Im Infested[INACTIVE]

mattt · June 3, 2008

here is my hijack this logfile can you please help me

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:04:29 PM, on 6/3/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\mfcpo32.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Documents and Settings\rent a center\Desktop\My Shit\Norton Crashguard\CGMenu.EXE

C:\WINDOWS\System32\taskswitch.exe

C:\PROGRA~1\PEOPLE~1\PropelAC.exe

C:\Program Files\ISP50\Bin\Bartshel.exe

C:\Program Files\EarthLink 5.0\ConMgr.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\COMODO\SafeSurf\cssurf.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\PROGRA~1\ISP50\bin\ppshared.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjkcu.dll/sp.html#28129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjkcu.dll/sp.html#28129

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rjkcu.dll/sp.html#28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rjkcu.dll/sp.html#28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rjkcu.dll/sp.html#28129

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rjkcu.dll/sp.html#28129

R3 - Default URLSearchHook is missing

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {483B85DB-02AA-2855-E2A4-EF02FD55CE65} - C:\WINDOWS\addel32.dll (file missing)

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\Documents and Settings\rent a center\Desktop\My Shit\Norton Crashguard\CGMenu.EXE"

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [bart Station] C:\Program Files\ISP50\BIN\PPCOLink -STATION

O4 - HKLM\..\Run: [Propel Accelerator] "C:\PROGRA~1\PEOPLE~1\PropelAC.exe"

O4 - HKLM\..\Run: [PPCRunonce] C:\WINDOWS\System32\PPCRunOnce.exe

O4 - HKLM\..\Run: [13.tmp] C:\DOCUME~1\RENTAC~1\LOCALS~1\Temp\13.tmp.exe 0 28129

O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe

O4 - HKLM\..\Run: [16.tmp] C:\DOCUME~1\RENTAC~1\LOCALS~1\Temp\16.tmp.exe 0 28129

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [bullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe

O4 - HKLM\..\Run: [16.tmp.exe] C:\DOCUME~1\RENTAC~1\LOCALS~1\Temp\16.tmp.exe 0 28129

O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"

O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [netbe.exe] C:\WINDOWS\system32\netbe.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\RunOnce: [VoptXP] "C:\From Trash\VoptXP v7\UTILITY.EXE" c

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: EarthLink ToolBar 5.0.lnk = C:\Program Files\EarthLink 5.0\etoolbar.exe

O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.05p.com

O15 - Trusted Zone: *.awmdabest.com

O15 - Trusted Zone: *.blazefind.com

O15 - Trusted Zone: *.clickspring.net

O15 - Trusted Zone: *.flingstone.com

O15 - Trusted Zone: *.frame.crazywinnings.com

O15 - Trusted Zone: *.mt-download.com

O15 - Trusted Zone: *.my-internet.info

O15 - Trusted Zone: *.scoobidoo.com

O15 - Trusted Zone: *.searchbarcash.com

O15 - Trusted Zone: *.searchmiracle.com

O15 - Trusted Zone: *.slotch.com

O15 - Trusted Zone: *.static.topconverting.com

O15 - Trusted Zone: *.xxxtoolbar.com

O15 - Trusted Zone: *.05p.com (HKLM)

O15 - Trusted Zone: *.awmdabest.com (HKLM)

O15 - Trusted Zone: *.blazefind.com (HKLM)

O15 - Trusted Zone: *.clickspring.net (HKLM)

O15 - Trusted Zone: *.flingstone.com (HKLM)

O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)

O15 - Trusted Zone: *.mt-download.com (HKLM)

O15 - Trusted Zone: *.my-internet.info (HKLM)

O15 - Trusted Zone: *.scoobidoo.com (HKLM)

O15 - Trusted Zone: *.searchbarcash.com (HKLM)

O15 - Trusted Zone: *.searchmiracle.com (HKLM)

O15 - Trusted Zone: *.slotch.com (HKLM)

O15 - Trusted Zone: *.static.topconverting.com (HKLM)

O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)

O15 - Trusted IP range: 206.161.125.149

O15 - Trusted IP range: 206.161.124.130 (HKLM)

