Solved Win32/Amalum Infection

[Resolved] Win32/Amalum Infection

I am having exactly the same problem as this user.

CA Anti-virus updated the AV definitions (sig 6604) and then identified Win32/Amalum in net.exe, netsh.exe, and VERCLSID.exe. I was also prompted to insert my Windows XP SP3, but Windows refused to read the disk. I do have auto-play enabled, but I don't have an 'SP3' disk... I have a disk with SP2 so maybe that is the problem.

I checked the forum on the CA website and this does appear to be a false positive; one user even reported having files downloaded directly from Microsoft's Technet get identified as being infected.

However, just in case I'll include the logs from DDS.

DDS.txt:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Keith at 19:42:16.39 on Wed 07/08/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1004 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\nfsclnt.exe
C:\PROGRA~1\Symantec\ANTIVI~1\DefWatch.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\PSXRUN.EXE
C:\WINDOWS\system32\psxss.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\SFU\usr\sbin\zzInterix
C:\SFU\usr\sbin\init
c:\program files\lenovo\system update\suservice.exe
C:\SFU\usr\sbin\inetd
C:\SFU\usr\sbin\cron
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.vassar.edu
uInternet Connection Wizard,ShellNext = hxxp://www.nero.com/en/sp_file_main.php
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: {C090DCD2-0339-4C3F-8441-302449B3ED74} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe "
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TpShocks] TpShocks.exe
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TP4EX] tp4ex.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CAVRID] "c:\program files\ca\etrust internet security suite\etrust ez antivirus\CAVRID.exe "
mRun: [MaxtorOneTouch] c:\program files\maxtor\onetouch\utils\Onetouch.exe
mRun: [MXOBG] c:\windows\MXOALDR.EXE
mRun: [RetroExpress] c:\progra~1\retros~1\retros~1.1\RetroExpress.exe /h
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe "
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe "
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [<NO NAME>]
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe "
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
StartupFolder: c:\docume~1\keith\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\ibm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ibm\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {C090DCD2-0339-4C3F-8441-302449B3ED74} - {C090DCD2-0339-4C3F-8441-302449B3ED74}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\windows\system32\VetRedir.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} - hxxps://www.webiqonline.com/WebIQ/bin/WebIQ.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245033626671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1245033614390
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://real.gamehouse.com/games/luxor/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFECAFE-0013-0001-0013-ABCDEFABCDEF}
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E7F2A7C5-E0FA-48F7-9893-DF78DDF131F2} - hxxp://www.jeppesen.com/wlcs/services/chart/plugins/win/mc3-1202.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\applications\eudora\EuShlExt.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli ACGina psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\keith\applic~1\mozilla\firefox\profiles\igizcvda.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.suderman.com/
FF - plugin: c:\applications\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\keith\application data\mozilla\firefox\profiles\igizcvda.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13113.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxps://webhosting.optonline.net
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-5-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2008-5-12 14848]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-5-12 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-5-12 4224]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2005-5-26 16384]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-3-13 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-3-13 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-3-13 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-3-13 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-3-13 161008]
R2 CAISafe;CAISafe;c:\program files\ca\etrust internet security suite\etrust ez antivirus\isafe.exe [2008-3-13 144696]
R2 Client for NFS;Client for NFS;c:\windows\system32\nfsclnt.exe [2003-11-8 53408]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec\antivirus\Navapel.sys [2003-5-2 30208]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2008-6-24 12560]
R2 VETMSGNT;VET Message Service;c:\program files\ca\etrust internet security suite\etrust ez antivirus\vetmsg.exe [2008-3-13 255216]
R2 zzInterix;Interix Subsystem Startup;c:\windows\system32\PSXRUN.EXE [2003-11-8 66480]
R3 NfsRdr;NfsRdr;c:\windows\system32\drivers\nfsrdr.sys [2003-11-8 305664]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-3-13 185584]
R3 PsxDrv;PsxDrv;c:\windows\system32\drivers\PSXDRV.SYS [2003-11-8 6128]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2008-5-12 6528]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-3-13 108368]
S3 MCHPUSB;MCHPUSB;c:\windows\system32\drivers\mchpusb.sys [2006-12-25 61440]
S3 NAVAP;NAVAP;c:\progra~1\symantec\antivi~1\NAVAP.sys [2003-5-2 224256]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20050914.008\NAVENG.sys [2005-9-15 77816]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20050914.008\NAVEX15.sys [2005-9-15 665816]
S3 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symantec\antivi~1\Rtvscan.exe [2003-5-21 610304]
S3 Portmap;Portmap;c:\windows\system32\drivers\portmap.sys [2003-11-8 35072]
S3 ptiusbf;PTI USB Filter;c:\windows\system32\drivers\ptiusbf.sys [2001-4-14 22474]
S3 RpcXdr;RpcXdr;c:\windows\system32\drivers\rpcxdr.sys [2003-11-8 55872]
S4 Cdaolertm;Cdaolertm; [x]
S4 CronService;Windows Cron Service;c:\sfu\common\cron.exe [2003-11-8 47536]
S4 Mapsvc;User Name Mapping;c:\sfu\mapper\mapsvc.exe [2003-11-8 111728]

