Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJT Log, needs help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HJT Log, needs help

Unread postby teeman2 » October 7th, 2007, 7:58 pm

Hello,

My computer wont run in safe mode. Its starts in safe mode but after ten seconds it will bring the warning of running in safe mode. Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:52 PM, on 10/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Student\Desktop\HiJackThis.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ydbpyysg.dll",sitypnow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920757109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2915373484
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8166 bytes
teeman2
Active Member
 
Posts: 8
Joined: October 7th, 2007, 6:35 pm
Advertisement
Register to Remove

Unread postby Shaba » October 10th, 2007, 10:41 am

Hi teeman2

Rename HijackThis.exe to teeman.exe and post back a fresh HijackThis log taken in normal mode, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby teeman2 » October 10th, 2007, 6:53 pm

Here is my new HJThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:17 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Student\My Documents\HJTHIS\teeman.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6BC0AC60-C81B-43F1-B250-B3A6CBF3829F} - C:\Program Files\Common Files\hokeC:\WINDOWS\system32\Y1\gb83122.exe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920757109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2915373484
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: qomkjgg - C:\WINDOWS\SYSTEM32\qomkjgg.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12222 bytes
teeman2
Active Member
 
Posts: 8
Joined: October 7th, 2007, 6:35 pm

Unread postby Shaba » October 11th, 2007, 2:10 am

Hi

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby teeman2 » October 12th, 2007, 8:12 am

I ran the vundofix and after it ran, it said, it could not find any infested files. I clicked okay, then click remove and it said the same thing, could not find any infested files. I restarted laptop and ran HJThis again.

Here is the new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:55 AM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Documents and Settings\Student\My Documents\HJTHIS\teeman.exe.exe
C:\Documents and Settings\Student\My Documents\HJTHIS\teeman.exe.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6BC0AC60-C81B-43F1-B250-B3A6CBF3829F} - C:\Program Files\Common Files\hokeC:\WINDOWS\system32\Y1\gb83122.exe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920757109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2915373484
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: qomkjgg - C:\WINDOWS\SYSTEM32\qomkjgg.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12225 bytes
teeman2
Active Member
 
Posts: 8
Joined: October 7th, 2007, 6:35 pm

Unread postby Shaba » October 12th, 2007, 11:49 am

Hi

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby teeman2 » October 13th, 2007, 1:25 am

combofix log:

ComboFix 07-10-08.3 - Student 2007-10-12 21:29:08.2 - NTFSx86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\Student\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.

