Chris
I've ran a Hijackthis Report... Here are the results from the log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:10 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Lenovo\PM Driver\PMSveH.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Installshield\UpdateService\isuspm.exe
C:\WINDOWS\Fonts\svchost.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ProcessTamer\ProcessTamerTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Network Associates\VirusScan\scan32.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lenovo.com/welcome/3000notebook
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\inldohma.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\Installshield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [30782a7a] rundll32.exe "C:\WINDOWS\system32\wgvesuep.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ProcessTamer.lnk = C:\Program Files\ProcessTamer\ProcessTamerTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with &ZipScan - C:\PROGRA~1\ZIPSCA~1\zs_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/3000notebook
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9130616312
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 10822 bytes
Here is the log from Combo Fix.
ComboFix 07-11-08.1 - Chris 2007-11-14 15:30:27.1 - NTFSx86
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Log\2007 Nov 14 - 11_32_23 AM_221.log
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Log\2007 Nov 14 - 11_32_30 AM_269.log
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Log\2007 Nov 14 - 11_46_38 AM_296.log
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Log\2007 Nov 14 - 11_47_23 AM_531.log
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Log\2007 Nov 14 - 11_58_56 AM_531.log
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\rs.dat
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Chris\Application Data\AntiSpywareBot\Settings\Settings.stg
C:\Documents and Settings\Chris\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Chris\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Chris\Favorites\Online Security Guide.lnk
C:\WINDOWS\system32\ijkmp.ini
C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\inldohma.dllbox
C:\WINDOWS\system32\pmkji.dll
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job
.
((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.
2007-11-14 15:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-14 15:16 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-14 14:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 12:01 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Spyware Terminator
2007-11-14 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-14 11:48 37,376 --a------ C:\WINDOWS\system32\nnnopqo.dll
2007-11-14 11:25 <DIR> d-------- C:\Program Files\RogueRemover PRO
2007-11-14 11:23 <DIR> d-------- C:\Program Files\FileASSASSIN
2007-11-14 11:21 <DIR> d-------- C:\Program Files\RogueRemover FREE
2007-11-14 07:59 85,056 --a------ C:\WINDOWS\system32\wgvesuep.dll
2007-11-13 21:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-13 21:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 20:42 <DIR> d-------- C:\Documents and Settings\Chris\.housecall6.6
2007-11-13 12:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-11-13 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-11-13 12:23 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-11-13 12:23 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-11-13 12:22 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-11-13 12:21 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-11-13 07:49 88,128 --a------ C:\WINDOWS\system32\cyvaacic.dll
2007-11-13 07:45 36,352 --a------ C:\WINDOWS\system32\efcdedb.dll
2007-11-13 07:44 145,984 --a------ C:\WINDOWS\system32\jxjmmlya.dll
2007-11-13 07:44 145,984 --a------ C:\WINDOWS\system32\inldohma.dll
2007-11-12 15:50 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-12 15:47 134 --a------ C:\n.bat
2007-11-12 15:47 0 --a------ C:\x.dat
2007-11-12 15:46 172,032 --a------ C:\winlogon.exe
2007-11-12 15:46 36,352 --a------ C:\WINDOWS\system32\vtutttr.dll
2007-11-12 15:46 0 --a------ C:\z.dat
2007-11-10 15:32 <DIR> d-------- C:\Documents and Settings\Chris\.DownloadManager
2007-11-02 16:15 <DIR> d-------- C:\Program Files\Winamp
2007-11-02 16:15 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Winamp
2007-11-02 16:15 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-10-23 13:47 <DIR> d-------- C:\Program Files\Incomplete
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 16:25 2,015 ---ha-r C:\WINDOWS\system32\drivers\hosts
2007-11-14 13:08 --------- d-----w C:\Documents and Settings\Chris\Application Data\.purple
2007-11-13 19:08 --------- d-----w C:\Documents and Settings\Chris\Application Data\GRLevel3
2007-11-12 20:50 278,542 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-12 20:45 278,541 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-11-12 16:11 --------- d-----w C:\Documents and Settings\Chris\Application Data\CoreFTP
2007-11-11 16:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-07 03:43 --------- d-----w C:\Program Files\Pidgin
2007-10-07 03:34 --------- d-----w C:\Documents and Settings\Chris\Application Data\GR2Analyst
2007-09-30 22:51 --------- d-----w C:\Program Files\Full Tilt Poker
2007-09-23 03:51 --------- d-----w C:\Documents and Settings\Chris\Application Data\gtk-2.0
2007-07-14 02:39 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-03-01 22:32:25 193 -csha-r C:\WINDOWS\Regbak.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01CD0B31-9154-45F2-9414-F5D64B74EAF6}]
2007-11-12 15:46 36352 --a------ C:\WINDOWS\system32\vtutttr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0d67b55c-705c-4e7c-82e6-07713c3ac7fd}]
C:\WINDOWS\system32\vjwbuwoy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-13 07:44 145984 --a------ C:\WINDOWS\system32\inldohma.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\inldohma.dll [2007-11-13 07:44 145984]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 00:51]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPHKMGR.exe" [2006-05-07 20:34]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-04-19 17:29]
"PMHandler"="C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe" [2006-08-22 02:54]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-01-25 18:45]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 02:40 C:\WINDOWS\AGRSMMSG.exe]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-12-10 19:36]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 15:34]
"LPManager"="C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe" [2006-07-03 11:11]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-22 06:36]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 19:24]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 21:13]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 11:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 06:50]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 12:48]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 C:\WINDOWS\RTHDCPL.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-10-12 16:28]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 15:15]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-22 18:07]
"ISUSPM"="C:\Program Files\Common Files\Installshield\UpdateService\isuspm.exe" [2006-03-20 15:34]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-11-12 15:45]
"30782a7a"="C:\WINDOWS\system32\wgvesuep.dll" [2007-11-14 07:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 15:34]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 23:17]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 23:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 23:13]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"SkinClock"="C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2007-01-03 03:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 23:05]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
ProcessTamer.lnk - C:\Program Files\ProcessTamer\ProcessTamerTray.exe [2007-01-27 15:43:21]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{01CD0B31-9154-45F2-9414-F5D64B74EAF6}"= C:\WINDOWS\system32\vtutttr.dll [2007-11-12 15:46 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\inldohma]
inldohma.dll 2007-11-13 07:44 145984 C:\WINDOWS\system32\inldohma.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2006-01-11 01:05 13824 C:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutttr]
vtutttr.dll 2007-11-12 15:46 36352 C:\WINDOWS\system32\vtutttr.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkji.dll
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 PMHler;PMHler;C:\WINDOWS\system32\drivers\PMHler.sys
R2 smi2;smi2;\??\C:\Program Files\SMI2\smi2.sys
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;C:\WINDOWS\system32\DRIVERS\atinysxx.sys
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;C:\WINDOWS\system32\DRIVERS\atinyvxx.sys
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;C:\WINDOWS\system32\DRIVERS\atinyuxx.sys
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;C:\WINDOWS\system32\Drivers\ATIUTD.sys
S3 ISLP2;Intersil 802.11 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\islp2nds.sys
*Newly Created Service* - ENTDRV51
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 15:56:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-14 16:05:32 - machine was rebooted
.
--- E O F ---