Faster internet?

C

crazykid

New Member
Hey all!

I was googling "what programs should be running on laptop" and I ran into this link on yahoo answers. I'll post up my HijackThis log and System Info here.

System Info:


Manufacturer: Hewlett-Packard
Model: Presario F500
Rating 3.0
Processor: AMD Turion(tm) 64 Mobile Technology MK-36 2.00 GHz
Memory (RAM): 2.00 GB
System Type: 32-bit Windows Vista Home Premium Operating System

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:31 AM, on 8/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\AIM Lite\aimlite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\IrfanView\i_view32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {2759EA0F-4B53-44B8-9A28-69574EF311CD} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [laim] "C:\Program Files\AIM Lite\aimlite.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCDDE027-1D35-49B0-B25C-74DE7675795B}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9741 bytes


So, does anyone have any ideas on what programs/processes I should remove ? I want my laptop to run faster and my internet to run faster. It gets annoying when I'm playing games and I lag too much. I used both System Mechanic 7 and TuneUp Utilities 2008.
 
Run -> msconfig -> startup

Remove any programs from the list that you don't need to boot up when the computer starts. Problems with lag/internet connection are probably not associated with background programs.

I'd also recommend downloading and using CCleaner.
 
Pls do the following, and we'll see what happens when we see the log, the CCleaner Instructions are attached below as well.

Hello,

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your reply:
  • Post the combo fix log
  • Post a Fresh Hijackthis log

Thankyou

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.

Download: CCleaner (freeware)
http://www.majorgeeks.com/download4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
CCleanerA.png

Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit
 
Hopefully I did everything right...

ComboFix 08-08-08.07 - LT 2008-08-08 17:35:42.1 - NTFSx86
Running from: C:\Users\LT\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\LT\AppData\Roaming\macromedia\Flash Player\#SharedObjects\57AZCAVN\interclick.com
C:\Users\LT\AppData\Roaming\macromedia\Flash Player\#SharedObjects\57AZCAVN\interclick.com\ud.sol
C:\Users\LT\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\LT\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Windows\system32\epsuwlet.ini
C:\Windows\System32\LSYFNqss.ini
C:\Windows\System32\LSYFNqss.ini2
C:\Windows\system32\MouseTrapLib.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 )))))))))))))))))))))))))))))))
.