2007-10-11 15:52 <DIR> d-------- C:\VundoFix Backups
2007-10-09 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-09 08:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-09 00:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-09 00:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-08 18:20 <DIR> d-------- C:\Documents and Settings\Student\.SunDownloadManager
2007-10-08 14:35 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 12:41 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2007-10-08 12:41 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-10-08 11:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-07 22:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-07 19:52 <DIR> d-------- C:\Documents and Settings\Student\Application Data\MailFrontier
2007-10-07 19:24 1,988,640 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-07 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-07 18:50 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-07 18:50 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-07 18:50 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-10-07 18:49 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-10-07 18:49 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-07 18:48 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-10-06 13:58 116,224 --a------ C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-06 13:58 23,040 --a------ C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-06 13:57 27,648 --a------ C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-10-06 13:57 17,408 --a------ C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-06 13:57 4,608 --a------ C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-10-06 13:13 99,865 --a------ C:\WINDOWS\system32\dllcache\xlog.exe
2007-10-06 13:06 154,624 --a------ C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-10-06 13:06 34,890 --a------ C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-10-06 13:06 19,455 --a------ C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-10-06 13:06 19,328 --a------ C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-10-06 13:06 16,970 --a------ C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-10-06 13:06 12,063 --a------ C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-10-06 13:06 8,832 --a------ C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-10-06 13:06 8,192 --a------ C:\WINDOWS\system32\dllcache\wshirda.dll
2007-10-06 13:05 771,581 --a------ C:\WINDOWS\system32\dllcache\winacisa.sys
2007-10-06 13:05 53,760 --a------ C:\WINDOWS\system32\dllcache\wiamsmud.dll
2007-10-06 12:58 701,386 --a------ C:\WINDOWS\system32\dllcache\wdhaalba.sys
2007-10-06 12:58 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2007-10-06 12:58 41,600 --a------ C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-10-06 12:58 35,871 --a------ C:\WINDOWS\system32\dllcache\wbfirdma.sys
2007-10-06 12:58 33,599 --a------ C:\WINDOWS\system32\dllcache\watv04nt.sys
2007-10-06 12:58 31,232 --a------ C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-10-06 12:58 29,311 --a------ C:\WINDOWS\system32\dllcache\watv01nt.sys
2007-10-06 12:58 25,471 --a------ C:\WINDOWS\system32\dllcache\watv10nt.sys
2007-10-06 12:58 23,615 --a------ C:\WINDOWS\system32\dllcache\wch7xxnt.sys
2007-10-06 12:58 22,271 --a------ C:\WINDOWS\system32\dllcache\watv06nt.sys
2007-10-06 12:58 19,551 --a------ C:\WINDOWS\system32\dllcache\watv02nt.sys
2007-10-06 12:58 13,568 --a------ C:\WINDOWS\system32\dllcache\wacompen.sys
2007-10-06 12:58 12,415 --a------ C:\WINDOWS\system32\dllcache\wadv01nt.sys
2007-10-06 12:58 12,127 --a------ C:\WINDOWS\system32\dllcache\wadv02nt.sys
2007-10-06 12:58 11,935 --a------ C:\WINDOWS\system32\dllcache\wadv11nt.sys
2007-10-06 12:58 11,871 --a------ C:\WINDOWS\system32\dllcache\wadv09nt.sys
2007-10-06 12:58 11,807 --a------ C:\WINDOWS\system32\dllcache\wadv07nt.sys
2007-10-06 12:58 11,775 --a------ C:\WINDOWS\system32\dllcache\wadv05nt.sys
2007-10-06 12:58 11,295 --a------ C:\WINDOWS\system32\dllcache\wadv08nt.sys
2007-10-06 12:57 604,253 --a------ C:\WINDOWS\system32\dllcache\vmodem.sys
2007-10-06 12:57 426,041 --a------ C:\WINDOWS\system32\dllcache\voicepad.dll
2007-10-06 12:57 397,502 --a------ C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-10-06 12:57 249,402 --a------ C:\WINDOWS\system32\dllcache\vinwm.sys
2007-10-06 12:57 86,073 --a------ C:\WINDOWS\system32\dllcache\voicesub.dll
2007-10-06 12:57 64,605 --a------ C:\WINDOWS\system32\dllcache\vvoice.sys
2007-10-06 12:57 48,256 --a------ C:\WINDOWS\system32\dllcache\w32.dll
2007-10-06 12:57 19,528 --a------ C:\WINDOWS\system32\dllcache\w840nd.sys
2007-10-06 12:57 19,016 --a------ C:\WINDOWS\system32\dllcache\w926nd.sys
2007-10-06 12:57 16,925 --a------ C:\WINDOWS\system32\dllcache\w940nd.sys
2007-10-06 12:50 53,760 --a------ C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-10-06 12:50 24,576 --a------ C:\WINDOWS\system32\dllcache\viairda.sys
2007-10-06 12:50 11,325 --a------ C:\WINDOWS\system32\dllcache\vchnt5.dll
2007-10-06 12:49 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2007-10-06 12:49 794,399 --a------ C:\WINDOWS\system32\dllcache\usr1806v.sys
2007-10-06 12:49 793,598 --a------ C:\WINDOWS\system32\dllcache\usr1806.sys
2007-10-06 12:49 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2007-10-06 12:49 687,999 --a------ C:\WINDOWS\system32\dllcache\usrwdxjs.sys
2007-10-06 12:49 224,802 --a------ C:\WINDOWS\system32\dllcache\usr1807a.sys
2007-10-06 12:49 113,762 --a------ C:\WINDOWS\system32\dllcache\usrpda.sys
2007-10-06 12:49 94,720 --a------ C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-10-06 12:49 78,464 --a------ C:\WINDOWS\system32\dllcache\usbvideo.sys
2007-10-06 12:49 76,288 --a------ C:\WINDOWS\system32\dllcache\uniime.dll
2007-10-06 12:49 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-10-06 12:49 32,384 --a------ C:\WINDOWS\system32\dllcache\usb101et.sys
2007-10-06 12:49 17,024 --a------ C:\WINDOWS\system32\dllcache\usbohci.sys
2007-10-06 12:49 7,556 --a------ C:\WINDOWS\system32\dllcache\usroslba.sys
2007-10-06 12:48 216,064 --a------ C:\WINDOWS\system32\dllcache\um34scan.dll
2007-10-06 12:48 211,968 --a------ C:\WINDOWS\system32\dllcache\um54scan.dll
2007-10-06 12:48 69,632 --a------ C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-10-06 12:48 50,688 --a------ C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-10-06 12:48 50,176 --a------ C:\WINDOWS\system32\dllcache\umaxp60.dll
2007-10-06 12:48 47,616 --a------ C:\WINDOWS\system32\dllcache\umaxcam.dll
2007-10-06 12:48 28,160 --a------ C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-10-06 12:48 26,624 --a------ C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-10-06 12:48 22,912 --a------ C:\WINDOWS\system32\dllcache\umaxpcls.sys
2007-10-06 12:43 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2007-10-06 12:43 166,784 --a------ C:\WINDOWS\system32\dllcache\tridxpm.sys
2007-10-06 12:43 44,672 --a------ C:\WINDOWS\system32\dllcache\uagp35.sys
2007-10-06 12:43 14,336 --a------ C:\WINDOWS\system32\dllcache\tsprof.exe
2007-10-06 12:43 11,520 --a------ C:\WINDOWS\system32\dllcache\twotrack.sys
2007-10-06 12:42 440,576 --a------ C:\WINDOWS\system32\dllcache\tridkb.dll
2007-10-06 12:42 315,520 --a------ C:\WINDOWS\system32\dllcache\trid3d.dll
2007-10-06 12:42 222,336 --a------ C:\WINDOWS\system32\dllcache\trid3dm.sys
2007-10-06 12:42 159,232 --a------ C:\WINDOWS\system32\dllcache\tridkbm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-12 20:42 24260 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-08 22:43 --------- d-------- C:\Program Files\TestGen
2007-10-08 18:46 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-07 00:00 5427 --a------ C:\WINDOWS\system32\EGATHDRV.SYS
2007-10-02 23:01 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-02 23:01 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-28 23:32 --------- d-------- C:\Documents and Settings\Student\Application Data\Azureus
2007-09-28 20:20 --------- d-------- C:\Program Files\Azureus
2007-09-28 19:06 --------- d-------- C:\Program Files\Microsoft ActiveSync
2007-09-16 22:10 --------- d-------- C:\Program Files\Gran Paradiso
2007-09-13 22:09 --------- d-------- C:\Program Files\Lenovo
2007-09-11 22:14 --------- d-------- C:\Program Files\DivX
2007-09-11 21:50 --------- d-------- C:\Program Files\Veoh Networks
2007-09-06 06:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 06:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 06:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 06:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 06:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 06:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-09-06 06:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-09-03 19:02 --------- d-------- C:\Program Files\CABviaActiveSync
2007-08-28 21:03 --------- d--h----- C:\Program Files\Zero G Registry
2007-08-28 20:56 --------- d-------- C:\Program Files\Peterson's
2007-08-28 17:31 --------- d-------- C:\Documents and Settings\Student\Application Data\Help
2007-08-23 22:10 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-08-23 22:09 --------- d-------- C:\Program Files\Common Files\Ahead
2007-08-23 22:06 --------- d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-08-21 15:44 --------- dr-h----- C:\Documents and Settings\Student\Application Data\yahoo!
2007-08-21 15:44 --------- d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-21 02:15 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-08-21 02:15 683520 --a------ C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 20:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-08-20 20:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-08-15 18:33 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-08-15 18:33 43528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-08-15 18:33 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-15 18:33 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-08-15 18:33 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-08-15 18:33 129784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-08-15 18:33 120056 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-08-15 18:33 118520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-08-15 18:33 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-08-15 18:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-08-15 18:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-08-15 18:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-08-15 18:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-08-15 18:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-08-15 18:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-08-15 18:30 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-08-15 18:30 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-08-15 18:30 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-08-15 18:30 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-08-15 18:30 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-08-06 17:29 73216 --------- C:\WINDOWS\ST6UNST.EXE
2007-08-06 17:29 286720 --------- C:\WINDOWS\Setup1.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll
2007-07-19 02:59 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll
.

