Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.qhost.abh


  • This topic is locked This topic is locked
4 replies to this topic

#1 storito

storito

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 12 September 2008 - 10:47 PM

Spybot and Adaware are not able to fix this issue.Can you help???



ComboFix 08-09-12.03 - storov 2008-09-12 22:53:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.413 [GMT -4:00]
Running from: C:\Documents and Settings\storov\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\storov\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\temp.dll
C:\Program Files\altcmd
C:\Program Files\altcmd\almd32.dll
C:\Program Files\altcmd\altcmd.inf
C:\Program Files\altcmd\altcmd32.dll
C:\Program Files\altcmd\uninstall.bat
C:\WINDOWS\system32\wowfx.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-13 to 2008-09-13 )))))))))))))))))))))))))))))))
.

2008-09-12 21:05 . 2008-09-12 21:08 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-12 21:05 . 2008-09-12 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-12 15:41 . 2008-09-12 15:45 <DIR> d-------- C:\Documents and Settings\storov\Application Data\ICQ
2008-09-12 15:40 . 2008-09-12 15:45 <DIR> d-------- C:\Program Files\ICQ6
2008-09-11 20:54 . 2008-09-11 20:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-09-11 20:54 . 2008-09-11 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-09 23:36 . 2006-01-05 12:57 13,440 --a------ C:\WINDOWS\system32\drivers\PcdrNdisuio.sys
2008-09-09 23:29 . 2008-09-09 23:29 <DIR> d-------- C:\Documents and Settings\storov\Application Data\Talkback
2008-09-09 23:28 . 2008-09-09 23:28 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-09 23:27 . 2008-09-09 23:28 2,818 --a------ C:\WINDOWS\mozver.dat
2008-09-09 21:14 . 2008-09-09 21:14 <DIR> d-------- C:\WINDOWS\system32\xlib254.dll
2008-09-09 21:14 . 2008-09-09 21:14 <DIR> d-------- C:\WINDOWS\system32\append.dll
2008-09-09 21:04 . 2008-09-09 21:04 <DIR> d-------- C:\Documents and Settings\storov\Application Data\EleFun Games
2008-09-09 19:32 . 2008-09-09 19:32 <DIR> d-------- C:\Program Files\Diskeeper Corporation
2008-09-09 19:32 . 2008-09-09 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-09-09 00:30 . 2008-09-09 00:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PCDr
2008-09-08 17:04 . 2002-02-14 11:26 647,872 --a------ C:\WINDOWS\system32\mscomct2.ocx
2008-09-08 17:04 . 2008-09-08 17:04 645,120 --a------ C:\WINDOWS\system32\config.gms
2008-09-08 17:04 . 2002-02-13 11:20 2,362 --a------ C:\WINDOWS\system32\mscomct2.dep
2008-09-07 23:39 . 2008-09-07 23:39 <DIR> d-------- C:\Program Files\uTorrent
2008-09-07 23:39 . 2008-09-09 21:15 <DIR> d-------- C:\Documents and Settings\storov\Application Data\uTorrent
2008-09-07 20:30 . 2008-09-07 20:30 <DIR> d-------- C:\Program Files\MSECache
2008-09-07 15:01 . 2008-09-07 15:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-07 15:01 . 2008-09-07 15:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-05 09:07 . 2008-09-09 17:02 <DIR> d-------- C:\EES32
2008-09-03 15:24 . 2007-02-19 01:56 21,376 --a------ C:\WINDOWS\system32\drivers\psadd.sys
2008-08-28 08:45 . 2008-08-28 08:45 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-28 08:45 . 2008-08-28 08:45 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-28 08:45 . 2008-08-28 08:45 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-28 08:45 . 2008-08-28 08:45 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-28 08:41 . 2008-08-28 08:45 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-27 10:10 . 2008-04-13 20:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-27 10:09 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-25 08:55 . 2008-08-25 08:55 <DIR> d-------- C:\Documents and Settings\storov\Application Data\Rensselaer Polytechnic Institute
2008-08-25 08:53 . 2000-07-21 09:23 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2008-08-25 08:52 . 2008-08-25 08:52 <DIR> d-------- C:\OrCAD
2008-08-25 08:24 . 2008-08-25 08:24 <DIR> d-------- C:\Program Files\Rensselaer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 03:02 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-12 19:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-12 00:58 --------- d-----w C:\Documents and Settings\storov\Application Data\Skype
2008-09-12 00:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-11 23:33 --------- d-----w C:\Documents and Settings\storov\Application Data\skypePM
2008-09-11 02:14 --------- d-----w C:\Documents and Settings\storov\Application Data\.gaim
2008-09-08 20:35 --------- d-----w C:\Program Files\MATLAB
2008-09-03 19:25 --------- d-----w C:\Program Files\Lenovo
2008-09-03 19:25 --------- d-----w C:\Program Files\Common Files\Lenovo
2008-08-25 12:52 --------- d-----w C:\Program Files\Common Files\Crystal Decisions
2008-08-25 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\National Instruments
2008-08-19 14:36 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-02 14:48 --------- d-----w C:\Program Files\Microsoft Games
2008-07-13 16:42 --------- d-----w C:\Documents and Settings\storov\Application Data\GARMIN
2008-03-12 01:44 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2003-08-27 18:19 36,963 -c--a-r C:\Program Files\Common Files\SM1updtr.dll
2004-03-01 17:25 114,688 ----a-w C:\Program Files\internet explorer\plugins\ChimeShim.dll
2004-03-15 21:51 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 13:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 14:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 18:40 132,848 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-06 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-28 864256]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-03-09 94208]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-12-15 925696]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-01-25 106496]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 335872]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2005-12-07 151552]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-12-07 208896]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"TPKBDLED"="C:\WINDOWS\system32\TpScrLk.exe" [2002-10-09 40960]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-04-13 69632]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 31232]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2006-05-27 124656]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-12 282624]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-05-12 2333440]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"niDevMon"="C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2006-07-18 58880]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2005-03-08 1695744]
"SM1BG"="C:\WINDOWS\SM1BG.EXE" [2003-08-27 94208]
"TpShocks"="TpShocks.exe" [2005-11-07 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 C:\WINDOWS\system32\TP4EX.exe]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 113664]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 113664]

