Hello, Sreddy, if you still need help could you start off with this, please?
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
[If you wish, save ATF Cleaner to your desktop or a cleaning folder somewhere as it is a fairly useful tool for occasional use.]
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
And post a fresh hijackthis scan log also...
Internet Explorer v6 - Blank Page
The home page opens correctly when I open IE v6. Any click on the link on the home page works OK. However, when I enter any website address in the address bar and press enter, a new blank explorer page pops up and nothing happens. I cannot update to IE v7. If I right click a link on the home page and try to open in new window, the same blank page happens.
This is making me crazy. Please help!!! Thanks
I have windows XP (SP2). Norton, Spybot and Adaware did not show anything.
The log from Hijackthis is below:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:26:44 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\WRTService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.23\pmonmh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PdaNet for Treo 700p\PdaNet.exe
C:\Program Files\PdaReach\PdaReach.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\PdaNet for Treo 700p\PdaNetUm.exe
C:\Program Files\PdaReach\UsbMan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;;localhost:49213;127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.23/pmonmh.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Treo 700p\PdaNet.exe
O4 - Startup: PdaReach Desktop.lnk = C:\Program Files\PdaReach\PdaReach.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/siebelhtml.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189615624093
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/SiebelOptionPack.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189615615984
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/SiebExtMailClient.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://venividi.webex.com/client/T23L/event/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32EAB2C-829C-43D0-A22B-802714949DA8}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32EAB2C-829C-43D0-A22B-802714949DA8}: SearchList = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Content Delivery Service (CDSClient) - Unknown owner - C:\Program Files\IBM\tivoli\CDSClient\cds\CDSWinSrv.exe
O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\WRTService.exe
--
End of file - 18316 bytes
Thanks for replying to the post. I still have the blank page problem.
I have run ATF Cleaner to clean all temporary files. Have run Combofix. Here is the log file:
ComboFix 07-10-12.4 - sreddy 2007-10-14 11:38:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1241 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\WinBudget
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\system32\drivers\npf.sys
.
((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 )))))))))))))))))))))))))))))))
.
2007-10-14 11:38 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-11 17:41 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-10-11 17:41 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-10-10 22:05 d-------- C:\My Google Gadgets
2007-10-10 19:14 d-------- C:\Program Files\Windows Live Safety Center
2007-10-10 17:43 d-------- C:\Program Files\TrojanHunter 5.0
2007-10-09 23:15 d-------- C:\Program Files\Windows Defender
2007-10-09 22:24 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-09 21:10 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-09 21:09 d-------- C:\Program Files\SUPERAntiSpyware
2007-10-09 13:34 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-09 13:33 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-09 13:13 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-09 13:13 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-10-09 13:12 d-------- C:\Program Files\Lavasoft
2007-10-08 18:23 d-------- C:\WINDOWS\ServicePackFiles
2007-10-08 14:47 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2007-10-08 14:47 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2007-10-08 14:47 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2007-10-08 14:47 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2007-10-08 14:47 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2007-10-08 14:46 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2007-10-08 14:46 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2007-10-08 14:46 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2007-10-08 14:46 34,890 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2007-10-08 14:46 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2007-10-08 14:46 19,328 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2007-10-08 14:46 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2007-10-08 14:46 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2007-10-08 14:46 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2007-10-08 14:44 604,253 --a--c--- C:\WINDOWS\system32\dllcache\vmodem.sys
2007-10-08 14:44 397,502 --a--c--- C:\WINDOWS\system32\dllcache\vpctcom.sys
2007-10-08 14:44 249,402 --a--c--- C:\WINDOWS\system32\dllcache\vinwm.sys
2007-10-08 14:44 64,605 --a--c--- C:\WINDOWS\system32\dllcache\vvoice.sys
2007-10-08 14:44 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-10-08 14:44 24,576 --a--c--- C:\WINDOWS\system32\dllcache\viairda.sys
2007-10-08 14:44 19,528 --a--c--- C:\WINDOWS\system32\dllcache\w840nd.sys
2007-10-08 14:44 19,016 --a--c--- C:\WINDOWS\system32\dllcache\w926nd.sys
2007-10-08 14:42 94,720 --a--c--- C:\WINDOWS\system32\dllcache\umaxud32.dll
2007-10-08 14:42 69,632 --a--c--- C:\WINDOWS\system32\dllcache\umaxu12.dll
2007-10-08 14:42 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-10-08 14:42 50,688 --a--c--- C:\WINDOWS\system32\dllcache\umaxscan.dll
2007-10-08 14:42 50,176 --a--c--- C:\WINDOWS\system32\dllcache\umaxp60.dll
2007-10-08 14:42 32,384 --a--c--- C:\WINDOWS\system32\dllcache\usb101et.sys
2007-10-08 14:42 28,160 --a--c--- C:\WINDOWS\system32\dllcache\umaxu40.dll
2007-10-08 14:42 26,624 --a--c--- C:\WINDOWS\system32\dllcache\umaxu22.dll
2007-10-08 14:42 22,912 --a--c--- C:\WINDOWS\system32\dllcache\umaxpcls.sys
2007-10-08 14:41 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2007-10-08 14:41 440,576 --a--c--- C:\WINDOWS\system32\dllcache\tridkb.dll
2007-10-08 14:41 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2007-10-08 14:41 211,968 --a--c--- C:\WINDOWS\system32\dllcache\um54scan.dll
2007-10-08 14:41 166,784 --a--c--- C:\WINDOWS\system32\dllcache\tridxpm.sys
2007-10-08 14:41 159,232 --a--c--- C:\WINDOWS\system32\dllcache\tridkbm.sys
2007-10-08 14:41 47,616 --a--c--- C:\WINDOWS\system32\dllcache\umaxcam.dll
2007-10-08 14:41 11,520 --a--c--- C:\WINDOWS\system32\dllcache\twotrack.sys
2007-10-08 14:40 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2007-10-08 14:40 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2007-10-08 14:40 230,912 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd03.sys
2007-10-08 14:40 222,336 --a--c--- C:\WINDOWS\system32\dllcache\trid3dm.sys
2007-10-08 14:40 82,432 --a--c--- C:\WINDOWS\system32\dllcache\tp4mon.exe
2007-10-08 14:40 42,496 --a--c--- C:\WINDOWS\system32\dllcache\tp4res.dll
2007-10-08 14:40 34,375 --a--c--- C:\WINDOWS\system32\dllcache\tpro4.sys
2007-10-08 14:40 31,744 --a--c--- C:\WINDOWS\system32\dllcache\tp4.dll
2007-10-08 14:40 28,232 --a--c--- C:\WINDOWS\system32\dllcache\tos4mo.sys
2007-10-08 14:39 149,376 --a--c--- C:\WINDOWS\system32\dllcache\tffsport.sys
2007-10-08 14:39 138,528 --a--c--- C:\WINDOWS\system32\dllcache\tgiulnt5.sys
2007-10-08 14:39 123,995 --a--c--- C:\WINDOWS\system32\dllcache\tjisdn.sys
2007-10-08 14:39 81,408 --a--c--- C:\WINDOWS\system32\dllcache\tgiul50.dll
2007-10-08 14:39 37,961 --a--c--- C:\WINDOWS\system32\dllcache\tdk100b.sys