=============== Created Last 30 ================

2009-06-29 17:05 <DIR> --d----- c:\temp\xml
2009-06-26 14:00 <DIR> --d----- c:\program files\Litsoft
2009-06-24 15:44 86 a------- c:\documents and settings\keith\cmd-rc.bat
2009-06-24 15:40 0 a------- c:\windows\system32\autoexec.bat
2009-06-24 09:53 <DIR> --d----- c:\program files\MSECache
2009-06-23 16:17 <DIR> --d----- c:\temp\SATANiC-1.4b1
2009-06-15 09:32 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-15 05:23 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-15 01:15 <DIR> --d----- C:\723886e039d9971972b242
2009-06-14 22:40 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-14 13:59 <DIR> --d----- c:\temp\graf-odd
2009-06-14 10:58 <DIR> --d----- c:\temp\Vesta
2009-06-11 22:17 <DIR> --d----- c:\program files\Sun
2009-06-10 19:51 <DIR> --d----- c:\program files\AutoHotkey
2009-06-10 13:29 <DIR> --d----- c:\temp\xoro-test
2009-06-10 13:04 <DIR> --d----- c:\temp\round-4-part-1
2009-06-09 23:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\32nd America's Cup
2009-06-09 11:51 <DIR> --d----- c:\temp\round-4

==================== Find3M ====================

2009-06-15 15:15 524,288 a------- c:\windows\opuc.dll
2009-06-11 22:16 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-01 12:17 30,144 a------- c:\windows\system32\drivers\psadd.sys
2009-05-21 13:04 161,008 a------- c:\windows\system32\drivers\vetmonnt.sys
2009-05-21 13:04 26,352 a------- c:\windows\system32\drivers\vet-filt.sys
2009-05-21 13:04 21,488 a------- c:\windows\system32\drivers\vetfddnt.sys
2009-05-21 13:04 21,104 a------- c:\windows\system32\drivers\vet-rec.sys
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2007-06-20 18:04 13,560 ---sh--- c:\windows\system32\KGyGaAvL.sys
2008-07-09 17:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070920080710\index.dat

============= FINISH: 19:43:02.67 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/20/2005 4:42:49 AM
System Uptime: 7/8/2009 6:23:52 PM (1 hours ago)

Motherboard: IBM | | 266892U
Processor: Intel(R) Pentium(R) M processor 2.00GHz | None | 1995/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 3.47 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

