I know there's probably a few more steps to go but thank you very much I see a big improvement already
Here is the ComboFix Log:
ComboFix 08-04-04.1 - argarza 2008-04-05 21:51:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.526 [GMT -5:00]
Running from: \\nap-svr-dc\Users\argarza\Desktop\ComboFix.exe
Command switches used :: \\nap-svr-dc\Users\argarza\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\Documents and Settings\All Users\Application Data\ksaf.dat
C:\WINDOWS\spysplash.dat
C:\WINDOWS\system32\geedc.dll
.
TimedOut: progfile.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\geedc.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\ksaf.dat
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Program Files\MalwareAlarm
C:\Program Files\MalwareAlarm\diagnosis.dat
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma
C:\Program Files\MalwareAlarm\mfc71.dll
C:\Program Files\MalwareAlarm\msvcp71.dll
C:\Program Files\MalwareAlarm\msvcr71.dll
C:\Program Files\MalwareAlarm\pv.dat
C:\Program Files\MalwareAlarm\pv.exe
C:\Program Files\MalwareAlarm\Uninstall.exe
C:\Program Files\MalwareAlarm\up.dat
C:\WINDOWS\spysplash.dat
.
((((((((((((((((((((((((( Files Created from 2008-03-06 to 2008-04-06 )))))))))))))))))))))))))))))))
.
2008-04-05 21:59 . 0 C:\WINDOWS\system32\tmsock.tmp
2008-04-05 09:49 . 2008-04-05 09:49 <DIR> d-------- C:\Program Files\WinUndelete
2008-04-04 23:49 . 2008-04-04 23:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 23:49 . 2008-04-04 23:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-30 14:07 . 2008-03-30 14:35 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\sacache
2008-03-30 14:01 . 2008-03-30 14:01 <DIR> d-------- C:\WINDOWS\Speeditup Free
2008-03-30 14:01 . 2008-03-30 14:11 <DIR> d-------- C:\Program Files\Speeditup Free
2008-03-30 13:38 . 2008-04-05 09:47 <DIR> d-------- C:\Program Files\Removal Tool
2008-03-16 15:13 . 2008-03-16 15:13 15 --a------ C:\WINDOWS\system32\
0877c22e
2008-03-09 23:38 . 2008-04-05 16:19 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
d-s---w 0 2008-02-28 22:33:44 \\nap-svr-dc\Users\argarza\Application Data\Microsoft
d-----w 0 2008-04-05 05:04:51 \\nap-svr-dc\Users\argarza\Application Data\Uniblue
d-----w 0 2008-03-19 00:44:41 \\nap-svr-dc\Users\argarza\Application Data\Apple Computer
d-----w 0 2008-03-10 04:42:31 \\nap-svr-dc\Users\argarza\Application Data\wsInspector
d-----w 0 2008-03-05 14:56:35 \\nap-svr-dc\Users\argarza\Application Data\gtk-2.0
d-----w 0 2008-03-05 14:56:26 \\nap-svr-dc\Users\argarza\Application Data\ICAClient
2008-04-06 02:58 --------- d-----w C:\Program Files\QuickTime
2008-04-05 14:47 52 ----a-w C:\Documents and Settings\All Users\Application Data\yup.dat
2008-03-03 05:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-03 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-01 19:56 --------- d-----w C:\Program Files\Sprint
2008-03-01 19:56 --------- d-----w C:\Program Files\Common Files\Research in Motion
2008-03-01 19:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sprint
2008-02-29 18:38 --------- d-----w C:\Program Files\Sierra Wireless
2008-02-25 19:04 --------- d-----w C:\Program Files\CentraOne
2008-02-14 15:41 3,980,800 ----a-w C:\WINDOWS\Chicago Dusk to Dark.scr
2008-02-14 15:41 --------- d-----w C:\Program Files\Chicago Dusk to Dark
2008-02-11 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-28 15:14 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AE72536-E807-4ACC-8B07-72275B05B5A5}]
\C:\WINDOWS\system32\c4\np89104.exe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC2EE6CC-112D-456D-86D5-AF73FDDCD6E1}]
\C:\WINDOWS\system32\c4\np89104.exe.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Centra Launcher"="C:\PROGRA~1\CENTRA~1\bin\centraSystray.exe" [2004-04-27 13:49 233472]
"SpeedItUpEX"="C:\Program Files\Speeditup Free\SpeedItUp.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-25 13:55 385024]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 15:16 356352]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2006-02-28 07:00 143360]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-28 10:14:08 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-28 10:11:51 692224]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMovingBands"= 1 (0x1)
"NoPropertiesMyComputer"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"NoCloseDragDropBands"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)
"NoNetworkConnections"= 1 (0x1)
"NoStartMenuNetworkPlaces"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoSetTaskbar"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 13:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnkij]
nnnnkij.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-03-08 17:08 89600 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 15:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 10:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3043167079-704927677-1773674988-45637\Scripts\Logon\
0\
0]
"Script"=\\alliedsecurity.com\SysVol\alliedsecurity.com\scripts\Wintm.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3043167079-704927677-1773674988-500\Scripts\Logon\
0\
0]
"Script"=\\alliedsecurity.com\SysVol\alliedsecurity.com\scripts\Wintm.cmd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 08:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 10:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-08-30 00:17]
R2 smihlp;SMI Helper Driver (smihlp);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-03-08 17:01]
R2 XAudio;XAudio;C:\WINDOWS\system32\DRIVERS\xaudio.sys [2006-11-28 15:44]
R3 LenovoRd;LenovoRd;C:\WINDOWS\system32\Drivers\LenovoRd.sys [2007-06-08 08:36]
R3 swmsflt;swmsflt;C:\WINDOWS\system32\drivers\swmsflt.sys [2007-08-10 12:08]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-03-08 16:41]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-05-14 11:21]
S3 tpflhlp;tpflhlp;C:\Program Files\Lenovo\System Update\session\7luj08us\tpflhlp.sys [2007-07-24 16:14]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-05 22:18:46 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-05 21:59:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\XWC6E8.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-04-05 22:12:24 - machine was rebooted [argarza]
ComboFix-quarantined-files.txt 2008-04-06 03:12:19
ComboFix2.txt 2008-04-05 22:13:37
Pre-Run: 69,177,339,904 bytes free
Post-Run: 69,182,849,024 bytes free
.
2008-02-26 20:09:42 --- E O F ---
The Virus Total Results:
File 0877c22e received on 04.06.2008 05:16:08 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
AhnLab-V3 2008.4.4.1 2008.04.04 -
AntiVir 7.6.0.81 2008.04.05 -
Authentium 4.93.8 2008.04.05 -
Avast 4.7.1098.0 2008.04.06 -
AVG 7.5.0.516 2008.04.05 -
BitDefender 7.2 2008.04.06 -
CAT-QuickHeal 9.50 2008.04.05 -
ClamAV 0.92.1 2008.04.06 -
DrWeb 4.44.0.09170 2008.04.05 -
eSafe 7.0.15.0 2008.04.01 -
eTrust-Vet 31.3.5672 2008.04.04 -
Ewido 4.0 2008.04.05 -
F-Prot 4.4.2.54 2008.04.05 -
F-Secure 6.70.13260.0 2008.04.05 -
FileAdvisor 1 2008.04.06 -
Fortinet 3.14.0.0 2008.04.05 -
Ikarus T3.1.1.20 2008.04.06 -
Kaspersky 7.0.0.125 2008.04.06 -
McAfee 5267 2008.04.04 -
Microsoft 1.3408 2008.04.05 -
NOD32v2 3005 2008.04.06 -
Norman 5.80.02 2008.04.04 -
Panda 9.0.0.4 2008.04.05 -
Prevx1 V2 2008.04.06 -
Rising 20.38.60.00 2008.04.03 -
Sophos 4.28.0 2008.04.06 -
Sunbelt 3.0.1032.0 2008.04.05 -
Symantec 10 2008.04.06 -
TheHacker 6.2.92.266 2008.04.05 -
VBA32 3.12.6.4 2008.04.05 -
VirusBuster 4.3.26:9 2008.04.05 -
Webwasher-Gateway 6.6.2 2008.04.05 -
Additional information
File size: 15 bytes
MD5...: 3d68e693d476bd4df0d1ab72e79c13fa
SHA1..: 30b0179c8fe97e37b9835ddcb56d5ee70cf1ec23
SHA256: 2ff15e328f5bc21cffc72bc9285dc3a98cdcd697d71178977c844e511ed439fd
SHA512: 26169eca55610b246521c0a47a11a78e5700b887bc81a11c6a4ffca516f1f970
8fa9ff85536a6c5fe711060fd846e71d1f24c74c4fe9fd1c18cb1b4d5adf383e
PEiD..: -
PEInfo: -
The HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28, on 2008-04-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\ZT2242.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\PROGRA~1\CENTRA~1\bin\centraSystray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
\nap-svr-dc\Users\argarza\Desktop\Andrea\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.insideab.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.insideab.com/O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4AE72536-E807-4ACC-8B07-72275B05B5A5} - \C:\WINDOWS\system32\c4\np89104.exe.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {CC2EE6CC-112D-456D-86D5-AF73FDDCD6E1} - \C:\WINDOWS\system32\c4\np89104.exe.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Centra Launcher] C:\PROGRA~1\CENTRA~1\bin\centraSystray.exe /startup
O4 - HKCU\..\Run: [SpeedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI
O4 - Global Startup: Logitech Desktop Messenger.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.insideab.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfar...p1.0.0.15-3.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1006.cabO16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) -
http://centra.inside...aDownloader.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = alliedsecurity.com
O17 - HKLM\Software\..\Telephony: DomainName = alliedsecurity.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = alliedsecurity.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = alliedsecurity.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: nnnnkij - nnnnkij.dll (file missing)
O23 - Service: Access Utility Service - SprintNextel - C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
O23 - Service: ACMService - Unknown owner - C:\Program Files\Removal Tool\ACMService.exe (file missing)
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 8417 bytes