2008-08-08 08:54 . 2008-08-08 08:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-07 23:49 . 2008-08-07 23:49 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-07 18:10 . 2008-08-07 18:10 354,560 --a------ C:\Windows\System32\TuneUpDefragService.exe
2008-08-07 18:10 . 2008-04-04 14:51 28,416 --a------ C:\Windows\System32\uxtuneup.dll
2008-08-07 18:10 . 2008-04-04 14:51 16,640 --a------ C:\Windows\System32\authuitu.dll
2008-08-07 18:08 . 2008-08-07 18:08 <DIR> d-------- C:\Users\LT\AppData\Roaming\TuneUp Software
2008-08-07 18:07 . 2008-08-07 18:07 <DIR> d-------- C:\Users\All Users\TuneUp Software
2008-08-07 18:07 . 2008-08-07 18:07 <DIR> d-------- C:\ProgramData\TuneUp Software
2008-08-07 18:07 . 2008-08-07 18:10 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-07 17:51 . 2000-01-24 06:01 453,632 --a------ C:\Windows\System32\stdvcl40.dll
2008-08-06 10:14 . 2008-08-06 10:14 <DIR> d-------- C:\Program Files\Sun
2008-08-05 13:37 . 2008-08-05 13:37 <DIR> d-------- C:\Users\LT\AppData\Roaming\Malwarebytes
2008-08-05 13:37 . 2008-08-05 13:37 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-05 13:37 . 2008-08-05 13:37 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-31 23:26 . 2008-07-31 23:26 <DIR> d-------- C:\Program Files\iPod
2008-07-28 08:45 . 2008-08-08 18:00 <DIR> d-------- C:\Users\LT\AppData\Roaming\skypePM
2008-07-28 08:45 . 2008-07-28 08:45 56 --ah----- C:\Windows\System32\ezsidmv.dat
2008-07-28 08:44 . 2008-08-08 18:01 <DIR> d-------- C:\Users\LT\AppData\Roaming\Skype
2008-07-28 08:43 . 2008-07-28 08:43 <DIR> d-------- C:\Program Files\Skype
2008-07-28 08:43 . 2008-07-28 08:43 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-07-25 15:03 . 2008-07-28 09:27 <DIR> d-------- C:\Users\LT\AppData\Roaming\Gizmo5
2008-07-25 15:02 . 2008-07-25 15:03 <DIR> d-------- C:\Program Files\Gizmo5
2008-07-24 12:36 . 1997-08-27 09:53 391,168 --a------ C:\Windows\System32\i263_32.drv
2008-07-24 12:36 . 1997-11-06 12:53 27,648 --a------ C:\Windows\System32\ir50_lcs.dll
2008-07-24 12:36 . 2008-07-24 12:36 5,767 --a------ C:\Windows\System32\CDUninst.isu
2008-07-24 12:26 . 2008-07-24 12:26 <DIR> d-------- C:\Program Files\Intel
2008-07-24 12:26 . 1998-11-18 16:33 144,384 --a------ C:\Windows\System32\Iacenc.dll
2008-07-24 12:26 . 1997-06-13 08:56 56,832 --a------ C:\Windows\System32\Iyvu9_32.dll
2008-07-24 12:09 . 2008-07-24 12:09 <DIR> d-------- C:\Windows\afreeCodecVT
2008-07-24 12:09 . 2008-07-24 12:28 <DIR> d-------- C:\Program Files\afreeCodecVT
2008-07-24 11:40 . 2008-07-24 11:40 <DIR> d-------- C:\Users\LT\AppData\Roaming\acccore
2008-07-24 11:39 . 2008-07-24 11:40 <DIR> d-------- C:\Users\LT\AppData\Roaming\LAIM
2008-07-24 11:37 . 2008-07-24 11:37 <DIR> d-------- C:\Program Files\AIM Lite
2008-07-23 22:11 . 2008-07-23 23:10 <DIR> d-------- C:\Program Files\Startup Optimizer
2008-07-23 12:05 . 2008-07-23 12:14 <DIR> d-------- C:\Program Files\Windows Live
2008-07-18 09:55 . 2007-05-01 08:08 1,877 --a------ C:\Windows\System32\nvnrm.nvu
2008-07-18 09:54 . 2007-01-03 12:20 1,732 --a------ C:\Windows\System32\drivers\nvphy.bin
2008-07-18 09:43 . 2008-07-18 09:43 <DIR> d-------- C:\cygwin
2008-07-17 09:24 . 2008-06-25 18:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-17 09:24 . 2008-06-25 18:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-17 09:23 . 2008-06-25 20:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-15 13:39 . 2007-06-13 12:00 2,868,632 --a------ C:\Windows\System32\csevalidator.dll
2008-07-15 13:39 . 2006-03-03 10:02 1,680,896 --a------ C:\Windows\System32\vcl100.bpl
2008-07-15 09:26 . 2008-07-15 09:26 <DIR> d-------- C:\Users\LT\AppData\Roaming\AI Internet Solutions
2008-07-14 21:49 . 2008-08-05 22:16 <DIR> d-------- C:\Program Files\HTMLValidatorLite80
2008-07-12 15:55 . 2008-07-12 15:55 <DIR> d-------- C:\Users\LT\AppData\Roaming\QQ Games Plugin
2008-07-12 15:50 . 2008-07-12 15:50 <DIR> d-------- C:\Program Files\Tencent
2008-07-11 07:53 . 2008-07-11 07:53 <DIR> d-------- C:\Program Files\Safari