<oXygen/> XML Editor 6.0
<oXygen/> XML Editor 6.2
32nd America's Cup Patch1
5Spice Analysis 1.22
7-Zip 4.18 beta
Across Lite 2.0
ActivePerl 5.8.7 Build 813
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.5
Adobe® Photoshop® Album Starter Edition 3.2
AirPort
Altova Authentic 2007 Desktop Edition
Altova UModel® 2008 rel. 2 sp1 Enterprise Edition
Altova UModel® 2008 rel. 2 sp1 Integration Package
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AutoHotkey 1.0.48.03
AutoUpdate
Borland JBuilder 2005 Developer
BUFFALO INC. TeraStation Utility
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CA Pest Patrol Realtime Protection
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-Branding
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CmdHere Powertoy For Windows XP
CollabNet Subversion 1.5.0
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DivX
Eudora
Executable Command Reference 1.8
File Scavenger 3.0
FileMaker Pro 7
GATE-3.1
GlassFish V2 UR2
GlassFish v3 Prelude
Golden Eagle FlightPrep 2007
GoldenEagle
Google Earth
Google Updater
Graphviz
GTAIII
HI-TECH PICC-Lite V9.60PL1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HTML Slideshow Powertoy for Windows XP
IBM Integrated Bluetooth IV Software
IBM ThinkPad Battery MaxiMiser and Power Management Features
IBM ThinkPad UltraNav Driver
IBM ThinkPad UltraNav Wizard
IBM TrackPoint Accessibility Features
IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
IGN Download Manager 2.2.1
Intel(R) PROSet/Wireless Software
InterVideo WinDVD
InterVideo WinDVD Creator
IzPack 3.10.2
J2SE Development Kit 5.0 Update 5
Java DB 10.4.2.1
Java(TM) 6 Update 14
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Java(TM) SE Development Kit 6 Update 10
Java(TM) SE Development Kit 6 Update 14
Java(TM) SE Development Kit 6 Update 7
JAXFront 2.3
Jeppesen SIMCharts 4.0
KB408682
KIM Platform
KIMPlugin
Korean Fonts Support For Adobe Reader 8
LiveUpdate 1.80 (Symantec Corporation)
Logitech Gaming Software
Macromedia Dreamweaver MX 2004
Macromedia Extension Manager
Macromedia Shockwave Player
Maxtor OneTouch
MCHPFSUSB v1.2
mCore
mDriver
Memeo
Message Center Plus
MetaFrame Presentation Server Client
Microchip USB Framework Software
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Developer Network Library - Visual Studio 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Services for UNIX
MiKTeX 2.7
mMHouse
Mogul User Guide
Motorola Handset USB Driver
Mozilla Firefox (3.0.11)
mPfMgr
MPLAB C18 v3.02 Student Edition
MPLAB C18 v3.14 Student Edition
MPLAB Tools v7.50
MPLAB Tools v7.51
MPLAB Tools v8.00
mProSafe
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
MySpeed PC Lite Edition
MySQL Server 5.0
MySQL Tools for 5.0
Nero 6 Ultra Edition
NeroMIX
NeroVision Express 3
OpenOffice.org 2.0
Oracle JInitiator 1.3.1.13
Oxygen XML Editor 9.3
Pando Media Booster
PC-Doctor 5 for Windows
PC-Doctor for Windows
PDFCreator 0.8.0
Picasa 2
PICkit 2 V1.21 Setup
PICkit2 v2.10
PopCap Browser Plugin
ProSchematic
Protege 3.1.1
Protege 3.2 beta
Pure Networks Platform
Python 2.5 nltk-0.8
Python 2.5.1
QuickTime
RealPlayer
Retrospect Express HD 1.1
Rhapsody Player Engine
Rhapsody provided by Optimum Online
Sailwave
Sam Spade version 1.14
Security Task Manager 1.7h
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Skins
Skype 2.0
SmartFTP Client
SoundMAX
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Stylus Studio 2006 Release 2 XML Professional Edition
Subversion 1.4.5-r25188
SWI-Prolog (remove only)
Symantec AntiVirus Client
System Update
TeamSpeak 2 RC2
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Integrated 56K Modem
ThinkPad Power Management Driver
ThinkPad SATA Power Management Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Fingerprint Software 5.8
TortoiseSVN 1.5.0.13316 (32 bit)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Storage Adapter FX (MXO)
USBInfo
VGA USB Camera
Virtual Sailor
WebEx
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebIQ Client Software
Windows Desktop Search 3.01
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinEdt
WinMerge 2.12.2
WinRAR archiver
WinSCP 3.7.4
WinZip
WordNet 2.1
Xaira
XML Notepad 2007
XML Paper Specification Shared Components Pack 1.0
xSQS-Edit Public BETA - Build 0.9.8.7
XSV 2.10
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/8/2009 9:19:10 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
7/8/2009 6:26:00 PM, information: Windows File Protection [64021] - The system file c:\windows\system32\net.exe could not be copied into the DLL cache. The specific error code is 0x00000000 [The operation completed successfully. ]. This file is necessary to maintain system stability.
7/8/2009 6:25:55 PM, information: Windows File Protection [64003] - File replacement was attempted on the protected system file net.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is unknown.
7/8/2009 6:22:52 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\netsh.exe could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
7/4/2009 4:44:58 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/1/2009 10:47:31 AM, error: Service Control Manager [7022] - The Pure Networks Platform Service service hung on starting.
7/1/2009 10:45:13 AM, error: ati2mtag [43034] - Unknown EDID version

==== End Of File ===========================

 

This was a false positive that disappeared with the updated sig (6606) file. I removed the files from quarantine and CA no longer flags them as infected.