2007-10-08 14:39 36,640 --a--c--- C:\WINDOWS\system32\dllcache\t2r4mini.sys
2007-10-08 14:39 30,464 --a--c--- C:\WINDOWS\system32\dllcache\tbatm155.sys
2007-10-08 14:39 17,129 --a--c--- C:\WINDOWS\system32\dllcache\tdkcd31.sys
2007-10-08 14:39 7,040 --a--c--- C:\WINDOWS\system32\dllcache\tandqic.sys
2007-10-08 14:37 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2007-10-08 14:37 106,584 --a--c--- C:\WINDOWS\system32\dllcache\spdports.dll
2007-10-08 14:37 99,328 --a--c--- C:\WINDOWS\system32\dllcache\srusd.dll
2007-10-08 14:37 61,824 --a--c--- C:\WINDOWS\system32\dllcache\speed.sys
2007-10-08 14:37 53,248 --a--c--- C:\WINDOWS\system32\dllcache\stlncoin.dll
2007-10-08 14:37 48,736 --a--c--- C:\WINDOWS\system32\dllcache\srwlnd5.sys
2007-10-08 14:37 24,660 --a--c--- C:\WINDOWS\system32\dllcache\spxupchk.dll
2007-10-08 14:37 16,896 --a--c--- C:\WINDOWS\system32\dllcache\stcusb.sys
2007-10-08 14:36 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2007-10-08 14:36 114,688 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.dll
2007-10-08 14:36 58,368 --a--c--- C:\WINDOWS\system32\dllcache\smiminib.sys
2007-10-08 14:36 37,040 --a--c--- C:\WINDOWS\system32\dllcache\sonypi.sys
2007-10-08 14:36 20,752 --a--c--- C:\WINDOWS\system32\dllcache\sonync.sys
2007-10-08 14:36 9,600 --a--c--- C:\WINDOWS\system32\dllcache\sonymc.sys
2007-10-08 14:36 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-10-08 14:36 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonyait.sys
2007-10-08 14:36 7,040 --a--c--- C:\WINDOWS\system32\dllcache\snyaitmc.sys
2007-10-08 14:33 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2007-10-08 14:33 161,568 --a--c--- C:\WINDOWS\system32\dllcache\sgsmusb.sys
2007-10-08 14:33 101,760 --a--c--- C:\WINDOWS\system32\dllcache\sis300ip.sys
2007-10-08 14:33 98,080 --a--c--- C:\WINDOWS\system32\dllcache\sgiulnt5.sys
2007-10-08 14:33 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys
2007-10-08 14:33 18,400 --a--c--- C:\WINDOWS\system32\dllcache\sgsmld.sys
2007-10-08 14:33 17,664 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys
2007-10-08 14:33 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys
2007-10-08 14:29 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2007-10-08 14:29 714,762 --a--c--- C:\WINDOWS\system32\dllcache\r2mdmkxx.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 11:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-11 21:42 --------- d-----w C:\Program Files\Symantec
2007-10-11 21:41 --------- d-----w C:\Program Files\Symantec Client Security
2007-10-11 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-11 18:30 --------- d-----w C:\Program Files\QuickTime
2007-10-11 02:42 --------- d-----w C:\Program Files\C4ebreg
2007-10-11 02:08 --------- d-----w C:\Program Files\Google
2007-10-08 12:59 --------- d-----w C:\Program Files\AT&T Network Client
2007-10-05 18:59 --------- d-----w C:\Program Files\WST
2007-10-02 18:27 --------- d-----w C:\Program Files\VideoraiPodConverter
2007-10-02 18:27 --------- d-----w C:\Program Files\iTunes
2007-09-07 18:23 57,344 ----a-w C:\WINDOWS\isamunin.exe
2007-09-07 18:17 7,012 ------w C:\WINDOWS\system32\drivers\PMEMNT.SYS
2007-08-30 19:14 --------- d-----w C:\Program Files\IBM
2007-08-22 00:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IBM
2007-08-22 00:04 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IBM
2007-08-15 12:43 --------- d-----w C:\Program Files\Java
2007-08-14 18:21 --------- d-----w C:\Program Files\Investintech.com Inc
2007-08-10 17:04 202,314 ----a-w C:\WINDOWS\system32\atasnt40.dll
2007-07-30 23:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 23:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 23:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 23:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 23:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 23:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 23:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 23:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 23:18 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-05 22:30 62,128 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-03-05 22:30 62,128 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2006-06-06 14:43 32,768 ----a-w C:\Documents and Settings\Administrator\Application Data\rndcinscheck.dll
2006-06-06 14:43 32,768 ----a-w C:\Documents and Settings\Administrator\Application Data\rndcinscheck.dll
2005-05-12 03:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 624,248 2007-05-11 02:46:20 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak\Acrotray.exe
----a-w 620,152 2006-10-23 03:24:02 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
----a-w 925,696 2006-05-16 01:26:17 C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe
----a-w 90,112 2006-05-10 16:12:06 C:\Program Files\ATI Technologies\ATI.ACE\bak\CLIStart.exe
----a-w 364,544 2007-09-07 18:23:03 C:\Program Files\C4ebreg\bak\c4ebreg.exe
----a-w 237,568 2007-09-07 18:23:12 C:\Program Files\C4ebreg\bak\isamtray.exe
----a-w 536,576 2006-12-10 23:36:32 C:\Program Files\Common Files\Lenovo\Scheduler\bak\scheduler_proxy.exe
----a-w 185,632 2007-08-12 11:55:38 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 52,896 2006-07-20 00:26:04 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 52,896 2006-07-19 23:26:04 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
----a-w 3,739,648 2007-01-01 21:22:02 C:\Program Files\Google\Google Talk\bak\googletalk.exe
----a-w 68,856 2007-08-05 13:15:41 C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
----a-w 49,152 2005-05-12 03:12:54 C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
----a-w 49,152 2005-05-12 03:12:54 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
----a-w 81,920 2006-12-19 17:44:04 C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak\delayStart.exe
----a-w 28,672 2005-09-06 09:07:18 C:\Program Files\IBM\Personal Communications\bak\tpam.exe
----a-w 61,521 2004-08-16 00:34:14 C:\Program Files\IBM\SQLLIB\BIN\bak\db2systray.exe
----a-w 271,672 2007-07-31 22:44:42 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 132,496 2007-07-12 08:00:36 C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
----a-w 94,208 2005-12-15 18:00:54 C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe
----a-w 286,720 2007-06-29 10:24:52 C:\Program Files\QuickTime\bak\QTTask.exe
----a-w 125,168 2006-09-28 01:33:44 C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe
----a-w 125,168 2006-09-28 00:33:44 C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
----a-w 512,000 2006-05-16 01:21:38 C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 110,592 2006-05-16 01:21:40 C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 409,600 2006-04-17 17:09:10 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe
----a-w 98,304 2006-04-17 16:59:10 C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe
----a-w 864,256 2005-10-28 19:04:44 C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe
----a-w 483,328 2005-11-11 18:32:35 C:\Program Files\VideoraiPodConverter\bak\VideoraiPodConverter.exe
----a-w 204,800 2007-07-09 13:15:00 C:\sdwork\bak\issimsvc.exe
----a-w 204,800 2007-10-10 10:58:00 C:\sdwork\issimsvc.exe
----a-w 262,144 2007-07-05 15:32:00 C:\sdwork\bak\w32main2.exe
----a-w 263,680 2007-10-11 11:14:00 C:\sdwork\W32MAIN2.EXE
----a-w 208,952 2004-08-04 05:00:00 C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE
----a-w 208,952 2004-08-04 05:00:00 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe
----a-w 15,360 2004-08-04 05:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-04 05:00:00 C:\WINDOWS\system32\ctfmon.exe
----a-w 127,035 2004-11-16 01:05:00 C:\WINDOWS\system32\dla\bak\tfswctrl.exe
----a-w 455,168 2004-08-04 05:00:00 C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE
----a-w 455,168 2004-08-04 05:00:00 C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 01:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 01:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 01:00]
"ISAM SMT Service"="C:\Program Files\C4ebreg\isamsmt.exe" []
"ISAMTray"="C:\Program Files\C4ebreg\isamtray.exe" []
"stgclean"="c:\sdwork\w32main2.exe" [2007-10-11 07:14]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" []
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" []
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-15 21:23]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-15 21:22]
"TpShocks"="TpShocks.exe" [2005-11-07 07:14 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-16 21:11 C:\WINDOWS\system32\TP4EX.exe]
"PSQLLauncher"="C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" []
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2007-10-10 06:58]
"pmonmh"="C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.23/pmonmh.exe" [2007-03-29 13:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"MyHelpService"="C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 20:33]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]
"defergui"="c:\sdwork\defergui.exe" [2007-07-09 09:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:00]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - C:\Program Files\PdaNet for Treo 700p\PdaNet.exe [2006-06-13 18:36:38]
PdaReach Desktop.lnk - C:\Program Files\PdaReach\PdaReach.exe [2006-05-19 13:39:50]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - C:\Program Files\PdaNet for Treo 700p\PdaNet.exe [2006-06-13 18:36:38]
PdaReach Desktop.lnk - C:\Program Files\PdaReach\PdaReach.exe [2006-05-19 13:39:50]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2005-11-01 11:10:32]
HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]
Lotus QuickStart.lnk - C:\lotus\wordpro\ltsstart.exe [2003-04-07 20:00:00]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
atmgrtok.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
pcsinst.dll 2005-09-06 14:43 49152 C:\WINDOWS\system32\pcsinst.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2006-05-15 21:22 28672 C:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2006-05-15 21:22 24576 C:\WINDOWS\system32\tphklock.dll
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS
R1 IBMTPCHK;IBMTPCHK;\??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys
R2 AppnApi;AppnApi;C:\WINDOWS\system32\drivers\appnapi.sys
R2 DB2-0;DB2 - DB2-0;C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;C:\WINDOWS\system32\DRIVERS\llc2.sys
R2 MyHelp;My Help;C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
R2 NsTrcNT;NsTrcNT;C:\WINDOWS\system32\drivers\nstrcnt.sys
R2 pdlnctdl;Twinax CUT Adapter;C:\WINDOWS\system32\drivers\pdlnctdl.sys
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINDOWS\system32\drivers\pdlndldl.sys
R2 WRTService;WRT Service;C:\WINDOWS\WRTService.exe
R3 ABVPN2K;Net Firewall Miniport Interface;C:\WINDOWS\system32\DRIVERS\abvpn2k.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 Anydlc;Anydlc;C:\WINDOWS\system32\drivers\anydlc.sys
R3 Appn;Appn;C:\WINDOWS\system32\drivers\appn.sys
R3 AppnBase;AppnBase;C:\WINDOWS\system32\drivers\AppnBase.sys
R3 atmeltpm;atmeltpm;C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
R3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys
R3 KLOGNT;KLOGNT;C:\WINDOWS\system32\drivers\klognt.sys
R3 pdlnacom;PDLC Adapter -- COM;C:\WINDOWS\system32\drivers\pdlnacom.sys
R3 pdlnafac;PDLC Adapter Factory;C:\WINDOWS\system32\drivers\pdlnafac.sys
R3 pdlnatcm;Twinax Adapter Common;C:\WINDOWS\system32\drivers\pdlnatcm.sys
R3 pdlnatdl;Twinax Adapter;C:\WINDOWS\system32\drivers\pdlnatdl.sys
R3 pdlncbas;PDLC CxM Classes;C:\WINDOWS\system32\drivers\pdlncbas.sys
R3 pdlncfwk;PDLC Connection Manager;C:\WINDOWS\system32\drivers\pdlncfwk.sys
R3 pdlndint;PDLC DLC Classes;C:\WINDOWS\system32\drivers\pdlndint.sys
R3 pdlndlpb;PDLC LAPB;C:\WINDOWS\system32\drivers\pdlndlpb.sys
R3 pdlndoem;PDLC OEM Interface;C:\WINDOWS\system32\drivers\pdlndoem.sys
R3 pdlndqll;PDLC QLLC;C:\WINDOWS\system32\drivers\pdlndqll.sys
R3 pdlndsdl;PDLC SDLC;C:\WINDOWS\system32\drivers\pdlndsdl.sys
R3 pdlndtdl;Twinax DLC;C:\WINDOWS\system32\drivers\pdlndtdl.sys
R3 pdlnebas;PDLC Environment;C:\WINDOWS\system32\drivers\pdlnebas.sys
R3 pdlnecfg;PDLC Configuration;C:\WINDOWS\system32\drivers\pdlnecfg.sys
R3 pdlnemap;PDLC Mapper;C:\WINDOWS\system32\drivers\pdlnemap.sys
R3 pdlnemsg;PDLC Message Driver;C:\WINDOWS\system32\drivers\pdlnemsg.sys
R3 pdlnepkt;PDLC Buffer Manager;C:\WINDOWS\system32\drivers\pdlnepkt.sys
R3 pdlnshay;PDLC Hayes At signalling;C:\WINDOWS\system32\drivers\pdlnshay.sys
R3 pdlnslea;PDLC SDLC Leased;C:\WINDOWS\system32\drivers\pdlnslea.sys
R3 pdlnsv25;PDLC V25bis signalling;C:\WINDOWS\system32\drivers\pdlnsv25.sys
R3 pdlnsx25;PDLC X.25;C:\WINDOWS\system32\drivers\pdlnsx25.sys
R3 pnetmdm;PdaNet Modem;C:\WINDOWS\system32\DRIVERS\pnetmdm.sys
S3 CDSClient;IBM Content Delivery Service;C:\Program Files\IBM\tivoli\CDSClient\cds\CDSWinSrv.exe
S3 gwiopm;gwiopm;\??\C:\Program Files\wst\gwiopm.sys
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-09 00:18:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-13 00:30:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-13 19:41:10 C:\WINDOWS\Tasks\PMTask.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 11:42:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
MyHelpService = "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-14 11:43:52
.
--- E O F ---
HijackThis log file is:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:56:34 AM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\WRTService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.23\pmonmh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PdaNet for Treo 700p\PdaNet.exe
C:\Program Files\PdaNet for Treo 700p\PdaNetUm.exe
C:\Program Files\PdaReach\PdaReach.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\PdaReach\UsbMan.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;;localhost:49213;127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.23/pmonmh.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [defergui] c:\sdwork\defergui.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Treo 700p\PdaNet.exe
O4 - Startup: PdaReach Desktop.lnk = C:\Program Files\PdaReach\PdaReach.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O15 - Trusted Zone: *.doginhispen.com
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/siebelhtml.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189615624093
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/SiebelOptionPack.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189615615984
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/SiebExtMailClient.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://venividi.webex.com/client/T23L/event/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32EAB2C-829C-43D0-A22B-802714949DA8}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32EAB2C-829C-43D0-A22B-802714949DA8}: SearchList = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\Browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\Browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Content Delivery Service (CDSClient) - Unknown owner - C:\Program Files\IBM\tivoli\CDSClient\cds\CDSWinSrv.exe
O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\WRTService.exe
--
End of file - 18266 bytes
Please use hijackthis to fis this entry:
O15 - Trusted Zone: *.doginhispen.com
You have a trojan downloader that has replaced many of your system files with infected copies, so next...
==Please dl this file from http://noahdfear.geekstogo.com/FindAWF.exe
-dclick the .exe to start the program, type 1 and enter to start the process. Please post the contents of the notepad that opens.
Thanks a lot for your time. I have fixed the *.doginhispen.com entry using HijackThis.
Please find the output of FindAWF.exe:
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: 10/15/2007
The current time is: 9:10:17.65
bak folders found
~~~~~~~~~~~
Directory of C:\SDWORK\BAK
07/09/2007 09:15 AM 204,800 issimsvc.exe
07/05/2007 11:32 AM 262,144 w32main2.exe
2 File(s) 466,944 bytes
Directory of C:\PROGRA~1\C4EBREG\BAK
09/07/2007 02:23 PM 364,544 c4ebreg.exe
09/07/2007 02:23 PM 237,568 isamtray.exe
2 File(s) 602,112 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
07/31/2007 06:44 PM 271,672 iTunesHelper.exe
1 File(s) 271,672 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes
Directory of C:\PROGRA~1\VIDEOR~1\BAK
11/11/2005 02:32 PM 483,328 VideoraiPodConverter.exe
1 File(s) 483,328 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/04/2004 01:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes
Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK
05/15/2006 09:26 PM 925,696 smax4pnp.exe
1 File(s) 925,696 bytes
Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK
05/10/2006 12:12 PM 90,112 CLIStart.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
07/19/2006 08:26 PM 52,896 ccApp.exe
1 File(s) 52,896 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
01/01/2007 05:22 PM 3,739,648 googletalk.exe
1 File(s) 3,739,648 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~4\BAK
08/05/2007 09:15 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\IBM\PERSON~1\BAK
09/06/2005 05:07 AM 28,672 tpam.exe
1 File(s) 28,672 bytes
Directory of C:\PROGRA~1\SYMANT~2\SYMANT~2\BAK
09/27/2006 09:33 PM 125,168 VPTray.exe
1 File(s) 125,168 bytes
Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
05/15/2006 09:21 PM 512,000 SynTPEnh.exe
05/15/2006 09:21 PM 110,592 SynTPLpr.exe
2 File(s) 622,592 bytes
Directory of C:\PROGRA~1\THINKPAD\CONNEC~1\BAK
04/17/2006 01:09 PM 409,600 ACTray.exe
04/17/2006 12:59 PM 98,304 ACWLIcon.exe
2 File(s) 507,904 bytes
Directory of C:\PROGRA~1\THINKPAD\UTILIT~1\BAK
10/28/2005 03:04 PM 864,256 TpKmapAp.exe
1 File(s) 864,256 bytes
Directory of C:\WINDOWS\IME\IMJP8_1\BAK
08/04/2004 01:00 AM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
11/15/2004 09:05 PM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes
Directory of C:\PROGRA~1\ADOBE\ACROBA~3.0\ACROBAT\BAK
05/10/2007 10:46 PM 624,248 Acrotray.exe
1 File(s) 624,248 bytes
Directory of C:\PROGRA~1\COMMON~1\LENOVO\SCHEDU~1\BAK
12/10/2006 07:36 PM 536,576 scheduler_proxy.exe
1 File(s) 536,576 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
08/12/2007 07:55 AM 185,632 realsched.exe
1 File(s) 185,632 bytes
Directory of C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\IBM\SQLLIB\BIN\BAK
08/15/2004 08:34 PM 61,521 db2systray.exe
1 File(s) 61,521 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK
12/15/2005 02:00 PM 94,208 TPHKMGR.exe
1 File(s) 94,208 bytes
Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
08/04/2004 01:00 AM 455,168 TINTSETP.EXE
1 File(s) 455,168 bytes
Directory of C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\COMIBM~1.INS\SERVICE\BAK
12/19/2006 01:44 PM 81,920 delayStart.exe
1 File(s) 81,920 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
204800 Oct 10 2007 "C:\sdwork\issimsvc.exe"
204800 Jul 9 2007 "C:\sdwork\bak\issimsvc.exe"
263680 Oct 11 2007 "C:\sdwork\W32MAIN2.EXE"
262144 Jul 5 2007 "C:\sdwork\bak\w32main2.exe"
364544 Sep 7 2007 "C:\Program Files\C4ebreg\bak\c4ebreg.exe"
237568 Sep 7 2007 "C:\Program Files\C4ebreg\bak\isamtray.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Aug 6 2007 "C:\WINDOWS\Installer\{E0219810-16E4-437D-9165-93D7B22524F9}\iTunesIco.exe"
116024 Aug 6 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.2.6\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
483328 Nov 11 2005 "C:\Program Files\VideoraiPodConverter\bak\VideoraiPodConverter.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
8192 Dec 22 2005 "C:\i387\files\system\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
925696 May 15 2006 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
90112 May 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
1581768 Oct 29 2006 "C:\downloads\google\googletalk-setup.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
1145896 Aug 12 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1606064 Jan 5 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1581768 Oct 29 2006 "C:\downloads\google\googletalk-setup.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
1145896 Aug 12 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1606064 Jan 5 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\hpwuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe"
512000 May 15 2006 "C:\wxpdrive\repos\77GU04WW\SYNTPENH.EXE"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\Media\SYNTPENH.EXE"
110592 May 15 2006 "C:\wxpdrive\repos\77GU04WW\SYNTPLPR.EXE"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\Media\SYNTPLPR.EXE"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
208952 Aug 4 2004 "C:\WINDOWS\ime\IMJP8_1\imjpmig.exe"
208952 Aug 4 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
127035 Nov 15 2004 "C:\Program Files\IBM DLA\install\tfswctrl.exe"
127035 Nov 15 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
620152 Oct 22 2006 "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe"
624248 May 10 2007 "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak\Acrotray.exe"
536576 Dec 10 2006 "C:\Program Files\Common Files\Lenovo\Scheduler\bak\scheduler_proxy.exe"
185632 Aug 12 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
61521 Aug 15 2004 "C:\Program Files\IBM\SQLLIB\BIN\bak\db2systray.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
94208 Dec 15 2005 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
94208 May 15 2006 "C:\wxpdrive\repos\7AVU12WW\OSD\COMMON\TPHKMGR.EXE"
94208 Dec 15 2005 "C:\Drivers\W2K\Acconwin\HOTKEY\OSD\common\tphkmgr.exe"
455168 Aug 4 2004 "C:\WINDOWS\system32\IME\TINTLGNT\tintsetp.exe"
455168 Aug 4 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
81920 Dec 19 2006 "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak\delayStart.exe"
end of report
FindAWF -option 2:dclick the .exe to start the program, select to restore files, into the text file that opens paste in all the text between the lines:
_____________________________________________________________
"C:\sdwork\bak\issimsvc.exe"
"C:\sdwork\bak\w32main2.exe"
"C:\Program Files\C4ebreg\bak\c4ebreg.exe"
"C:\Program Files\C4ebreg\bak\isamtray.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\QTTask.exe"
"C:\Program Files\VideoraiPodConverter\bak\VideoraiPodConverter.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Google\Google Talk\bak\googletalk.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\Google\Google Talk\bak\googletalk.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
"C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
"C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
"C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
"C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
"C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
"C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak\Acrotray.exe"
"C:\Program Files\Common Files\Lenovo\Scheduler\bak\scheduler_proxy.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\IBM\SQLLIB\BIN\bak\db2systray.exe"
"C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
"C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
"C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
"C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak\delayStart.exe"
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
=Please uninstall via CP all old versions of Java.
I have run FindAWF with Option 2. I have also uninstalled older versions of Java. Thanks a lot for your time.