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 00:57 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-08-08 23:44 41,236 ----a-w C:\Users\LT\AppData\Roaming\nvModes.dat
2008-08-08 15:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-08 08:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-08 04:14 --------- d-----w C:\Program Files\Google
2008-08-08 01:25 --------- d-----w C:\Program Files\Camfrog
2008-08-08 01:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-07 16:23 11,017,322 ----a-w C:\Windows\Internet Logs\tvDebug.zip
2008-08-07 16:23 --------- d-----w C:\Program Files\VentSrv
2008-08-07 04:18 --------- d-----w C:\Program Files\Lexmark Toolbar
2008-08-07 04:09 --------- d-----w C:\Program Files\Warcraft II BNE
2008-08-06 17:13 --------- d-----w C:\Program Files\Java
2008-08-01 06:26 --------- d-----w C:\Program Files\iTunes
2008-08-01 06:24 --------- d-----w C:\Program Files\Bonjour
2008-07-28 18:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-28 18:36 --------- d-----w C:\Program Files\lx_cats
2008-07-28 15:43 --------- d-----w C:\ProgramData\Skype
2008-07-24 18:39 --------- d-----w C:\Program Files\Common Files\AOL
2008-07-23 19:23 --------- d-----w C:\Program Files\Trillian
2008-07-23 19:04 --------- d-----w C:\ProgramData\WLInstaller
2008-07-23 08:45 --------- d-----w C:\Users\LT\AppData\Roaming\AVG7
2008-07-23 08:33 --------- d-----w C:\Program Files\Lavasoft
2008-07-22 17:12 --------- d-----w C:\Program Files\Outspark
2008-07-18 04:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-17 15:56 --------- d-----w C:\Program Files\CONEXANT
2008-07-17 15:53 --------- d-----w C:\Users\LT\AppData\Roaming\MSNInstaller
2008-07-17 15:49 --------- d-----w C:\ProgramData\WeFi
2008-07-17 15:47 --------- d-----w C:\Program Files\Roxio
2008-07-15 14:54 --------- d-----w C:\Program Files\FileZilla
2008-07-15 04:49 --------- d-----w C:\Program Files\WinFF
2008-07-14 16:15 --------- d-----w C:\Users\LT\AppData\Roaming\WinFF
2008-07-13 22:13 --------- d-----w C:\Users\LT\AppData\Roaming\Apple Computer
2008-07-12 23:21 --------- d-----w C:\ProgramData\Lavasoft
2008-07-12 22:53 --------- d-----w C:\ProgramData\Viewpoint
2008-07-12 22:53 --------- d-----w C:\ProgramData\AOL
2008-07-12 22:53 --------- d-----w C:\Program Files\Viewpoint
2008-07-09 14:46 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 07:17 --------- d-----w C:\Users\LT\AppData\Roaming\mIRC
2008-07-03 06:34 --------- d-----w C:\Users\LT\AppData\Roaming\dyyno-vlc
2008-06-23 23:31 --------- d-----w C:\Users\LT\AppData\Roaming\Actual Search & Replace
2008-06-23 08:40 --------- d-----w C:\Program Files\Actual Search & Replace
2008-06-22 04:44 --------- d-----w C:\Program Files\MSECache
2008-06-22 04:32 --------- d-----w C:\Program Files\Clever Age
2008-06-18 05:49 --------- d-----w C:\Program Files\Wireless WEP Key Password Spy
2008-06-13 20:14 --------- d-----w C:\Users\LT\AppData\Roaming\Xfire
2008-06-12 21:52 --------- d-----w C:\ProgramData\Xfire
2008-06-12 21:48 --------- d-----w C:\Program Files\Xfire
2008-06-12 02:54 --------- d-----w C:\Program Files\QuickTime
2008-06-11 23:53 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-06-04 06:50 73,216 ----a-w C:\Windows\ST6UNST.EXE
2008-06-04 06:50 286,720 ------w C:\Windows\Setup1.exe
2008-05-31 08:26 30,839,077 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_05_29_17_50_47_full.dmp.zip
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-16 18:58 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-05-12 01:46 174 --sha-w C:\Program Files\desktop.ini
2008-05-12 00:42 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-12 00:42 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-10 04:29 29,259,684 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_05_09_21_25_43_full.dmp.zip
2008-05-10 04:28 29,288,533 ----a-w C:\Windows\Internet Logs\vsmon_on_demand_2008_05_09_20_29_19_full.dmp.zip
2008-05-10 03:35 885,248 ----a-w C:\Windows\System32\RacEngn.dll
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-06 23:02 92,792 ----a-w C:\Users\LT\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-12-09 00:35 86 ----a-w C:\Users\LT\AppData\Roaming\wklnhst.dat
2008-04-06 23:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-06 23:24 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-06 23:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 00:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-07 19:19 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 17:32 167936]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 13:39 46704]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 09:21 579584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 04:31 959976]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 03:35 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 03:35 8534560]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 11:58 159744]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
"laim"="C:\Program Files\AIM Lite\aimlite.exe" [2007-06-07 10:11 765952]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 11:46 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2007-07-04 11:43 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"VIDC.XFR1"= xfcodec.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 00:11 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5EF2B147-0F55-44A5-9FE4-DE44ADC19159}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B3F6F49F-6D9E-4B2D-8E6A-9DE146D23B4D}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7F934C49-5ECD-42B6-9712-82664BC15E88}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{844F284C-6D46-4045-8E4E-3FD48778445A}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{F28D7902-6907-43FA-A3B4-32AC771AEF76}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{77D9D42F-3E50-45E7-893C-2CEEDE82CFAC}"= C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{9C6F9C2D-D8A7-4545-AC55-035C2F63C66C}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{50EA4A36-2EC3-4081-8FE4-A5FA8D3CE346}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{B833D3D3-87E3-40FA-A97A-5A9D4B4627EC}"= UDP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{C75154AE-5525-49AE-BBD1-46FD58D76CF4}"= TCP:C:\Program Files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{36F84FD0-BC49-409F-A560-B44F6571F338}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9CC9D8BB-B81D-4B18-9996-085BBF2FFE42}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6E58DADA-CB4D-48F7-AB3D-5B7B74E1051B}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{85A5A130-5CC7-4FF3-BA5F-86ECF1FBFC2E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E7E8FFE9-180B-4B50-B7ED-35DD3FAE8770}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{569CFE0C-9375-4FC1-8829-0FE02C2381BC}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{18938125-D9B7-4704-8DE3-3364C9FAB253}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{315CF641-9DF0-4D37-BCC5-22638A853647}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0B619B07-6BA8-4F40-AA50-4457C06951B1}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0084516F-3532-4E96-AB56-F7D4695EFD5B}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{7985FF60-E08C-4155-A725-BF851137FC76}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{8230C1F0-9763-46C6-90E9-F1881EA7270D}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6A21C400-D443-4AA9-82B6-696DE6A009A3}"= UDP:26543:BitComet 26543 TCP
"{DCC13758-100D-42D7-889E-A84969B8A1A3}"= TCP:26543:BitComet 26543 UDP
"{A83CBAF1-4673-4759-B762-B9937E1B2B99}"= UDP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{9CDCCCBE-359A-47D5-BAF5-BA03B7379216}"= TCP:C:\Program Files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{87D17AAB-3542-4574-B190-E497004D0091}"= UDP:26543:BitComet 26543 TCP
"{1ABD89D5-CF75-4FA5-BCAE-AE4851FE7D37}"= TCP:26543:BitComet 26543 UDP
"{D4FA3193-5B16-41B8-AF08-A80BB2F7C03C}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{C51265A7-16ED-4C19-AEB5-911CA66B6BDC}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{55E21964-5F22-4D90-8095-C1D4A6424740}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{3F7A3ADA-28F9-4A21-BE51-79E969DE80D5}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{2DE4DBD6-A7BB-480A-AB9F-4A45815C9F85}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{BE2D1CCC-F63C-4A8E-9133-123E2E013C1B}"= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{713CAD4E-99F3-4C01-9E0F-23DA92632884}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{BF25DD8E-BEE4-4092-B805-C94A8D752B7F}"= Disabled:UDP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{A0A3916C-0EF5-43F9-ABE4-83466A95E81B}"= Disabled:TCP:C:\Program Files\MySpace\IM\MySpaceIM.exe:MySpaceIM
"{9CC7BBD8-2B2B-4A67-87DF-65E1B46F0C95}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BC2E816A-A681-434E-9192-C13B6812A409}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{854B435C-127B-4243-B920-C0B02AC8C964}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C957070D-8C8E-4DF6-B42F-F32AE84F3560}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{7A672449-EF4F-464A-95EF-20468A674C3C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{FD6B1882-1E87-4247-BA57-F5BDDA7F31BC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4EB26D58-2E3B-4D5B-8386-7A4C603BDFC9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{C2409ACA-B1B8-442B-A216-FFE18138A099}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{7B5B11E1-8A90-4A2D-892D-FD811679CC58}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{E6504C6C-128A-44D7-8145-5CBBD631B17F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E2868FBE-77C9-4E6E-9229-82B5F3ACB16F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4FB733AB-1724-4B0C-A019-52176F198285}"= UDP:C:\Program Files\Outspark\Project Powder\Run.exe:ProjectPowder
"{01398CD4-5486-48E3-9351-437F1DD968FB}"= TCP:C:\Program Files\Outspark\Project Powder\Run.exe:ProjectPowder
"{213B12BB-ED87-4E8E-9229-ECDF4D3DD8AB}"= UDP:C:\Program Files\Gizmo5\Gizmo5.exe:Gizmo5
"{E0143F6E-69E4-4392-95D5-035D27E1E6A3}"= TCP:C:\Program Files\Gizmo5\Gizmo5.exe:Gizmo5
"{DA6EF042-C1A6-438C-889F-54CB610816D6}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{82C8720A-8B7C-40A4-9799-EE16B450CC77}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D299FA6D-C5E0-4277-A82A-102B03DF4FD5}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{394AE709-02E2-4276-98EC-D3AFD87751A2}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F6E946EF-908B-43B0-9000-5635854B6B04}"= UDP:C:\Program Files\Outspark\Project Powder\Run.exe:ProjectPowder
"{08EE9540-CEA8-4751-8CDC-BCE2FA6D6C46}"= TCP:C:\Program Files\Outspark\Project Powder\Run.exe:ProjectPowder

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 05:10]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-08-09 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 09:59]

2008-08-09 C:\Windows\Tasks\RegCure Program Check.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 01:20]

2008-08-07 C:\Windows\Tasks\RegCure.job
- C:\Program Files\RegCure\RegCure.exe [2007-08-02 01:20]

2008-08-09 C:\Windows\Tasks\User_Feed_Synchronization-{EB1A7A66-0630-4FE3-A662-E7516F3F114F}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 00:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\LT\AppData\Roaming\Mozilla\Firefox\Profiles\jap6efh2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 17:59:07
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Grisoft\AVG7\avgrssvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2008-08-08 18:13:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-09 01:12:55

Pre-Run: 10,045,165,568 bytes free
Post-Run: 9,698,082,816 bytes free

324 --- E O F --- 2008-08-01 15:45:31
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:26:01 PM, on 8/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AIM Lite\aimlite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QlbCtrl] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [laim] "C:\Program Files\AIM Lite\aimlite.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCDDE027-1D35-49B0-B25C-74DE7675795B}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9483 bytes
 
You must log in or register to reply here.
Back
Top