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\lqhchqjk.exe

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212180700337

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O23 - Service: Network Security Service ( 11FÃŸÃ¤#Â·ÂºÃ„Ã–`I) - Unknown owner - C:\WINDOWS\mfcpo32.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe (file missing)

O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

O23 - Service: Workstation NetLogon Service (Â%AFÃ¥Â¤Â¶Ã€Â¨) - Unknown owner - C:\WINDOWS\javaft32.exe

--

End of file - 9595 bytes

Andro1d · June 4, 2008

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Please download this file - combofix.exe by sUBs

Save it to your Desktop
Please, never rename Combofix unless instructed.
Now physically disconnect from the internet and STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.
"%userprofile%\desktop\ComboFix.exe" /KillAll
Click OK and this will start ComboFix in a special way.
When finished, it will produce a log. Please save that log to a Notepad File to post in your next reply along with a fresh HJT log.

Note:

Do not mouse-click combofix's window while it is running. That may cause it to stall.

* After you have saved the logs, restart your system to re-enable all the programs that were disabled during the running of ComboFix.

* Reconnect to the internet

* Post the following logs/Reports:

ComboFix.txt
Fresh HijackThis log run after all the other tools have performed their cleanup.

mattt · June 4, 2008

thanks here are my new logs

ComboFix 08-06-03.4 - rent a center 2008-06-04 10:07:33.2 - NTFSx86

Running from: C:\Documents and Settings\rent a center\desktop\ComboFix.exe

Command switches used :: /KillAll

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))

.

2008-06-03 17:57 . 2008-06-03 17:58 214 --a------ C:\WINDOWS\wininit.ini

2008-06-03 15:22 . 2008-06-03 15:22 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-03 15:22 . 2008-06-03 17:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-03 15:03 . 2008-06-03 15:03 <DIR> d-------- C:\Program Files\Trend Micro

2008-06-02 16:44 . 2008-06-02 16:44 1,160 --a------ C:\WINDOWS\mozver.dat

2008-06-02 13:56 . 2008-06-02 13:56 <DIR> d--h----- C:\WINDOWS\PIF

2008-06-02 13:56 . 2008-06-03 17:58 <DIR> d--h----- C:\$AVG8.VAULT$

2008-06-02 13:54 . 2008-06-04 09:30 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg

2008-06-02 13:54 . 2008-06-02 16:55 <DIR> d-------- C:\Documents and Settings\rent a center\Application Data\AVGTOOLBAR

2008-06-02 13:54 . 2008-06-02 13:54 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys

2008-06-02 13:54 . 2008-06-02 13:54 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys

2008-06-02 13:54 . 2008-06-02 13:54 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll

2008-06-02 13:53 . 2008-06-02 13:53 <DIR> d-------- C:\Program Files\AVG

2008-06-02 13:53 . 2008-06-02 13:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8

2008-06-02 13:35 . 2008-06-02 13:35 0 --a------ C:\WINDOWS\nsreg.dat

2008-06-02 11:40 . 2008-06-02 11:40 18,944 --a------ C:\WINDOWS\sysoo32.exe.$$$

2008-06-02 10:38 . 2008-06-02 10:38 <DIR> d-------- C:\Program Files\AskSBar

2008-06-02 10:38 . 2008-06-02 10:38 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll

2008-06-02 10:37 . 2008-06-02 10:38 <DIR> d-------- C:\Program Files\COMODO

2008-06-02 10:37 . 2008-06-02 10:37 <DIR> d-------- C:\Documents and Settings\rent a center\Application Data\Comodo

2008-06-02 10:37 . 2008-06-02 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo

2008-06-02 10:37 . 2008-06-02 10:37 143,104 --a------ C:\WINDOWS\system32\guard32.dll

2008-06-02 10:37 . 2008-06-02 10:37 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys

2008-06-02 10:37 . 2008-06-02 10:37 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-06-02 10:24 . 2008-06-02 10:24 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-06-02 10:22 . 2007-08-13 18:52 66,048 --a------ C:\WINDOWS\ieResetIcons.exe