C:\Documents and Settings\storov\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-09-09 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-01 581693]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-06-18 24576]
VPN Client.lnk - C:\WINDOWS\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico [2006-06-27 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-04-13 05:05 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2006-04-17 16:01 32768 c:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AfsLogon]
2006-04-10 14:39 99312 C:\WINDOWS\system32\afslogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KFWLogon]
2006-04-10 14:39 99312 C:\WINDOWS\system32\afslogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 22:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 02:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 23:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 10:16 171464 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-06 13:22 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=
"C:\\Program Files\\UGS\\NX 4.0\\UGII\\ugraf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsdoc.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsinfo.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsmps.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsMsgServer.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsNameServer.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRemshClient.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsRunHidden.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsUnzip.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdswhich.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cdsZip.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\cds_root.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsAdminTool.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clsbd.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\clu.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\dregprint.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\mpsinfo.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmp.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\nmppath.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\obServer.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\van.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\bin\\versionviewer.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\capture.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\comp16.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pcadi.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pspiceexplorersrvr.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\pstswp.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\regsvr32.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\sch2cap.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\SETBROWS.EXE"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\capture\\tutorial\\CAPTUTOR.EXE"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\cdsdocIndexer.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\cdsdoc\\bin\\obServer.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\cdsservipc.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\dfII\\bin\\skill_g.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\mkdefcfg.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\fet\\bin\\versiontool.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\javaws-1_2_0_02-windows-i586-i.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\java.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\javaw.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\jpicpl32.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\keytool.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\kinit.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\klist.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\ktab.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\orbd.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\policytool.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmid.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\rmiregistry.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\servertool.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\jre\\bin\\tnameserv.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\fvupdateutil.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\gcdin.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\idfin.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\layout.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\libcat.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\lsession.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxascx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxdxf.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxeco.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxfnetx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxminx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxorcad.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxp99x.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpadx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxpcadx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxprotx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxstrx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\maxtangx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\mfceco.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\padx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcadx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\pcb2max.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\prcat.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\protx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\searchTool.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\setbrows.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\specin.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\strx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tangx.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tomax.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tospec.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\update90.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\batch32.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\sroute\\sroute.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\layout\\tutorial\\laytutor.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pcb\\bin\\specctra.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\IndiceFileGeneration.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\Magneticdesigner.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\modeled.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\MrkSrvr.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspice.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceaa.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\pspiceexplorersrvr.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\psp_cmd.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\regsvr32.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simmgr.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\simsrvr.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\pspice\\stmed.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\bin\\cdsdocIndexer.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\merge.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\mkvdk.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\search.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\setup.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\bin\\v_uninst.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\callback.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\filter.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmlini.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\htmserv.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\index.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jstree.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\jvtree.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\kvoop.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\regsvr32.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\summary.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\verity\\_nti40\\filters\\viewers\\amovie.exe"=
"C:\\OrCAD\\OrCAD_10.5_Demo\\tools\\specctra\\bin\\specctra.com"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7001:UDP"= 7001:UDP:AFS CacheManager Callback (UDP)

R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.sys [2006-07-13 557568]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 85760]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 11520]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 6656]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 6016]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 4736]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2005-12-07 4442]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2006-07-27 4096]
R2 gpib420;GPIB Analyzer;C:\WINDOWS\system32\drivers\gpib420.sys [2006-02-13 31334]
R2 GpibPrtK;Gpib Port;C:\WINDOWS\system32\drivers\gpibprtk.sys [2006-02-13 199783]
R2 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lvalarmk.dll [2005-07-27 10829]
R2 mxssvr;NI Configuration Manager;C:\Program Files\National Instruments\MAX\nimxs.exe [2006-07-15 5728]
R2 niarbk;niarbk;C:\WINDOWS\system32\drivers\niarbk.dll [2006-07-04 37376]
R2 nibffrk;nibffrk;C:\WINDOWS\system32\drivers\nibffrk.dll [2006-07-04 21504]
R2 Nidaq32k;Nidaq32k;C:\WINDOWS\system32\drivers\Nidaq32k.sys [2006-07-04 674304]
R2 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimk.dll [2006-07-13 159232]
R2 nidmmk;NI DMM and Data Logger Kernel Driver;C:\WINDOWS\system32\drivers\nidmmk.dll [2006-07-04 50688]
R2 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxfk.dll [2006-07-20 200704]
R2 nidwgk;nidwgk;C:\WINDOWS\system32\drivers\nidwgk.dll [2006-07-10 979456]
R2 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrk.dll [2006-07-20 370176]
R2 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslk.dll [2006-07-16 81920]
R2 nigplk;nigplk;C:\WINDOWS\system32\drivers\nigplk.dll [2006-02-15 101376]
R2 nihsdrk;nihsdrk;C:\WINDOWS\system32\drivers\nihsdrk.dll [2006-07-10 815616]
R2 nimdsk;nimdsk;C:\WINDOWS\system32\drivers\nimdsk.dll [2006-07-04 30208]
R2 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpk.dll [2006-07-16 20480]
R2 nipsdk;nipsdk;C:\WINDOWS\system32\drivers\nipsdk.dll [2006-07-10 246784]
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmk.dll [2006-07-18 71680]
R2 nisldk;nisldk;C:\WINDOWS\system32\drivers\nisldk.dll [2006-07-10 395776]
R2 nisrcdk;nisrcdk;C:\WINDOWS\system32\drivers\nisrcdk.dll [2006-07-10 965632]
R2 nistck;nistck;C:\WINDOWS\system32\drivers\nistck.dll [2006-07-04 111616]
R2 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdk.dll [2006-08-23 490496]
R2 NITaggerService;National Instruments Variable Engine;C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2006-07-25 696320]
R2 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrk.dll [2006-07-20 1746432]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-05-12 3968]
R2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 3456]
R2 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6xxxk.dll [2006-07-16 19968]
R3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrk.dll [2006-07-16 171520]
R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbgk.dll [2006-07-13 171008]
R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2k.dll [2006-07-13 248832]
R3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdrk.dll [2006-07-16 137728]
R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimstsk.dll [2006-07-16 51712]
R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdfk.dll [2006-07-13 218112]
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbk.dll [2006-07-13 38912]
R3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdk.dll [2006-07-16 506880]
R3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdigk.dll [2006-07-16 240128]
R3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitiork.dll [2006-07-16 790528]
S2 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiKl.sys [2007-02-23 11552]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 4992]
S3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsark.dll [2006-07-20 648192]
S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrk.dll [2006-07-20 500224]
S3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.dll [2006-06-05 14464]
S3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrlk.dll [2006-06-05 151683]
S3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftk.dll [2006-07-16 164864]
S3 nismbusk;nismbusk;C:\WINDOWS\system32\drivers\nismbusk.sys [2006-07-18 51200]
S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdk.dll [2006-07-16 43008]
S3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrk.dll [2006-07-20 1026560]
S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2k.dll [2006-06-06 163328]
S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcrk.dll [2006-07-16 111616]
S3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWKl.sys [2007-02-22 11552]
S3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciKl.sys [2007-02-23 11552]
S3 NIVIUSBK;NI-VISA USB Driver;C:\WINDOWS\system32\DRIVERS\NIVIUSBK.sys [2007-02-22 45856]
S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrk.dll [2006-07-20 434688]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2808c276-3fe2-11dc-93d4-00130299d972}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{2A8D06B4-1B40-009F-E531-629A59080F43} - C:\Program Files\altcmd\altcmd32.dll
HKCU-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
HKLM-Run-PCDrProfiler - (no file)
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\storov\Application Data\Mozilla\Firefox\Profiles\3pn53idm.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://rpinfo.rpi.edu/index.html
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 23:05:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> c:\program files\thinkpad\connectutilities\AcSvcStub.dll
-> c:\program files\thinkpad\connectutilities\AcLocSettings.dll
-> c:\program files\thinkpad\connectutilities\ACHelper.dll
-> C:\WINDOWS\system32\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-09-12 23:15:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-13 03:14:48

Pre-Run: 14,687,088,640 bytes free
Post-Run: 14,546,640,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

446 --- E O F --- 2008-09-10 07:05:38

Edited by Orange Blossom, 12 September 2008 - 11:22 PM.
Merged topics. ~ OB


BC AdBot (Login to Remove)

 


#2 storito

storito
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 12 September 2008 - 11:08 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:39 AM, on 9/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\OrCAD\OrCAD_10.5_Demo\tools\bin\cdsNameServer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rpinfo.rpi.edu/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - .DEFAULT User Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/rpi/support/plugins/ebraryRdr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1151047056640
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152731563656
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AfsLogon - C:\WINDOWS\SYSTEM32\afslogon.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: KFWLogon - C:\WINDOWS\SYSTEM32\afslogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: CYGWIN cygserver (cygserver) - Unknown owner - C:\Apps\cygwin\bin\cygrunsrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 19753 bytes

#3 storito

storito
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:04 PM

Posted 12 September 2008 - 11:15 PM

Hint of the Day: Click the bar at the right of this to see more information! ()


Win32.Qhost.abh: [SBI $C1E39772] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\SecurityProviders\SecurityProviders=...wowfx.dll...

DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:04 PM

Posted 27 September 2008 - 04:10 PM

:thumbsup: to BleepingComputer.com

I want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.

If you would still like help, please post a new HiJack This log below, as things may have changed on your system.

If you do not still need help, please let me know, so that I can move on to other users who still need help.

Please take note of the following:
  • While a HJT Team member is working with you, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Please reply using the Posted Image button in the lower left hand corner of your screen.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" :).
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please include the following:
  • Kaspersky's Log
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:04:04 PM

Posted 29 September 2008 - 09:43 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users