((((((((((((((((((((((((((((( snapshot@2007-10-08_17.47.45.12 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
-c----w 581,120 2004-08-04 13:00:00 C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
-c----w 248,320 2007-03-09 11:28:00 C:\WINDOWS\$NtUninstallKB933729$\xpsp3res.dll
-c----w 213,216 2005-10-12 23:12:26 C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
-c----w 371,424 2005-10-12 23:12:33 C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
-c----w 683,520 2007-05-16 15:12:02 C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
-c----w 213,216 2007-03-06 01:22:41 C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
-c----w 371,424 2007-03-06 01:23:51 C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
----a-r 167,936 2007-10-11 07:50:38 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
----a-r 34,304 2007-10-11 07:50:28 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
----a-r 8,192 2007-10-11 07:50:44 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
----a-r 3,584 2007-10-11 07:50:47 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
----a-r 114,688 2007-10-11 07:50:51 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
----a-r 16,384 2007-10-11 07:50:31 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
----a-r 30,720 2007-10-11 07:50:34 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
----a-r 22,528 2007-10-11 07:50:54 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
----a-r 45,056 2007-10-11 07:50:25 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
----a-r 90,112 2007-10-11 07:50:21 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
----a-r 167,936 2007-10-11 07:38:45 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
----a-r 81,920 2007-10-11 07:38:51 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
----a-r 34,304 2007-10-11 07:38:35 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
----a-r 8,192 2007-10-11 07:38:55 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
----a-r 3,584 2007-10-11 07:38:58 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
----a-r 114,688 2007-10-11 07:39:01 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
----a-r 16,384 2007-10-11 07:38:38 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
----a-r 30,720 2007-10-11 07:38:41 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
----a-r 22,528 2007-10-11 07:39:05 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
----a-r 45,056 2007-10-11 07:38:31 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
----a-r 90,112 2007-10-11 07:38:28 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\spuninst.exe
----a-w 584,192 2007-07-09 13:09:42 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\rpcrt4.dll
----a-w 115,712 2007-06-13 06:53:14 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2GDR\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\SP2QFE\xpsp3res.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:28 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\update.exe
----a-w 371,424 2005-10-12 23:12:33 C:\WINDOWS\SoftwareDistribution\Download\28d74bdac17e30d3a4336176766f2e4a\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\spuninst.exe
----a-w 124,928 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\advpack.dll
----a-w 214,528 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\dxtrans.dll
----a-w 132,608 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\extmgr.dll
----a-w 63,488 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\icardie.dll
----a-w 63,488 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ie4uinit.exe
----a-w 153,088 2007-08-20 10:04:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakeng.dll
----a-w 230,400 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieaksie.dll
----a-w 161,792 2007-08-17 07:34:25 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieakui.dll
----a-w 383,488 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieapfltr.dll
----a-w 384,512 2007-08-20 10:04:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iedkcs32.dll
----a-w 6,058,496 2007-08-20 10:04:37 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieframe.dll
----a-w 44,544 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iernonce.dll
----a-w 267,776 2007-08-20 10:04:38 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iertutil.dll
----a-w 13,824 2007-08-17 10:20:54 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\ieudinit.exe
----a-w 625,152 2007-08-17 10:21:21 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\iexplore.exe
----a-w 27,648 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\jsproxy.dll
----a-w 459,264 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeeds.dll
----a-w 52,224 2007-08-20 10:04:39 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msfeedsbs.dll
----a-w 3,584,512 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtml.dll
----a-w 477,696 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mshtmled.dll
----a-w 193,024 2007-08-20 10:04:41 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\msrating.dll
----a-w 671,232 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\mstime.dll
----a-w 102,400 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\occache.dll
----a-w 105,984 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\url.dll
----a-w 1,152,000 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\urlmon.dll
----a-w 232,960 2007-08-20 10:04:42 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\webcheck.dll
----a-w 824,832 2007-08-20 10:04:43 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2gdr\wininet.dll
----a-w 124,928 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\advpack.dll
----a-w 214,528 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\dxtrans.dll
----a-w 132,608 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\extmgr.dll
----a-w 63,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\icardie.dll
----a-w 70,656 2007-08-17 10:12:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ie4uinit.exe
----a-w 153,088 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakeng.dll
----a-w 230,400 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieaksie.dll
----a-w 161,792 2007-08-17 07:29:55 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieakui.dll
----a-w 2,455,488 2007-04-17 09:28:12 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dat
----a-w 383,488 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieapfltr.dll
----a-w 387,584 2007-08-20 10:02:09 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iedkcs32.dll
----a-w 6,066,176 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieframe.dll
----a-w 44,544 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iernonce.dll
----a-w 267,776 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iertutil.dll
----a-w 13,824 2007-08-17 10:12:35 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\ieudinit.exe
----a-w 625,152 2007-08-17 10:12:49 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\iexplore.exe
----a-w 27,648 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\jsproxy.dll
----a-w 459,264 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeeds.dll
----a-w 52,224 2007-08-20 10:02:10 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msfeedsbs.dll
----a-w 3,592,192 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtml.dll
----a-w 478,208 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mshtmled.dll
----a-w 193,024 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\msrating.dll
----a-w 671,232 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\mstime.dll
----a-w 102,400 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\occache.dll
----a-w 105,984 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\url.dll
----a-w 1,161,728 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\urlmon.dll
----a-w 232,960 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\webcheck.dll
----a-w 825,344 2007-08-20 10:02:11 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\sp2qfe\wininet.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\6915af3cf644e553ca6da8ed6ca50d4f\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\spuninst.exe
----a-w 683,520 2007-08-21 06:15:44 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2gdr\inetcomm.dll
----a-w 683,520 2007-08-21 06:25:02 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\sp2qfe\inetcomm.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\8c426bb59cb8f380ba397304c1c563d0\update\updspapi.dll
----a-w 18,089,592 2007-09-28 05:19:39 C:\WINDOWS\system32\MRT.exe
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\rpcrt4.dll
----a-w 350,720 2007-06-19 07:24:36 C:\WINDOWS\system32\xpsp3res.dll
----a-w 582,656 2007-07-09 13:16:16 C:\WINDOWS\system32\dllcache\rpcrt4.dll
----a-w 212,021 2007-10-13 00:44:53 C:\WINDOWS\system32\inetsrv\MetaBase.bin
----a-w 213,048 2005-05-24 16:27:16 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
----a-w 94,208 2007-08-29 19:47:20 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
----a-w 950,272 2007-08-29 19:49:54 C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
----a-w 6,133,086 2007-10-12 13:01:07 C:\WINDOWS\system32\ZoneLabs\spyware.dat
----a-w 40,448 2007-10-13 02:04:48 C:\WINDOWS\system32\ZoneLabs\zlqrtdb.dat
----a-w 26,968 2007-10-13 02:04:04 C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
----atw 16,384 2007-10-09 02:25:00 C:\WINDOWS\Temp\Perflib_Perfdata_270.dat
----atw 16,384 2007-10-13 00:43:48 C:\WINDOWS\Temp\Perflib_Perfdata_42c.dat
.
----a-r 167,936 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
----a-r 34,304 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\misc.exe
----a-r 8,192 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
----a-r 3,584 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
----a-r 114,688 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
----a-r 16,384 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
----a-r 30,720 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
----a-r 22,528 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
----a-r 45,056 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
----a-r 90,112 2007-08-15 03:15:05 C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
----a-r 167,936 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
----a-r 81,920 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
----a-r 34,304 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
----a-r 8,192 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
----a-r 3,584 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
----a-r 114,688 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
----a-r 16,384 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
----a-r 30,720 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
----a-r 22,528 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
----a-r 45,056 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
----a-r 90,112 2007-08-15 03:14:56 C:\WINDOWS\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
----a-w 17,474,680 2007-09-06 02:50:42 C:\WINDOWS\system32\MRT.exe
------w 581,120 2004-08-04 13:00:00 C:\WINDOWS\system32\rpcrt4.dll
----a-w 248,320 2007-03-09 11:28:00 C:\WINDOWS\system32\xpsp3res.dll
----a-w 581,120 2004-08-04 13:00:00 C:\WINDOWS\system32\dllcache\rpcrt4.dll
----a-w 212,022 2007-10-08 19:44:06 C:\WINDOWS\system32\inetsrv\MetaBase.bin
----a-w 5,881,300 2007-10-08 16:01:11 C:\WINDOWS\system32\ZoneLabs\spyware.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BC0AC60-C81B-43F1-B250-B3A6CBF3829F}]
C:\Program Files\Common Files\hokeC:\WINDOWS\system32\Y1\gb83122.exe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"configmsi"=cmd /c "rmdir /q C:\config.msi"
"supportdir"=cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Registration"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-03-23 06:03 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkjgg]
qomkjgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-06 03:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-12-01 00:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Student^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\Student\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]
"C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Software Removal]
C:\Removal.bat -5 18 2009