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: 10/16/2007
The current time is: 8:22:21.51
bak folders found
~~~~~~~~~~~
Directory of C:\SDWORK\BAK
07/09/2007 09:15 AM 204,800 issimsvc.exe
07/05/2007 11:32 AM 262,144 w32main2.exe
2 File(s) 466,944 bytes
Directory of C:\PROGRA~1\C4EBREG\BAK
09/07/2007 02:23 PM 364,544 c4ebreg.exe
09/07/2007 02:23 PM 237,568 isamtray.exe
2 File(s) 602,112 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
07/31/2007 06:44 PM 271,672 iTunesHelper.exe
1 File(s) 271,672 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes
Directory of C:\PROGRA~1\VIDEOR~1\BAK
11/11/2005 02:32 PM 483,328 VideoraiPodConverter.exe
1 File(s) 483,328 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
08/04/2004 01:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes
Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK
05/15/2006 09:26 PM 925,696 smax4pnp.exe
1 File(s) 925,696 bytes
Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK
05/10/2006 12:12 PM 90,112 CLIStart.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
07/19/2006 08:26 PM 52,896 ccApp.exe
1 File(s) 52,896 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
01/01/2007 05:22 PM 3,739,648 googletalk.exe
1 File(s) 3,739,648 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~4\BAK
08/05/2007 09:15 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\IBM\PERSON~1\BAK
09/06/2005 05:07 AM 28,672 tpam.exe
1 File(s) 28,672 bytes
Directory of C:\PROGRA~1\SYMANT~2\SYMANT~2\BAK
09/27/2006 09:33 PM 125,168 VPTray.exe
1 File(s) 125,168 bytes
Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
05/15/2006 09:21 PM 512,000 SynTPEnh.exe
05/15/2006 09:21 PM 110,592 SynTPLpr.exe
2 File(s) 622,592 bytes
Directory of C:\PROGRA~1\THINKPAD\CONNEC~1\BAK
04/17/2006 01:09 PM 409,600 ACTray.exe
04/17/2006 12:59 PM 98,304 ACWLIcon.exe
2 File(s) 507,904 bytes
Directory of C:\PROGRA~1\THINKPAD\UTILIT~1\BAK
10/28/2005 03:04 PM 864,256 TpKmapAp.exe
1 File(s) 864,256 bytes
Directory of C:\WINDOWS\IME\IMJP8_1\BAK
08/04/2004 01:00 AM 208,952 IMJPMIG.EXE
1 File(s) 208,952 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
11/15/2004 09:05 PM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes
Directory of C:\PROGRA~1\ADOBE\ACROBA~3.0\ACROBAT\BAK
05/10/2007 10:46 PM 624,248 Acrotray.exe
1 File(s) 624,248 bytes
Directory of C:\PROGRA~1\COMMON~1\LENOVO\SCHEDU~1\BAK
12/10/2006 07:36 PM 536,576 scheduler_proxy.exe
1 File(s) 536,576 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
08/12/2007 07:55 AM 185,632 realsched.exe
1 File(s) 185,632 bytes
Directory of C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\IBM\SQLLIB\BIN\BAK
08/15/2004 08:34 PM 61,521 db2systray.exe
1 File(s) 61,521 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK
12/15/2005 02:00 PM 94,208 TPHKMGR.exe
1 File(s) 94,208 bytes
Directory of C:\WINDOWS\SYSTEM32\IME\TINTLGNT\BAK
08/04/2004 01:00 AM 455,168 TINTSETP.EXE
1 File(s) 455,168 bytes
Directory of C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\COMIBM~1.INS\SERVICE\BAK
12/19/2006 01:44 PM 81,920 delayStart.exe
1 File(s) 81,920 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
204800 Jul 9 2007 "C:\sdwork\issimsvc.exe"
204800 Jul 9 2007 "C:\sdwork\bak\issimsvc.exe"
262144 Jul 5 2007 "C:\sdwork\w32main2.exe"
262144 Jul 5 2007 "C:\sdwork\bak\w32main2.exe"
364544 Sep 7 2007 "C:\Program Files\C4ebreg\c4ebreg.exe"
364544 Sep 7 2007 "C:\Program Files\C4ebreg\bak\c4ebreg.exe"
237568 Sep 7 2007 "C:\Program Files\C4ebreg\isamtray.exe"
237568 Sep 7 2007 "C:\Program Files\C4ebreg\bak\isamtray.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Aug 6 2007 "C:\WINDOWS\Installer\{E0219810-16E4-437D-9165-93D7B22524F9}\iTunesIco.exe"
116024 Aug 6 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.2.6\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
483328 Nov 11 2005 "C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe"
483328 Nov 11 2005 "C:\Program Files\VideoraiPodConverter\bak\VideoraiPodConverter.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
8192 Dec 22 2005 "C:\i387\files\system\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
925696 May 15 2006 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
925696 May 15 2006 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
90112 May 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
90112 May 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
1581768 Oct 29 2006 "C:\downloads\google\googletalk-setup.exe"
1833520 Oct 15 2007 "C:\Documents and Settings\Administrator\Desktop\GoogleDesktopSetup.exe"
1833520 Oct 15 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Aug 12 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1606064 Jan 5 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1581768 Oct 29 2006 "C:\downloads\google\googletalk-setup.exe"
1833520 Oct 15 2007 "C:\Documents and Settings\Administrator\Desktop\GoogleDesktopSetup.exe"
1833520 Oct 15 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Aug 12 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1606064 Jan 5 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\tpam.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
512000 May 15 2006 "C:\wxpdrive\repos\77GU04WW\SYNTPENH.EXE"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\Media\SYNTPENH.EXE"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
110592 May 15 2006 "C:\wxpdrive\repos\77GU04WW\SYNTPLPR.EXE"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\Media\SYNTPLPR.EXE"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
208952 Aug 4 2004 "C:\WINDOWS\ime\IMJP8_1\IMJPMIG.EXE"
208952 Aug 4 2004 "C:\WINDOWS\ime\IMJP8_1\bak\IMJPMIG.EXE"
127035 Nov 15 2004 "C:\Program Files\IBM DLA\install\tfswctrl.exe"
127035 Nov 15 2004 "C:\WINDOWS\system32\dla\tfswctrl.exe"
127035 Nov 15 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
624248 May 10 2007 "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
624248 May 10 2007 "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak\Acrotray.exe"
536576 Dec 10 2006 "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
536576 Dec 10 2006 "C:\Program Files\Common Files\Lenovo\Scheduler\bak\scheduler_proxy.exe"
185632 Aug 12 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Aug 12 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
61521 Aug 15 2004 "C:\Program Files\IBM\SQLLIB\BIN\db2systray.exe"
61521 Aug 15 2004 "C:\Program Files\IBM\SQLLIB\BIN\bak\db2systray.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
94208 Dec 15 2005 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
94208 Dec 15 2005 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
94208 May 15 2006 "C:\wxpdrive\repos\7AVU12WW\OSD\COMMON\TPHKMGR.EXE"
94208 Dec 15 2005 "C:\Drivers\W2K\Acconwin\HOTKEY\OSD\common\tphkmgr.exe"
455168 Aug 4 2004 "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE"
455168 Aug 4 2004 "C:\WINDOWS\system32\IME\TINTLGNT\bak\TINTSETP.EXE"
81920 Dec 19 2006 "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
81920 Dec 19 2006 "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak\delayStart.exe"
end of report
It seemed to copy all the files back. Now this:
-option 3: start the program again, select to remove bak folders, into the text file that opens paste all the text between the lines:
_____________________________________________________________
"C:\sdwork\bak"
"C:\sdwork\bak"
"C:\Program Files\C4ebreg\bak"
"C:\Program Files\C4ebreg\bak"
"C:\Program Files\iTunes\bak"
"C:\Program Files\QuickTime\bak"
"C:\Program Files\VideoraiPodConverter\bak"
"C:\WINDOWS\system32\bak"
"C:\Program Files\Analog Devices\Core\bak"
"C:\Program Files\ATI Technologies\ATI.ACE\bak"
"C:\Program Files\Common Files\Symantec Shared\bak"
"C:\Program Files\Google\Google Talk\bak"
"C:\Program Files\Google\GoogleToolbarNotifier\bak"
"C:\Program Files\Google\Google Talk\bak"
"C:\Program Files\Google\GoogleToolbarNotifier\bak"
"C:\Program Files\HP\HP Software Update\bak"
"C:\Program Files\IBM\Personal Communications\bak"
"C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak"
"C:\Program Files\Synaptics\SynTP\bak"
"C:\Program Files\Synaptics\SynTP\bak"
"C:\Program Files\ThinkPad\ConnectUtilities\bak"
"C:\Program Files\ThinkPad\ConnectUtilities\bak"
"C:\Program Files\ThinkPad\Utilities\bak"
"C:\WINDOWS\ime\IMJP8_1\bak"
"C:\WINDOWS\system32\dla\bak"
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak"
"C:\Program Files\Common Files\Lenovo\Scheduler\bak"
"C:\Program Files\Common Files\Real\Update_OB\bak"
"C:\Program Files\IBM\SQLLIB\BIN\bak"
"C:\Program Files\Java\jre1.6.0_02\bin\bak"
"C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak"
"C:\WINDOWS\system32\IME\TINTLGNT\bak"
"C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak\"
_____________________________________________________________
-close the text file and click Yes. Please post the contents of the notepad that opens.
I have run FindAWF with option 3.
I have also updated my IE browser from v6 to v7. This time, the update was successful. There seem to be no pop-up blank windows now. However, I cannot save my setings in IE7 and opening the IE7 always takes me to Apply Settings page. Clicking on Home takes me to Home page correctly. The shortcut on my desktop does not open IE7. However, the (no proper image) icon on my startup starts IE7 correctly.
Thanks once again. Here is the log:
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: 10/16/2007
The current time is: 11:23:13.31
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\C4EBREG\BAK
09/07/2007 02:23 PM 364,544 c4ebreg.exe
09/07/2007 02:23 PM 237,568 isamtray.exe
2 File(s) 602,112 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
07/31/2007 06:44 PM 271,672 iTunesHelper.exe
1 File(s) 271,672 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes
Directory of C:\PROGRA~1\VIDEOR~1\BAK
11/11/2005 02:32 PM 483,328 VideoraiPodConverter.exe
1 File(s) 483,328 bytes
Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK
05/15/2006 09:26 PM 925,696 smax4pnp.exe
1 File(s) 925,696 bytes
Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK
05/10/2006 12:12 PM 90,112 CLIStart.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
07/19/2006 08:26 PM 52,896 ccApp.exe
1 File(s) 52,896 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
01/01/2007 05:22 PM 3,739,648 googletalk.exe
1 File(s) 3,739,648 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~4\BAK
08/05/2007 09:15 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\IBM\PERSON~1\BAK
09/06/2005 05:07 AM 28,672 tpam.exe
1 File(s) 28,672 bytes
Directory of C:\PROGRA~1\SYMANT~2\SYMANT~2\BAK
09/27/2006 09:33 PM 125,168 VPTray.exe
1 File(s) 125,168 bytes
Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
05/15/2006 09:21 PM 512,000 SynTPEnh.exe
05/15/2006 09:21 PM 110,592 SynTPLpr.exe
2 File(s) 622,592 bytes
Directory of C:\PROGRA~1\THINKPAD\CONNEC~1\BAK
04/17/2006 01:09 PM 409,600 ACTray.exe
04/17/2006 12:59 PM 98,304 ACWLIcon.exe
2 File(s) 507,904 bytes
Directory of C:\PROGRA~1\THINKPAD\UTILIT~1\BAK
10/28/2005 03:04 PM 864,256 TpKmapAp.exe
1 File(s) 864,256 bytes
Directory of C:\PROGRA~1\ADOBE\ACROBA~3.0\ACROBAT\BAK
05/10/2007 10:46 PM 624,248 Acrotray.exe
1 File(s) 624,248 bytes
Directory of C:\PROGRA~1\COMMON~1\LENOVO\SCHEDU~1\BAK
12/10/2006 07:36 PM 536,576 scheduler_proxy.exe
1 File(s) 536,576 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
08/12/2007 07:55 AM 185,632 realsched.exe
1 File(s) 185,632 bytes
Directory of C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\IBM\SQLLIB\BIN\BAK
08/15/2004 08:34 PM 61,521 db2systray.exe
1 File(s) 61,521 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK
12/15/2005 02:00 PM 94,208 TPHKMGR.exe
1 File(s) 94,208 bytes
Directory of C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\COMIBM~1.INS\SERVICE\BAK
12/19/2006 01:44 PM 81,920 delayStart.exe
1 File(s) 81,920 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
364544 Sep 7 2007 "C:\Program Files\C4ebreg\c4ebreg.exe"
364544 Sep 7 2007 "C:\Program Files\C4ebreg\bak\c4ebreg.exe"
237568 Sep 7 2007 "C:\Program Files\C4ebreg\isamtray.exe"
237568 Sep 7 2007 "C:\Program Files\C4ebreg\bak\isamtray.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Aug 6 2007 "C:\WINDOWS\Installer\{E0219810-16E4-437D-9165-93D7B22524F9}\iTunesIco.exe"
116024 Aug 6 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.2.6\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
483328 Nov 11 2005 "C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe"
483328 Nov 11 2005 "C:\Program Files\VideoraiPodConverter\bak\VideoraiPodConverter.exe"
925696 May 15 2006 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
925696 May 15 2006 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
90112 May 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
90112 May 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
1581768 Oct 29 2006 "C:\downloads\google\googletalk-setup.exe"
1833520 Oct 15 2007 "C:\Documents and Settings\Administrator\Desktop\GoogleDesktopSetup.exe"
1833520 Oct 15 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Aug 12 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1606064 Jan 5 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1581768 Oct 29 2006 "C:\downloads\google\googletalk-setup.exe"
1833520 Oct 15 2007 "C:\Documents and Settings\Administrator\Desktop\GoogleDesktopSetup.exe"
1833520 Oct 15 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Aug 12 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1606064 Jan 5 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\tpam.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
512000 May 15 2006 "C:\wxpdrive\repos\77GU04WW\SYNTPENH.EXE"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\Media\SYNTPENH.EXE"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
110592 May 15 2006 "C:\wxpdrive\repos\77GU04WW\SYNTPLPR.EXE"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\Media\SYNTPLPR.EXE"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
624248 May 10 2007 "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
624248 May 10 2007 "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak\Acrotray.exe"
536576 Dec 10 2006 "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
536576 Dec 10 2006 "C:\Program Files\Common Files\Lenovo\Scheduler\bak\scheduler_proxy.exe"
185632 Aug 12 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Aug 12 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
61521 Aug 15 2004 "C:\Program Files\IBM\SQLLIB\BIN\db2systray.exe"
61521 Aug 15 2004 "C:\Program Files\IBM\SQLLIB\BIN\bak\db2systray.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
94208 Dec 15 2005 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
94208 Dec 15 2005 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
94208 May 15 2006 "C:\wxpdrive\repos\7AVU12WW\OSD\COMMON\TPHKMGR.EXE"
94208 Dec 15 2005 "C:\Drivers\W2K\Acconwin\HOTKEY\OSD\common\tphkmgr.exe"
81920 Dec 19 2006 "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
81920 Dec 19 2006 "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak\delayStart.exe"
end of report
sreddy, that last option 3 run barely worked; only a couple of folders were deleted. Could you try it again with this list please?
"C:\Program Files\C4ebreg\bak"
"C:\Program Files\C4ebreg\bak"
"C:\Program Files\iTunes\bak"
"C:\Program Files\QuickTime\bak"
"C:\Program Files\VideoraiPodConverter\bak"
"C:\Program Files\Analog Devices\Core\bak"
"C:\Program Files\ATI Technologies\ATI.ACE\bak"
"C:\Program Files\Common Files\Symantec Shared\bak"
"C:\Program Files\Google\GoogleToolbarNotifier\bak"
"C:\Program Files\Google\Google Talk\bak"
"C:\Program Files\Google\GoogleToolbarNotifier\bak"
"C:\Program Files\HP\HP Software Update\bak"
"C:\Program Files\IBM\Personal Communications\bak"
"C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak"
"C:\Program Files\Synaptics\SynTP\bak"
"C:\Program Files\Synaptics\SynTP\bak"
"C:\Program Files\ThinkPad\ConnectUtilities\bak"
"C:\Program Files\ThinkPad\ConnectUtilities\bak"
"C:\Program Files\ThinkPad\Utilities\bak"
"C:\WINDOWS\ime\IMJP8_1\bak"
"C:\WINDOWS\system32\dla\bak"
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak"
"C:\Program Files\Common Files\Lenovo\Scheduler\bak"
"C:\Program Files\Common Files\Real\Update_OB\bak"
"C:\Program Files\IBM\SQLLIB\BIN\bak"
"C:\Program Files\Java\jre1.6.0_02\bin\bak"
"C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak"
"C:\WINDOWS\system32\IME\TINTLGNT\bak"
"C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak"
Gerbil,
I have re-run the FindAWF Option 3 with the latest list. Here is the output:
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: 10/17/2007
The current time is: 8:52:23.81
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\C4EBREG\BAK
09/07/2007 02:23 PM 364,544 c4ebreg.exe
09/07/2007 02:23 PM 237,568 isamtray.exe
2 File(s) 602,112 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
07/31/2007 06:44 PM 271,672 iTunesHelper.exe
1 File(s) 271,672 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
06/29/2007 06:24 AM 286,720 QTTask.exe
1 File(s) 286,720 bytes
Directory of C:\PROGRA~1\VIDEOR~1\BAK
11/11/2005 02:32 PM 483,328 VideoraiPodConverter.exe
1 File(s) 483,328 bytes
Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK
05/15/2006 09:26 PM 925,696 smax4pnp.exe
1 File(s) 925,696 bytes
Directory of C:\PROGRA~1\ATITEC~1\ATI.ACE\BAK
05/10/2006 12:12 PM 90,112 CLIStart.exe
1 File(s) 90,112 bytes
Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
07/19/2006 08:26 PM 52,896 ccApp.exe
1 File(s) 52,896 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
01/01/2007 05:22 PM 3,739,648 googletalk.exe
1 File(s) 3,739,648 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~4\BAK
08/05/2007 09:15 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
05/11/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\IBM\PERSON~1\BAK
09/06/2005 05:07 AM 28,672 tpam.exe
1 File(s) 28,672 bytes
Directory of C:\PROGRA~1\SYMANT~2\SYMANT~2\BAK
09/27/2006 09:33 PM 125,168 VPTray.exe
1 File(s) 125,168 bytes
Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK
05/15/2006 09:21 PM 512,000 SynTPEnh.exe
05/15/2006 09:21 PM 110,592 SynTPLpr.exe
2 File(s) 622,592 bytes
Directory of C:\PROGRA~1\THINKPAD\CONNEC~1\BAK
04/17/2006 01:09 PM 409,600 ACTray.exe
04/17/2006 12:59 PM 98,304 ACWLIcon.exe
2 File(s) 507,904 bytes
Directory of C:\PROGRA~1\THINKPAD\UTILIT~1\BAK
10/28/2005 03:04 PM 864,256 TpKmapAp.exe
1 File(s) 864,256 bytes
Directory of C:\PROGRA~1\ADOBE\ACROBA~3.0\ACROBAT\BAK
05/10/2007 10:46 PM 624,248 Acrotray.exe
1 File(s) 624,248 bytes
Directory of C:\PROGRA~1\COMMON~1\LENOVO\SCHEDU~1\BAK
12/10/2006 07:36 PM 536,576 scheduler_proxy.exe
1 File(s) 536,576 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
08/12/2007 07:55 AM 185,632 realsched.exe
1 File(s) 185,632 bytes
Directory of C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\IBM\SQLLIB\BIN\BAK
08/15/2004 08:34 PM 61,521 db2systray.exe
1 File(s) 61,521 bytes
Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK
07/12/2007 04:00 AM 132,496 jusched.exe
1 File(s) 132,496 bytes
Directory of C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\BAK
12/15/2005 02:00 PM 94,208 TPHKMGR.exe
1 File(s) 94,208 bytes
Directory of C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\COMIBM~1.INS\SERVICE\BAK
12/19/2006 01:44 PM 81,920 delayStart.exe
1 File(s) 81,920 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
364544 Sep 7 2007 "C:\Program Files\C4ebreg\c4ebreg.exe"
364544 Sep 7 2007 "C:\Program Files\C4ebreg\bak\c4ebreg.exe"
237568 Sep 7 2007 "C:\Program Files\C4ebreg\isamtray.exe"
237568 Sep 7 2007 "C:\Program Files\C4ebreg\bak\isamtray.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
271672 Jul 31 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Aug 6 2007 "C:\WINDOWS\Installer\{E0219810-16E4-437D-9165-93D7B22524F9}\iTunesIco.exe"
116024 Aug 6 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.2.6\iTunesSetupAdmin.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\QTTask.exe"
483328 Nov 11 2005 "C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe"
483328 Nov 11 2005 "C:\Program Files\VideoraiPodConverter\bak\VideoraiPodConverter.exe"
925696 May 15 2006 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
925696 May 15 2006 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
90112 May 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
90112 May 10 2006 "C:\Program Files\ATI Technologies\ATI.ACE\bak\CLIStart.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
52896 Jul 19 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
1581768 Oct 29 2006 "C:\downloads\google\googletalk-setup.exe"
1833520 Oct 15 2007 "C:\Documents and Settings\Administrator\Desktop\GoogleDesktopSetup.exe"
1833520 Oct 15 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Aug 12 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1606064 Jan 5 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
1581768 Oct 29 2006 "C:\downloads\google\googletalk-setup.exe"
1833520 Oct 15 2007 "C:\Documents and Settings\Administrator\Desktop\GoogleDesktopSetup.exe"
1833520 Oct 15 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
4997120 Sep 21 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
1145896 Aug 12 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
1606064 Jan 5 2007 "C:\Program Files\Google\Google Talk\googletalk-1.0.0.104\googletalk-setup-upgrade.exe"
68856 Aug 5 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\tpam.exe"
28672 Sep 6 2005 "C:\Program Files\IBM\Personal Communications\bak\tpam.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe"
125168 Sep 27 2006 "C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
512000 May 15 2006 "C:\wxpdrive\repos\77GU04WW\SYNTPENH.EXE"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
512000 May 15 2006 "C:\Program Files\Synaptics\SynTP\Media\SYNTPENH.EXE"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
110592 May 15 2006 "C:\wxpdrive\repos\77GU04WW\SYNTPLPR.EXE"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe"
110592 May 15 2006 "C:\Program Files\Synaptics\SynTP\Media\SYNTPLPR.EXE"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"
409600 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe"
98304 Apr 17 2006 "C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe"
864256 Oct 28 2005 "C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe"
624248 May 10 2007 "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
624248 May 10 2007 "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak\Acrotray.exe"
536576 Dec 10 2006 "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
536576 Dec 10 2006 "C:\Program Files\Common Files\Lenovo\Scheduler\bak\scheduler_proxy.exe"
185632 Aug 12 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Aug 12 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
61521 Aug 15 2004 "C:\Program Files\IBM\SQLLIB\BIN\db2systray.exe"
61521 Aug 15 2004 "C:\Program Files\IBM\SQLLIB\BIN\bak\db2systray.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
94208 Dec 15 2005 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe"
94208 Dec 15 2005 "C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe"
94208 May 15 2006 "C:\wxpdrive\repos\7AVU12WW\OSD\COMMON\TPHKMGR.EXE"
94208 Dec 15 2005 "C:\Drivers\W2K\Acconwin\HOTKEY\OSD\common\tphkmgr.exe"
81920 Dec 19 2006 "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
81920 Dec 19 2006 "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak\delayStart.exe"
end of report
Hello, sreddy, it appears that FindAWF is having problems.
It looks like you uninstalled the Google tools etc, and iTunes, but after the trojan had copied out some files...? To simplify the copying of the backed up files it would be good if you were to delete files and folders which you have uninstalled or deleted since the trojan copied them out of their normal directories. So...
Did you uninstall all of Google toolbar, Video Player, Google Talk?
Did you uninstall iTunes, Quicktime?
[what I am trying to say is that it appears that some trojan bak direcories are for files that no longer exist, which is not a problem, but means that we could simplify the process. Of course all those bak files in the last list I gave could be deleted manually, it would be tedious thougn.]
Gerbil,
I have uninstalled Google Toolbar only. I have not uninstalled iTunes, QuickTime, Google video player and Google Talk.
I can manually delete the files, if needed. Please let me know.
Thanks a lot for your time.
Thank you for that, sreddy. Some of the google etc files have no bak files but are represented in the AWF scan. There may be something interfering with the cleanup. Run ATF cleaner again [instructions given again] and then use AVG AS - it will clean any AWF files it finds.
Please fix this entry with hijackthis:
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
==Download this temp file cleaner from http://www.atribune.org/ccount/click.php?id=1 --click in the download window to run it, and when ATF Cleaner opens go Select all, and then Empty Selected.
Next click Firefox [if you have that browser..] at the top, Select All again, and Empty Selected again. Follow that procedure also if you have Opera.
Close ATF.
==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5
or here.. http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file with a fresh hijackthis scan log please..
Gebil,
Thanks for your time.
I have scanned my system with AVG Spyware. Please see below the log.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 11:22:57 AM 10/19/2007
+ Scan result:
:mozilla.103:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.314:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.102:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.104:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.324:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.282:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.238:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.239:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.240:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.241:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.243:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.289:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.290:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.285:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.286:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.134:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.299:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.300:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.301:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.307:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.262:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.43:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.44:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.45:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6vthsg9o.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
HijackThis Log report:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:30:41 AM, on 10/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\WRTService.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.23\pmonmh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PdaNet for Treo 700p\PdaNet.exe
C:\Program Files\PdaNet for Treo 700p\PdaNetUm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\downloads\Trojan remover Tools\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;;localhost:49213;127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.23/pmonmh.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Treo 700p\PdaNet.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/siebelhtml.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189615624093
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/SiebelOptionPack.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189615615984
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/SiebExtMailClient.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://venividi.webex.com/client/T23L/event/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32EAB2C-829C-43D0-A22B-802714949DA8}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32EAB2C-829C-43D0-A22B-802714949DA8}: SearchList = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Content Delivery Service (CDSClient) - Unknown owner - C:\Program Files\IBM\tivoli\CDSClient\cds\CDSWinSrv.exe
O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\WRTService.exe
--
End of file - 19785 bytes
Hi, sreddy, that log is clean, so was the AVG scan.. [do you actually own IBM?.. cos you've got all their software there.. :)]
Ok, give option 3 one more shot with this set of folders to delete; if it fails then sorry, but it will come down to manual deletion. Automating it for you with a script would probably take just as long for me to write as for you to do them by hand...
C:\Program Files\C4ebreg\bak\c4ebreg.exe
C:\Program Files\C4ebreg\bak\isamtray.exe
C:\Program Files\iTunes\bak\iTunesHelper.exe
C:\Program Files\QuickTime\bak\QTTask.exe
C:\Program Files\VideoraiPodConverter\bak\VideoraiPodConverter.exe
C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\bak\CLIStart.exe
C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
C:\Program Files\Google\Google Talk\bak\googletalk.exe
C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Talk\bak\googletalk.exe
C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe
C:\Program Files\IBM\Personal Communications\bak\tpam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak\VPTray.exe
C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\bak\SynTPLpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\bak\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\bak\ACWLIcon.exe
C:\Program Files\ThinkPad\Utilities\bak\TpKmapAp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak\Acrotray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\bak\scheduler_proxy.exe
C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
C:\Program Files\IBM\SQLLIB\BIN\bak\db2systray.exe
C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak\TPHKMGR.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak\delayStart.exe
Good luck.
Whoops!! Use this set, NOT the previous one, sreddy, that one is bound to fail....
Sigh.
C:\Program Files\C4ebreg\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\VideoraiPodConverter\bak
C:\Program Files\Analog Devices\Core\bak
C:\Program Files\ATI Technologies\ATI.ACE\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Google\Google Talk\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\IBM\Personal Communications\bak
C:\Program Files\Symantec Client Security\Symantec AntiVirus\bak
C:\Program Files\Synaptics\SynTP\bak
C:\Program Files\ThinkPad\ConnectUtilities\bak
C:\Program Files\ThinkPad\Utilities\bak
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\bak
C:\Program Files\Common Files\Lenovo\Scheduler\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\IBM\SQLLIB\BIN\bak
C:\Program Files\Java\jre1.6.0_02\bin\bak
C:\Program Files\Lenovo\PkgMgr\HOTKEY\bak
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\bak
Gerbil,
I have rerun with Option 3. I do own IBM. I have also run HijackThis and have attached the scan results.
Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully
The current date is: 10/20/2007
The current time is: 8:53:40.29
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\BAK
0 File(s) 0 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
end of report
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:10:48 AM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\WRTService.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.2.23\pmonmh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Palm\Hotsync.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PdaNet for Treo 700p\PdaNet.exe
C:\Program Files\PdaNet for Treo 700p\PdaNetUm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\IBM\My Help\MyHelp.exe
C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe
C:\Program Files\IBM\Sametime Connect\sametime.exe
C:\PROGRA~1\IBM\SAMETI~1\jre\bin\sametime75.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
C:\downloads\Trojan remover Tools\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;;localhost:49213;127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.2.23/pmonmh.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files\PdaNet for Treo 700p\PdaNet.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/siebelhtml.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189615624093
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} (Siebel Option Pack for IE 7.5.3) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/SiebelOptionPack.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189615615984
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://w3-113.ibm.com/transform/crm/americas/us/callcenter/16279/applets/SiebExtMailClient.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://venividi.webex.com/client/T23L/event/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32EAB2C-829C-43D0-A22B-802714949DA8}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{F32EAB2C-829C-43D0-A22B-802714949DA8}: SearchList = ibm.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = IBM.COM
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = IBM.COM
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Content Delivery Service (CDSClient) - Unknown owner - C:\Program Files\IBM\tivoli\CDSClient\cds\CDSWinSrv.exe
O23 - Service: DB2 - DB2-0 (DB2-0) - International Business Machines Corporation - C:\PROGRA~1\IBM\SQLLIB\bin\db2syscs.exe
O23 - Service: DB2DAS - DB2DAS00 (DB2DAS00) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\\bin\db2dasrrm.exe
O23 - Service: DB2 Governor (DB2GOVERNOR) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2govds.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 License Server (DB2LICD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2licd.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: DB2 Remote Command Server (DB2REMOTECMD) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2rcmd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WRT Service (WRTService) - Unknown owner - C:\WINDOWS\WRTService.exe
--
End of file - 19947 bytes
D'you see that? D'you see that?!! It actually went through! Wheee...!
But it popped up a new bak folder, albeit an empty one so let's delete that one and hope it finds no more:
Option 3 again, with this lonely entry to paste in:
C:\PROGRA~1\IBM\MYHELP~1\PLUGINS\BAK
And finally for neatness sake you can fix this entry with hijackthis:
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
And that should almost do it, sreddy.... this time post only the notepad produced by FindAwf, please.