2008-06-02 08:57 . 2008-06-02 08:57 6 --a------ C:\WINDOWS\msoffice.ini

2008-05-30 23:57 . 2008-05-30 23:57 <DIR> d-------- C:\WINDOWS\Favorites

2008-05-30 23:57 . 2008-05-30 23:57 <DIR> d-------- C:\WINDOWS\Application Data

2008-05-30 23:57 . 2008-06-01 22:46 <DIR> d-------- C:\Program Files\EarthLink 5.0

2008-05-30 23:28 . 2008-03-01 06:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-05-30 23:28 . 2007-04-17 02:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-05-30 23:28 . 2007-03-07 22:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-05-30 23:28 . 2008-03-01 06:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-05-30 23:28 . 2008-03-01 06:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-05-30 23:28 . 2008-03-01 06:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-05-30 23:28 . 2008-03-01 06:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-05-30 23:28 . 2008-03-01 06:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-05-30 23:28 . 2008-02-22 03:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-05-30 23:25 . 2002-08-29 05:00 68,608 --a------ C:\WINDOWS\system32\plugin.ocx

2008-05-30 23:25 . 2002-08-29 05:00 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx

2008-05-30 19:31 . 2008-05-30 19:31 <DIR> d-------- C:\WINDOWS\system32\scripting

2008-05-30 19:31 . 2008-05-30 19:31 <DIR> d-------- C:\WINDOWS\system32\en

2008-05-30 19:31 . 2008-05-30 19:31 <DIR> d-------- C:\WINDOWS\l2schemas

2008-05-30 18:57 . 2008-04-13 17:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll

2008-05-30 18:56 . 2008-04-13 17:12 786,432 --------- C:\WINDOWS\system32\dllcache\migrate.exe

2008-05-30 18:55 . 2008-04-13 17:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll

2008-05-30 16:50 . 2008-05-30 23:17 316,640 --a------ C:\WINDOWS\WMSysPr9.prx

2008-05-30 16:48 . 2008-05-30 19:31 <DIR> d-------- C:\WINDOWS\peernet

2008-05-30 16:47 . 2008-05-30 16:47 <DIR> d-------- C:\WINDOWS\provisioning

2008-05-30 16:43 . 2008-05-30 19:35 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-05-30 16:30 . 2008-05-30 19:10 <DIR> d-------- C:\WINDOWS\EHome

2008-05-30 15:32 . 2008-04-13 12:18 52,480 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys

2008-05-30 15:32 . 2008-04-13 11:39 23,040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys

2008-05-30 15:21 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img

2008-05-30 15:21 . 2008-04-14 05:42 11,264 --------- C:\WINDOWS\system32\spnpinst.exe

2008-05-30 15:21 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig

2008-05-30 15:21 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat

2008-05-30 14:30 . 2008-04-13 17:11 1,082,368 --a------ C:\WINDOWS\system32\esent.dll

2008-05-30 13:58 . 2008-05-30 23:28 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-05-30 13:58 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-05-30 13:56 . 2008-05-30 19:31 <DIR> d-------- C:\WINDOWS\system32\bits

2008-05-30 13:56 . 2008-04-13 17:12 354,304 --a------ C:\WINDOWS\system32\winhttp.dll

2008-05-30 13:56 . 2008-04-13 17:12 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2008-05-30 13:56 . 2008-04-13 17:11 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll

2008-05-30 13:56 . 2008-04-13 17:11 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll

2008-05-30 13:53 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2008-05-30 13:53 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2008-05-30 13:53 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl

2008-05-30 13:53 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll

2008-05-30 13:53 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-05-30 13:53 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll

2008-05-30 13:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-05-30 13:53 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-05-30 13:53 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-05-29 23:16 . 2008-05-31 06:36 578 --ah----- C:\IPH.PH

2008-05-29 23:00 . 2008-05-29 23:00 62 --a------ C:\WINDOWS\einit.ini

2008-05-24 14:59 . 2008-05-24 14:59 32,768 --a--c--- C:\WINDOWS\ReBirth RB-338 2.prf

2008-05-18 09:15 . 2008-05-18 09:15 1,311,800 --a--c--- C:\WINDOWS\1280 x 1024 IBM Americas Map.bmp