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe "C:\WINDOWS\system32\rgpordkb.dll",sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
tp4ex.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED]
C:\WINDOWS\system32\TpScrLk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.4\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAble]
C:\Program Files\WinAble\winable.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
"C:\WINDOWS\winshow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0F-F4-48-8D-ZN}]
C:\DOCUME~1\Student\LOCALS~1\Temp\thinksnet.exe CHD003

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)

R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
AutoRun\command - M:\GREsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{854b81e4-ba4f-11db-9896-0019d20603a9}]
AutoRun\command - E:\setupSNK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC28C03E-59E3-3AE7-51CC-90EBFBB2C521}]
C:\WINDOWS\system32:mirc.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 23:11:12 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7600#MY3AI3225PK3.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
"2007-10-13 01:31:54 C:\WINDOWS\Tasks\HP Usg Daily.job"
"2007-10-13 01:29:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
"2007-09-28 13:40:43 C:\WINDOWS\Tasks\PMTask.job"
"2007-10-11 17:06:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-06-23 17:06:08 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 22:17:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-13 1:14:42
C:\ComboFix-quarantined-files.txt ... 2007-10-13 01:14
C:\ComboFix2.txt ... 2007-10-08 17:50
.
--- E O F ---

Here is a new HJThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:24:32 AM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\Student\My Documents\HJTHIS\teeman.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {6BC0AC60-C81B-43F1-B250-B3A6CBF3829F} - C:\Program Files\Common Files\hokeC:\WINDOWS\system32\Y1\gb83122.exe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920757109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2915373484
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: qomkjgg - qomkjgg.dll (file missing)
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11763 bytes
teeman2
Active Member
 
Posts: 8
Joined: October 7th, 2007, 6:35 pm

Unread postby Shaba » October 13th, 2007, 4:37 am

Hi

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Student^Start Menu^Programs^Startup^TA_Start.lnk]

It should look like this -> Image

Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {6BC0AC60-C81B-43F1-B250-B3A6CBF3829F} - C:\Program Files\Common Files\hokeC:\WINDOWS\system32\Y1\gb83122.exe.dll (file missing)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - Winlogon Notify: qomkjgg - qomkjgg.dll (file missing)


Close all windows including browser and press fix checked.

Reboot.

Post a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby teeman2 » October 13th, 2007, 4:31 pm

Here is my new HJThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:48 PM, on 10/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Documents and Settings\Student\My Documents\HJTHIS\teeman.exe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920757109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2915373484
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11315 bytes
teeman2
Active Member
 
Posts: 8
Joined: October 7th, 2007, 6:35 pm

Unread postby Shaba » October 14th, 2007, 4:39 am

Hi

Re-scan with kaspersky

Post:

- a fresh HijackThis log
- kasperky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby teeman2 » October 14th, 2007, 7:09 pm

New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:07 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\ZoneLabs\UpdClient.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Student\My Documents\HJTHIS\teeman.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920757109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2915373484
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11258 bytes


Kaspersky scan log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 4:34:21 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/10/2007
Kaspersky Anti-Virus database records: 435750
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 111250
Number of viruses found: 1
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 06:18:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-03282007-181553.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-30-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Student\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Student\Application Data\MailFrontier\ASD.log Object is locked skipped
C:\Documents and Settings\Student\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Student\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Student\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Student\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Student\Local Settings\Temp\~DF64B2.tmp Object is locked skipped
C:\Documents and Settings\Student\Local Settings\Temp\~DF7427.tmp Object is locked skipped
C:\Documents and Settings\Student\Local Settings\Temp\~DFD9E4.tmp Object is locked skipped
C:\Documents and Settings\Student\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Student\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Student\ntuser.dat Object is locked skipped
C:\Documents and Settings\Student\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\qoobox\Quarantine\C\Program Files\TTC.dll.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\anbjilri.dll.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drbormvn.dll.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\lkcaymuw.dll.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nhlbfaa.dll.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\rgpordkb.dll.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wlunntao.dll.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Y1\gb83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\Y1\gb83122.exe.vir NSIS: infected - 1 skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP1\A0003026.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP14\A0037009.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP15\A0037031.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP15\change.log Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP2\A0007041.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP2\A0010045.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP3\A0014059.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP4\A0022141.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP4\A0025331.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0027331.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0027396.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0028413.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0029413.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030594.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030595.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030596.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030597.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030601.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030602.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030604.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030605.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030606.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030607.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030608.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030609.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030610.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030611.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030612.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030613.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030614.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030615.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030616.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP5\A0030617.exe Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0032692.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0032693.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0032694.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0032696.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0032698.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0032701.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0032702.dll Object is locked skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0032713.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP6\A0032713.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP7\A0033266.exe Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\STUDENT-1D9E1A2.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\vMW10a\vMW10a1099.exe Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_290.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_464.dat Object is locked skipped
C:\WINDOWS\Temp\TMP000000434391AE4B887CD72A Object is locked skipped
C:\WINDOWS\Temp\ZLT02eeb.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT058ed.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
teeman2
Active Member
 
Posts: 8
Joined: October 7th, 2007, 6:35 pm

Unread postby Shaba » October 15th, 2007, 2:24 am

Hi

Empty this folder:

C:\qoobox\Quarantine\

Delete this:

C:\WINDOWS\system32\vMW10a\

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby teeman2 » October 15th, 2007, 6:50 pm

Yes I am still having problems, now the computer is just horribly slow. If I click on an icon to open a program it takes forever to open. What is happening here?
teeman2
Active Member
 
Posts: 8
Joined: October 7th, 2007, 6:35 pm

Unread postby teeman2 » October 15th, 2007, 6:59 pm

Here is a new HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:11 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\Student\My Documents\HJTHIS\teeman.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2920757109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2915373484
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\adm\IUService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11321 bytes
teeman2
Active Member
 
Posts: 8
Joined: October 7th, 2007, 6:35 pm

Unread postby Shaba » October 16th, 2007, 12:30 am

Hi

Well I don't think that slowness is due to malware.

For general tips how to get rid of slowness, see here
and post back if it helped :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 17 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware