Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

hijack this log - help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

hijack this log - help please

Unread postby belleraine » April 4th, 2009, 12:53 pm

I have an IBM Thinkpad Lenovo T43 running Windows XP Professional. I mainly use Firefox but my daughter uses Internet Explorer. I am experiencing the google redirect where it takes me to links other than the ones clicked. Also, my AVG 8.5 will not update. Here is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:48 PM, on 4/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/us/en/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-21-480719413-1009849582-1846952604-1142\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User '?')
O4 - HKUS\S-1-5-21-480719413-1009849582-1846952604-1142\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-480719413-1009849582-1846952604-1142\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe (User '?')
O4 - HKUS\S-1-5-21-480719413-1009849582-1846952604-5041\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = habasitusa.net
O17 - HKLM\Software\..\Telephony: DomainName = habasitusa.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = habasitusa.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = habasitusa.net
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 13055 bytes


Any help would be much appreciated. Thanks.
belleraine
Active Member
 
Posts: 7
Joined: April 4th, 2009, 12:42 pm
Advertisement
Register to Remove

Re: hijack this log - help please

Unread postby Shaba » April 10th, 2009, 6:01 am

Hi belleraine

Is this a personal computer?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log - help please

Unread postby belleraine » April 10th, 2009, 9:39 am

This is a laptop I use for work and personal.
belleraine
Active Member
 
Posts: 7
Joined: April 4th, 2009, 12:42 pm

Re: hijack this log - help please

Unread postby Shaba » April 11th, 2009, 5:12 am

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log - help please

Unread postby belleraine » April 11th, 2009, 11:32 am

Here's what it showed:

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-11 11:31:05
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF72C5506]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF72B4240]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF72B4432]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF72C5CC8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF72C5F88]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF72C43EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF72C63EC]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF72C57B8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF72B3EF0]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[208] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[208] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[208] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[208] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[208] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe[216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe[216] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe[216] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe[216] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe[216] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe[216] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[224] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[224] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[224] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[224] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[224] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[332] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[332] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[332] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[332] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[332] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[588] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[588] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[588] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[588] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[588] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\svchost.exe[876] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\svchost.exe[876] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\svchost.exe[876] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\svchost.exe[876] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\svchost.exe[876] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100D3658
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[900] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100D35A0
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[900] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100D2E84
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[900] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100D26A0
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[900] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100D2624
.text C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe[900] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100D3554
.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\spoolsv.exe[1224] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\spoolsv.exe[1224] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\spoolsv.exe[1224] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\spoolsv.exe[1224] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\spoolsv.exe[1224] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[1380] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[1380] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[1380] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[1380] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe[1380] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\System32\svchost.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\svchost.exe[1516] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\svchost.exe[1516] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\svchost.exe[1516] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\svchost.exe[1516] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\svchost.exe[1516] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\WINDOWS\system32\winlogon.exe[1808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10013658
.text C:\WINDOWS\system32\winlogon.exe[1808] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100135A0
.text C:\WINDOWS\system32\winlogon.exe[1808] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10012E84
.text C:\WINDOWS\system32\winlogon.exe[1808] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100126A0
.text C:\WINDOWS\system32\winlogon.exe[1808] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10012624
.text C:\WINDOWS\system32\winlogon.exe[1808] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10013554
.text C:\WINDOWS\system32\lsass.exe[1864] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\lsass.exe[1864] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\lsass.exe[1864] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\lsass.exe[1864] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\lsass.exe[1864] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\lsass.exe[1864] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1988] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1988] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1988] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1988] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1988] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[1988] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2152] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2152] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2152] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2152] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2152] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe[2152] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10053658
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2188] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100535A0
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2188] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10052E84
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2188] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100526A0
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2188] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10052624
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2188] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10053554
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Mozilla Firefox\firefox.exe[2328] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2784] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2784] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2784] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2784] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[2784] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2800] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2800] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2800] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2800] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2800] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10033658
.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2804] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100335A0
.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10032E84
.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2804] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100326A0
.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2804] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10032624
.text C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE[2804] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10033554
.text C:\WINDOWS\system32\rundll32.exe[2824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\system32\rundll32.exe[2824] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\system32\rundll32.exe[2824] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\system32\rundll32.exe[2824] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\system32\rundll32.exe[2824] ws2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\system32\rundll32.exe[2824] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Messenger\msmsgs.exe[2880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\Program Files\Messenger\msmsgs.exe[2880] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\Program Files\Messenger\msmsgs.exe[2880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\Program Files\Messenger\msmsgs.exe[2880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\Program Files\Messenger\msmsgs.exe[2880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\Program Files\Messenger\msmsgs.exe[2880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10043658
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2884] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2884] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100435A0
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2884] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10042E84
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2884] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100426A0
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2884] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10042624
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[2884] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10043554
.text C:\WINDOWS\System32\alg.exe[3404] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003658
.text C:\WINDOWS\System32\alg.exe[3404] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100035A0
.text C:\WINDOWS\System32\alg.exe[3404] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002E84
.text C:\WINDOWS\System32\alg.exe[3404] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100026A0
.text C:\WINDOWS\System32\alg.exe[3404] WS2_32.dll!recv 71AB676F 5 Bytes JMP 10002624
.text C:\WINDOWS\System32\alg.exe[3404] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003554

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 TPInput.sys (IBM SATA Power Management Driver/IBM Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\RRUbackups\Documents and Settings 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-478334549-1218954183-1533185377-500 0 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-478334549-1218954183-1533185377-500\88168cc7-1c71-400b-94b6-1b83c4919cee 388 bytes
File C:\RRUbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-478334549-1218954183-1533185377-500\Preferred 24 bytes
File C:\RRUbackups\Documents and Settings\Default User 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-478334549-1218954183-1533185377-500 0 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-478334549-1218954183-1533185377-500\88168cc7-1c71-400b-94b6-1b83c4919cee 388 bytes
File C:\RRUbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-478334549-1218954183-1533185377-500\Preferred 24 bytes
File C:\RRUbackups\hints.dat 8192 bytes
File C:\RRUbackups\pu.dat 224 bytes
File C:\RRUbackups\SAM 262144 bytes
File C:\RRUbackups\system 5242880 bytes
File C:\RRUbackups\system.dat 12288 bytes

---- EOF - GMER 1.0.15 ----
belleraine
Active Member
 
Posts: 7
Joined: April 4th, 2009, 12:42 pm

Re: hijack this log - help please

Unread postby Shaba » April 11th, 2009, 11:59 am

Does google redirects happen in both firefox and IE?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log - help please

Unread postby belleraine » April 11th, 2009, 12:25 pm

It was happening in both, but now I just tried in both browsers and the redirect is not happening. Also, my AVG 8.5 anti-virus just updated, which it has not been doing since the redirect. It seems to all be working now. Does the gmer.exe just scan or does it fix, too?
belleraine
Active Member
 
Posts: 7
Joined: April 4th, 2009, 12:42 pm

Re: hijack this log - help please

Unread postby Shaba » April 11th, 2009, 12:26 pm

It just scans.

So let's take a closer look:

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log - help please

Unread postby belleraine » April 11th, 2009, 12:32 pm

LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by BaileyM at 2009-04-11 12:30:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (44%) free of 34 GB
Total RAM: 758 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:46 PM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\baileym\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\BaileyM.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/us/en/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = habasitusa.net
O17 - HKLM\Software\..\Telephony: DomainName = habasitusa.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = habasitusa.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = habasitusa.net
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 13459 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2005-12-22 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-28 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2005-12-22 131072]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2009-04-03 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-08 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-08 512000]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2004-02-04 897024]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2005-04-05 106496]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2005-04-04 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2004-11-12 40960]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2005-03-23 217088]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-11 344064]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]
""= []
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe [2004-08-06 442368]
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe [2005-04-27 90112]
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2005-03-18 86016]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []
"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2004-01-23 20530]
"Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2004-01-23 24626]
"Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2004-01-23 45106]
"Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2004-01-23 20480]
"Client Access PC5250 Sound"=C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe [2004-01-23 40960]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-12-17 188416]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2006-01-12 483328]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-06 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-28 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"=C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [2004-08-06 442368]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2009-04-03 3558648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
BTTray.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-05-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-28 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2005-03-18 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2004-08-13 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=Warning! Property of Habasit Belting Incorporated. Unauthorized Users Prohibited.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\SalesLogix\SalesLogix.exe"="C:\Program Files\SalesLogix\SalesLogix.exe:*:Enabled:SalesLogix"
"C:\Program Files\SalesLogix\SLXSystem.exe"="C:\Program Files\SalesLogix\SLXSystem.exe:*:Enabled:SLXSystem"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open -

======List of files/folders created in the last 3 months======

2009-04-11 12:30:15 ----D---- C:\rsit
2009-04-10 14:16:24 ----D---- C:\Program Files\Veoh Networks
2009-04-10 14:15:46 ----D---- C:\Program Files\veoh
2009-04-06 14:28:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-06 14:28:08 ----D---- C:\Program Files\Common Files\PC Tools
2009-04-06 14:28:01 ----D---- C:\Program Files\Spyware Doctor
2009-04-06 14:28:01 ----D---- C:\Documents and Settings\baileym\Application Data\PC Tools
2009-04-06 14:28:01 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-04-06 14:08:55 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-05 18:44:14 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-04-05 18:43:17 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-05 18:43:16 ----D---- C:\Program Files\DivX
2009-04-03 23:33:46 ----D---- C:\Program Files\Trend Micro
2009-04-01 20:33:14 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-03-28 19:27:41 ----HD---- C:\$AVG8.VAULT$
2009-03-28 19:19:04 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-28 19:18:36 ----D---- C:\Program Files\AVG
2009-03-28 19:18:35 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-11 12:01:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 12:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 12:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 12:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-25 17:09:43 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-24 15:34:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-02-24 15:34:14 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2009-02-24 15:34:14 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2009-02-24 15:34:14 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2009-02-24 15:34:14 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2009-02-24 15:34:14 ----A---- C:\WINDOWS\system32\DivX.dll
2009-02-14 13:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-01-15 13:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-15 13:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

======List of files/folders modified in the last 3 months======

2009-04-11 12:30:47 ----D---- C:\WINDOWS\Temp
2009-04-11 12:30:12 ----D---- C:\WINDOWS\Prefetch
2009-04-11 12:11:27 ----AD---- C:\WINDOWS\system32
2009-04-11 11:53:57 ----D---- C:\Program Files\Mozilla Firefox
2009-04-11 11:38:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-10 14:16:24 ----RD---- C:\Program Files
2009-04-10 09:55:39 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-09 12:37:53 ----SHD---- C:\WINDOWS\CSC
2009-04-06 15:13:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-06 14:50:06 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-06 14:29:55 ----D---- C:\WINDOWS\system32\drivers
2009-04-06 14:28:08 ----D---- C:\Program Files\Common Files
2009-04-06 14:16:56 ----D---- C:\IBMSHARE
2009-04-06 14:08:55 ----AD---- C:\WINDOWS
2009-04-05 18:43:22 ----SHD---- C:\WINDOWS\Installer
2009-04-05 18:43:22 ----SHD---- C:\Config.Msi
2009-04-04 13:54:55 ----SHD---- C:\System Volume Information
2009-04-04 13:54:55 ----D---- C:\WINDOWS\system32\Restore
2009-04-01 20:57:52 ----A---- C:\WINDOWS\win.ini
2009-03-28 19:18:07 ----D---- C:\WINDOWS\WinSxS
2009-03-28 19:18:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-27 14:12:24 ----D---- C:\WINDOWS\security
2009-03-24 22:04:43 ----A---- C:\WINDOWS\iplayer.INI
2009-03-11 12:01:39 ----HD---- C:\WINDOWS\inf
2009-03-11 12:01:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-11 12:01:33 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 00:16:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-08 20:33:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-25 16:54:59 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\VXBLOCK.dll
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\PxWave.dll
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\PxSFS.DLL
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\PxMas.dll
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-02-24 15:35:32 ----N---- C:\WINDOWS\system32\Px.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-03-18 11520]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-28 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-28 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-28 108552]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2005-03-18 2432]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2004-05-14 4608]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2005-01-21 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2005-01-21 9340]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-09-06 16370]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2005-04-14 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2005-05-17 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-01-11 17119]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-03-17 132608]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-05-25 17408]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-05-25 30299]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-05-25 148040]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-11-10 1041664]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-11-10 200448]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2004-11-05 12944]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-08 177504]
R3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2008-01-09 25216]
R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2004-12-02 6016]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1; C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 14336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-02-14 3255168]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-11-10 685184]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-11 1133056]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-05-25 55288]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-02-08 5185]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-02-01 12416]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2005-03-18 12288]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-28 298264]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2005-05-25 163840]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2005-04-07 1421336]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-02-18 86016]
R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2005-04-27 385024]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2004-11-05 57344]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-06 152984]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2004-09-15 57393]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2005-03-18 77824]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-02-18 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-02-18 360521]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TPHDEXLGSVC;IBM HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2004-05-24 77824]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-11 32768]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-11 364544]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-04-27 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2003-10-07 57344]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

INFO

info.txt logfile of random's system information tool 1.06 2009-04-11 12:30:52

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL12.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL13.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL14.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL15.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL3.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL4.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL5.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL6.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL7.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL8.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL9.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL4.isu"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM Message Center-->MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 7.0.9 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000002}
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AutoCAD LT 2004-->MsiExec.exe /I{5783F2D7-0209-0409-0000-0060B0CE6BBA}
Autodesk Express Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 6127-->MsiExec.exe /X{EE2135D1-AE49-4D42-B856-DA3F2CC09E39}
IBM 32-bit Runtime Environment for Java 2, v1.4.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E922961C-6DB6-41DE-9FEA-426DF3E9F81C} /l1033
IBM Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM Active Protection System-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x9 anything
IBM Integrated 56K Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IIBM0559K.INF
IBM iSeries Access for Windows-->"C:\Program Files\IBM\Client Access\cwbinarp.exe"
IBM Rescue and Recovery with Rapid Restore-->MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM SATA Power Management Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}\SETUP.EXE" -l0x9 anything
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
IBM ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad UltraNav Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" UNINSTALL
IBM ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
IBM TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Japanese Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LINK-SeleCalc-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B1C763C-227D-4526-A876-3DDB670EB5A5}\Setup.exe" -l0x9
Lotus Notes 5.0 Connector (remove only)-->C:\Program Files\Common Files\PUMATECH Shared\Connectors\SDK27\Lotus Notes 5.0 Connector\LN5Uninstall
Lotus Notes 6.5.3-->MsiExec.exe /I{897891A6-6F93-49E0-B7D9-74FAF2AA862D}
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8F55B163-7B42-42A3-9307-C7FCB9655225} /l1033
PKZIP for Windows 8.00.0018-->MsiExec.exe /I{C51ACDF8-4FB1-4540-91DE-0960B3EA1922}
SalesLogix Client-->MsiExec.exe /I{0102F1E3-EEE6-4AC3-9CFC-0B39B2A7851C}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SnagIt 8-->MsiExec.exe /I{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}
Software Installer-->_tpiu000.exe /U
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Integrated Bluetooth IV Software-->MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
Volo View Express-->MsiExec.exe /I{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
WatchGuard Mobile VPN with SSL client 10-->"C:\Program Files\WatchGuard\WatchGuard Mobile VPN with SSL\unins000.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Network Edition

======System event log======

Computer Name: LENOVO-3EBF3EC8
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 240 minutes.

Record Number: 20099
Source Name: W32Time
Time Written: 20090308231442.000000-300
Event Type: warning
User:

Computer Name: LENOVO-3EBF3EC8
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Record Number: 20098
Source Name: W32Time
Time Written: 20090308211440.000000-300
Event Type: error
User:

Computer Name: LENOVO-3EBF3EC8
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 120 minutes.

Record Number: 20097
Source Name: W32Time
Time Written: 20090308211440.000000-300
Event Type: warning
User:

Computer Name: LENOVO-3EBF3EC8
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Record Number: 20096
Source Name: W32Time
Time Written: 20090308201440.000000-300
Event Type: error
User:

Computer Name: LENOVO-3EBF3EC8
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 60 minutes.

Record Number: 20095
Source Name: W32Time
Time Written: 20090308201440.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: LENOVO-3EBF3EC8
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 26297
Source Name: EventSystem
Time Written: 20090403191941.000000-240
Event Type: warning
User:

Computer Name: LENOVO-3EBF3EC8
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 26292
Source Name: Userenv
Time Written: 20090403175903.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: LENOVO-3EBF3EC8
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 26291
Source Name: AutoEnrollment
Time Written: 20090403175857.000000-240
Event Type: error
User:

Computer Name: LENOVO-3EBF3EC8
Event Code: 4354
Message: The COM+ Event System failed to fire the ConnectionMadeNoQOCInfo method on subscription {A82F0E80-1305-400C-BA56-375AE04264A1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.
Record Number: 26290
Source Name: EventSystem
Time Written: 20090403175852.000000-240
Event Type: warning
User:

Computer Name: LENOVO-3EBF3EC8
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 26288
Source Name: Userenv
Time Written: 20090403175851.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\ThinkPad\Utilities;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\PC-Doctor for Windows\;C:\WINDOWS\Downloaded Program Files;%SystemDrive%\IBMTOOLS\Python22;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RRU"=C:\Program Files\IBM\IBM Rapid Restore Ultra\
"PYTHONPATH"=%SystemDrive%\IBMTOOLS\utils\support;%SystemDrive%\IBMTOOLS\utils\logger
"IBMSHARE"=%SystemDrive%\IBMSHARE
"TCL_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tcl8.4
"TK_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tk8.4
"PYTHONCASEOK"=1

-----------------EOF-----------------
belleraine
Active Member
 
Posts: 7
Joined: April 4th, 2009, 12:42 pm

Re: hijack this log - help please

Unread postby Shaba » April 11th, 2009, 12:46 pm

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log - help please

Unread postby belleraine » April 11th, 2009, 3:43 pm

Kapersky online scan found nothing.

Here s the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:13 PM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/us/en/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/us/en/
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = habasitusa.net
O17 - HKLM\Software\..\Telephony: DomainName = habasitusa.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = habasitusa.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = habasitusa.net
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 13441 bytes
belleraine
Active Member
 
Posts: 7
Joined: April 4th, 2009, 12:42 pm

Re: hijack this log - help please

Unread postby Shaba » April 12th, 2009, 2:50 am

That looks good :)

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log - help please

Unread postby belleraine » April 12th, 2009, 10:38 am

No more problems. Everything id good.

Thanks for your help.
belleraine
Active Member
 
Posts: 7
Joined: April 4th, 2009, 12:42 pm

Re: hijack this log - help please

Unread postby Shaba » April 12th, 2009, 10:57 am

Great :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don''t have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check
  • Visit Microsoft''s Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes'' Anti-Malware - Malwarebytes'' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: hijack this log - help please

Unread postby Shaba » April 17th, 2009, 7:11 am

belleraine this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware