Program Files\Elecard\Elecard MPEG-2 Decoder&Streaming Pack 3.0.50824\install.log "
febooti ieZoom toolbar --> C:\Program Files\febooti ieZoom\unfzoom.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Internet Explorer Q903235 --> C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q903235.inf
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Interwise Participant --> MsiExec.exe /I{57B48C82-2A76-4CC1-A448-7B304013C11B}
iPassConnect SAPVPN --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000007337}\setup.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{13616DE2-9795-4910-8C93-80D45AF09658} /l1033
IXOS-eCON Clients --> MsiExec.exe /I{A172C9C8-1C70-11D6-A246-0001020BC164}
IXOS-eCON Clients Languages --> MsiExec.exe /I{30ECE66A-C503-4E88-9E3D-4962F568C05E}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 2.54 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
LEGO Chess --> C:\WINDOWS\uninst.exe -f "C:\Program Files\LEGO Media\Games\DeIsL3.isu "
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}\setup.exe" -l0x9
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Master Settings 1.0.6 --> MsiExec.exe /I{51F9828B-3636-4655-8951-393627783EA6}
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
MetFileRegenerator v3.013.10 --> "C:\Program Files\MetFileRegenerator\uninstall.exe "
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2003 Hebrew User Interface Pack --> MsiExec.exe /I{901E040D-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSm22.inf, Uninstall
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600813}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Nortel Networks Contivity VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
OpSession Viewer --> MsiExec.exe /I{72487BE6-248B-4EAA-8009-BB39237CDC24}
Palm Desktop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\Setup.exe" Uninstall
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe "
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1033
QuikUninstall --> MsiExec.exe /I{0905363C-5253-4E0A-91D3-AE35886ADF1A}
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Hidden Data Tool --> MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9}
SAP CheckIn Wizard 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9EEBCE0-5208-11D2-ABBA-0000E81BE828}\setup.exe" -uninst
SAP Front End --> "C:\WINDOWS\SAPwksta\setup\sapsetup.exe" /uninstall
SAP Israel Phone Book --> MsiExec.exe /I{BF3E2187-04BD-4AB4-B75A-D93162B80578}
SAP Tutor --> MsiExec.exe /I{B49932CB-D69A-49E6-BEFD-CC4C6936BA58}
SECUDE SECUDE for R3 2.2 --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\SECUDE\SECUDE for R3\DeIsL1.isu "
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe "
SmartFTP --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
StepMania CVS (remove only) --> "C:\Program Files\StepMania CVS\uninst.exe "
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec pcAnywhere --> MsiExec.exe /I{D05E8183-866A-11D3-97DF-0000F8D8F2E9}
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synacast Plug-in 1.0.9.5 --> C:\Program Files\Common Files\Synacast\SynaLive\uninst.exe
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
WebEx --> C:\WINDOWS\Downlo~1\atcliun.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe "
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Messenger 5.1 --> MsiExec.exe /I{8419C98D-6818-443B-9362-156519FE4C6B}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinXP Manager --> MsiExec.exe /I{F5B3124A-19D0-4CAB-8D72-F427880C688E}
WOW --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\wow250\Uninst.isu "
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
איתמר וסודות הקוסמים --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B668354-B63F-4506-9CE1-B58F71FE775B}\setup.exe"
יש לי סוד - אני לומד חשבון --> C:\CETLB\SodMath\Uninst\Uncet.exe
יש לי סוד אני קורא - מתחילים --> C:\CETLB\SOD_A\Uninst\Uncet.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type7810 / Error
Event Submitted/Written: 11/13/2007 05:47:54 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type7803 / Error
Event Submitted/Written: 11/12/2007 09:47:54 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type7796 / Error
Event Submitted/Written: 11/12/2007 01:47:54 PM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Event Record #/Type7786 / Warning
Event Submitted/Written: 11/12/2007 05:48:22 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{7E89FF0B-F649-4F9A-A9C3-F05DFAAA3DA1}. CoGetObject returned HRESULT 80070005.

Event Record #/Type7784 / Error
Event Submitted/Written: 11/12/2007 05:47:58 AM / 11/12/2007 05:48:00 AM
Event ID/Source: 15 / AutoEnrollment
Event Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type22215 / Warning
Event Submitted/Written: 11/13/2007 08:46:07 AM
Event ID/Source: 11164 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


Adapter Name : {109D4BE1-A2ED-4E09-B7B5-F5EB608BD5C4}

Host Name : P026024h

Primary Domain Suffix : tlv.sap.corp

DNS server list :

10.0.0.138

Sent update to server : <?>

IP Address(es) :

10.0.0.1


The reason the system could not register these RRs was because either
(a) the DNS server does not support the DNS dynamic update protocol, or
(b) the authoritative zone for the specified DNS domain name does not
accept dynamic updates.


To register the DNS host (A) resource records using the specific DNS
domain name and IP addresses for this adapter, contact your DNS server
or network systems administrator.

Event Record #/Type22209 / Warning
Event Submitted/Written: 11/13/2007 07:54:58 AM
Event ID/Source: 11164 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


Adapter Name : {109D4BE1-A2ED-4E09-B7B5-F5EB608BD5C4}

Host Name : P026024h

Primary Domain Suffix : tlv.sap.corp

DNS server list :

10.0.0.138

Sent update to server : <?>

IP Address(es) :

10.0.0.1


The reason the system could not register these RRs was because either
(a) the DNS server does not support the DNS dynamic update protocol, or
(b) the authoritative zone for the specified DNS domain name does not
accept dynamic updates.


To register the DNS host (A) resource records using the specific DNS
domain name and IP addresses for this adapter, contact your DNS server
or network systems administrator.

Event Record #/Type22205 / Error
Event Submitted/Written: 11/13/2007 07:37:32 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 10.0.0.1 for the Network Card with network address 000E2E9A56CA has been
denied by the DHCP server 10.0.0.138 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type22200 / Warning
Event Submitted/Written: 11/13/2007 07:34:51 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type22199 / Error
Event Submitted/Written: 11/13/2007 06:16:51 AM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain SAP_ALL due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.



-- End of Deckard's System Scanner: finished at 2007-11-13 08:55:34 ------------

 

Hi prophete

Download ComboFix by sUBs from here, saving the file to your desktop. If you already have ComboFix, delete it and get a fresh copy.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

bigger problem !!!

Hi,

I runned the combofix and now the computer do not restart properly.

I run it , and it was stuck so i retstart the computer.
Now, it provide a message box: "the requested operation wsa unsuccessful" (title: lsass.exe- operation failed). and then it reboot again.

What i can do ?

thaks
llan

 

First, start your computer and begin tapping F8 after the initial BIOS post screen. This should bring up the Advanced startup menu. Select Last Known Good Configuration and let me know if bootup is successful.

Do you have an XP cd with which to access the recovery console, or some other bootable cd such as BartPE or ERD Commander?

 

better?

The last good confuguration allowed me to login.
(not immediately.
it allow me to put user and password and then it is like it is stuck.
I then kil the svchost.exe through the task manager, run "explorer.exe" and then it works)



What i should do now ?
should in run again the combo fix? something else first ?
(i dont have any xp cd)
llan

 

First, see if you can run system restore and go back to a point before you ran ComboFix.

 

how do i run system restore?

llan

 

Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time' and click Next
Choose a bolded date from the calender and click Next