2008-05-18 08:03 . 2008-05-18 08:03 0 --a------ C:\WINDOWS\control.ini

2008-05-17 19:20 . 2008-05-17 19:20 0 --a------ C:\WINDOWS\{824FB56E-9450-40C6-A511-538085F9D1F8}.dat

2008-05-17 03:50 . 2008-05-17 03:50 94,784 --a--c--- C:\WINDOWS\twain.dll

2008-05-17 03:50 . 2008-05-17 03:50 94,784 --a------ C:\WINDOWS\system32\dllcache\twain.dll

2008-05-17 03:22 . 2008-05-17 03:22 36 --a--c--- C:\WINDOWS\vb.ini

2008-05-07 11:55 . 2008-06-04 10:17 274 --a------ C:\WINDOWS\system.ini

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-04 00:58 --------- d-----w C:\Program Files\BullsEye Network

2008-06-02 17:27 --------- d-----w C:\Program Files\Symantec

2008-06-02 16:40 --------- d-----w C:\Program Files\Palm

2008-06-02 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-06-02 16:32 --------- d-----w C:\Program Files\EndItAll

2008-06-02 05:22 --------- d-----w C:\Program Files\System Mechanic

2008-05-30 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime

2008-04-28 00:27 --------- d-----w C:\Documents and Settings\rent a center\Application Data\SysDown

2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys

2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys

2008-04-14 00:11 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll

2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys

2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys

2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys

2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys

2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys

2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys

2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys

2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys

2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys

2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys

2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys

2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys

2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys

2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys

2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys

2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys

2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys

2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys

2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys

2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys

2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys

2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys

2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys

2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys

2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys

2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys

2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys

2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys

2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys

2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys

2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys

2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys

2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys

2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys

2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys

2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys

2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys

2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys

2008-04-13 18:54 88,192 ----a-w C:\WINDOWS\system32\drivers\irda.sys

2008-04-13 18:54 28,672 ----a-w C:\WINDOWS\system32\drivers\nscirda.sys

2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys

2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys

2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys

2008-04-13 18:53 36,608 ------w C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 18:53 264,832 ------w C:\WINDOWS\system32\drivers\http.sys

2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys

2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys

2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys

2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys

2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys

2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys

2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys

2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys

2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys

2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys

2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys

2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys

2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys

2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys

2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys

2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys

2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys

2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys

2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys

2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys

2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys

2008-04-13 18:41 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys

2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys

2008-04-13 18:41 18,560 ----a-w C:\WINDOWS\system32\drivers\i2omp.sys

2008-04-13 18:39 7,552 ----a-w C:\WINDOWS\system32\drivers\mskssrv.sys

2008-04-13 18:39 5,376 ----a-w C:\WINDOWS\system32\drivers\mspclock.sys

2008-04-13 18:39 42,368 ----a-w C:\WINDOWS\system32\drivers\mountmgr.sys

2008-04-13 18:39 4,992 ----a-w C:\WINDOWS\system32\drivers\mspqm.sys

2008-04-13 18:39 4,352 ----a-w C:\WINDOWS\system32\drivers\swenum.sys

2008-04-13 18:39 384,768 ----a-w C:\WINDOWS\system32\drivers\update.sys

2008-04-13 18:39 24,576 ----a-w C:\WINDOWS\system32\drivers\kbdclass.sys

2008-04-13 18:38 71,168 ----a-w C:\WINDOWS\system32\drivers\dxg.sys

2008-04-13 18:33 44,544 ----a-w C:\WINDOWS\system32\drivers\fips.sys

2008-04-13 18:32 66,048 ----a-w C:\WINDOWS\system32\drivers\udfs.sys

2008-04-13 18:32 30,848 ----a-w C:\WINDOWS\system32\drivers\npfs.sys

2008-04-13 18:32 196,224 ----a-w C:\WINDOWS\system32\drivers\rdpdr.sys

2008-04-13 18:32 19,072 ----a-w C:\WINDOWS\system32\drivers\msfs.sys

2008-04-13 18:32 180,608 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys

2005-01-14 15:59 11,591 -csha-w C:\WINDOWS\system32\kgrlk.dat

.

((((((((((((((((((((((((((((( snapshot@2008-06-04_10.01.09.57 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-04 16:49:47 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-04 17:14:45 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{483B85DB-02AA-2855-E2A4-EF02FD55CE65}]

C:\WINDOWS\addel32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

2008-06-02 13:54 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-06-02 13:54 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-06-02 13:54 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]

[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"tgcmd"="" []

"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2008-04-13 17:12 1695232]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"S3TRAY2"="S3Tray2.exe" [2001-10-11 22:32 69632 C:\WINDOWS\system32\S3Tray2.exe]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-06-24 14:34 126976]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-06-24 14:33 561152]

"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]

"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2003-01-24 17:37 94208]

"TPTRAY"="C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE" [2002-11-01 01:31 48640]

"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [2002-11-21 18:43 32768]

"TP4EX"="tp4ex.exe" [2002-09-04 01:05 53248 C:\WINDOWS\system32\TP4EX.exe]

"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-11-01 02:00 204800]

"tgcmd"="" []

"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-11-08 03:50 106551]

"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [2003-04-25 01:33 20480]

"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-04-09 02:06 53248]

"AGRSMMSG"="AGRSMMSG.exe" [2003-02-14 11:59 88107 C:\WINDOWS\AGRSMMSG.exe]

"Norton CrashGuard Monitor"="C:\Documents and Settings\rent a center\Desktop\My Shit\Norton Crashguard\CGMenu.EXE" [1999-02-04 04:01 217088]

"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [2002-03-19 18:30 45632]

"sais"="c:\program files\180solutions\sais.exe" [ ]

"ConMgr.exe"="C:\Program Files\EarthLink 5.0\ConMgr.exe" [2002-01-04 14:18 290816]

"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-06-02 10:38 278264]

"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-06-02 10:37 1655552]

"netbe.exe"="C:\WINDOWS\system32\netbe.exe" [ ]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-02 13:54 1177368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

EarthLink ToolBar 5.0.lnk - C:\Program Files\EarthLink 5.0\etoolbar.exe [2002-01-04 14:32:12 647168]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R0 PrtSeqRd;PrtSeqRd;C:\WINDOWS\system32\drivers\PrtSeqRd.sys [2001-01-11 03:00]

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-02 13:54]

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-06-02 10:37]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-06-02 10:37]

R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2003-04-09 02:06]

R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2003-04-25 01:33]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-02 13:54]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-02 13:53]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-02 13:54]

S1 cdudf;cdudf;C:\WINDOWS\system32\drivers\cdudf.sys [2001-01-11 06:00]

S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []

.

Contents of the 'Scheduled Tasks' folder

"2008-06-04 17:21:57 C:\WINDOWS\Tasks\BMMTask.job"

â€šÃ”ÂªÆ’Â·\- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-04 10:17:31

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\system32\QCONSVC.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\ntvdm.exe

.

**************************************************************************

.

Completion time: 2008-06-04 10:25:19 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-04 17:24:39

ComboFix2.txt 2008-06-04 17:02:38

Pre-Run: 26,532,163,584 bytes free

Post-Run: 26,520,072,192 bytes free

298 --- E O F --- 2008-06-02 04:53:16

hjt

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:34, on 2008-06-04

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Documents and Settings\rent a center\Desktop\My Shit\Norton Crashguard\CGMenu.EXE

C:\WINDOWS\System32\taskswitch.exe

C:\Program Files\EarthLink 5.0\ConMgr.exe

C:\Program Files\COMODO\SafeSurf\cssurf.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Messenger\MSMSGS.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {483B85DB-02AA-2855-E2A4-EF02FD55CE65} - C:\WINDOWS\addel32.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE

O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Norton CrashGuard Monitor] "C:\Documents and Settings\rent a center\Desktop\My Shit\Norton Crashguard\CGMenu.EXE"

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\ConMgr.exe"

O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s

O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [netbe.exe] C:\WINDOWS\system32\netbe.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: EarthLink ToolBar 5.0.lnk = C:\Program Files\EarthLink 5.0\etoolbar.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll