Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Want a New HP LaserJet MFP? Trade in your old printer and receive $1,000 in savings!
Trade in your old printer and receive up to $1,000 in saving on a new HP LaserJet Multifunction Printer. Click here for savings!
MalwareBytes Anti-Malware Download

> Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


DO NOT RUN ComboFix unless requested to.


Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages V  < 1 2 3 >  
Closed TopicStart new topic
> Rogue.AdvancedVirusRemover and Hijack.DisplayProperties found, Loss of admin rights, computer at a crawl
CopierGuy
post Dec 31 2009, 05:04 PM
Post #16


Member
**

Group: Members
Posts: 16
Joined: 14-December 09
Member No.: 416,626
Here is the ESET log. Took a long time.
Attached File(s)
Attached File  ESETscan.txt ( 272bytes ) Number of downloads: 2
 
Go to the top of the page
 
+Quote Post
schrauber
post Jan 1 2010, 07:14 AM
Post #17


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,994
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
How is your system running right now?


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable as from friday 20th august

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
CopierGuy
post Jan 1 2010, 08:40 AM
Post #18


Member
**

Group: Members
Posts: 16
Joined: 14-December 09
Member No.: 416,626
System is running better now, but typing into this topic seems a little slow. IE seems to be a bit slow. Also, some of my internal websites are not working and I don't have an ASP.NET tab in my IIS management console anymore.

This post has been edited by CopierGuy: Jan 1 2010, 08:42 AM
Go to the top of the page
 
+Quote Post
schrauber
post Jan 1 2010, 12:00 PM
Post #19


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,994
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Please update your av program and run a full system scan, post back with the content of the logfile, also a fresh RSIT logfile.

Please post those logs here in the thread, attaching it makes it really hard to read.

QUOTE
Also, some of my internal websites are not working and I don't have an ASP.NET tab in my IIS management console anymore.


Could be damaged from one of the tools, because they are build for private systems without such things. Can you restore it?


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable as from friday 20th august

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
CopierGuy
post Jan 1 2010, 03:16 PM
Post #20


Member
**

Group: Members
Posts: 16
Joined: 14-December 09
Member No.: 416,626
Here is the RSIT log. The AV scan came up clean. I will try to reinstall .NET and see if starts working again.


Logfile of random's system information tool 1.06 (written by random/random)
Run by rxxxxxxon at 2010-01-01 14:58:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (38%) free of 89 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:18 PM, on 1/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\ascent\bin\acsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\Program Files\Hyland\Services\PageHandlers\Hyland.Core.PageHandlers.NTService.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Square9\XML Transform\SSXMLConverter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\mqsvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\GetSmart\ssCaptureManager.exe
C:\Program Files\Square9\Content Search\ssContentIndex.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
C:\WINDOWS\TEMP\LUE296.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\rxxxxxxon.domain\Desktop\RSIT.exe
C:\Program Files\trend micro\rxxxxxxon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [FtLnSOP_setup] C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FJTWAIN Setup] C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe /Station
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-21-814181189-2252688351-4082718328-1003\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (User 'ASPNET')
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [rrgui] "C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrgui.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://mail.domainimaging.com
O15 - Trusted Zone: http://*.lcpc
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1229659386703
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {84B7AC1D-9AD1-474F-B6B0-FE1641DBFDFA} - http://www.contentpurity.com/xp/ScanFilexp.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = applimaging.com
O17 - HKLM\Software\..\Telephony: DomainName = applimaging.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = applimaging.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ascent Capture Service - Kofax Image Products - c:\program files\ascent\bin\acsvc.exe
O23 - Service: AutoStore Status Monitor Port Broker (ASMPB) - Notable Solutions, Inc. - C:\Program Files\NSI\AutoStore\ASMPB.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AutoStore - Notable Solutions, Inc. - C:\Program Files\NSI\AutoStore\batch.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: PrintFree Spooler Service (ControlSpoolService) - Unknown owner - C:\Program Files\PrintFree\DLL\F5SSpool.exe
O23 - Service: E-mail Archive Service (E-mail Archive) - Hyland Software, Inc. - C:\OnBase\EMArchiver.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: exe_dmwebsvcmgr - Hyland Software, Inc. - C:\Program Files\Hyland\Services\Web Server\dmwebsvcmgr.exe
O23 - Service: FJTWMKSV - PFU LIMITED - C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
O23 - Service: PrintFree Directory Watch Service (Grn27fsm) - Unknown owner - C:\Program Files\PrintFree\DLL\F5SSubServices.exe
O23 - Service: PrintFree LPD Service (Grn27LPD) - Unknown owner - C:\Program Files\PrintFree\DLL\F5SSubServices.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hyland PageHandlers Service (Hyland.Core.PageHandlers.NTService) - Hyland Software - C:\Program Files\Hyland\Services\PageHandlers\Hyland.Core.PageHandlers.NTService.exe
O23 - Service: Hyland Diagnostics Service (Hyland.Diagnostics.NTService) - Hyland Software, Inc. - C:\Program Files\Hyland\Services\Diagnostics\Hyland.Diagnostics.NTService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicMan - Océ Document Technologies GmbH - C:\Program Files\Common Files\ODT-OCE\LicMan\bin\LicMan.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Reform12 Spooler Service (Reform12_Spooler_Service) - FabSoft - C:\Program Files\Reform_Enterprise_v12\ReformEnt.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ssCaptureWorkflow (ssCaptureManager) - Square 9 Softworks - C:\GetSmart\ssCaptureManager.exe
O23 - Service: ssContentSearch (ssContentIndex) - Square 9 Softworks - C:\Program Files\Square9\Content Search\ssContentIndex.exe
O23 - Service: SSImp Engine - Unknown owner - C:\GetSmart\SSIMPORTERWS.exe
O23 - Service: SSXMLTransform - Unknown owner - C:\Program Files\Square9\XML Transform\SSXMLConverter.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 20418 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-13 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-30 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-13 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2008-07-03 118784]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2007-01-09 868352]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-10-02 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-01-21 344064]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []
"FtLnSOP_setup"=C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe [2007-09-27 118784]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"BLOG"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL [2005-04-20 208896]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544]
"cssauth"=C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe [2006-08-21 1997568]
"PDService.exe"=C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe [2005-11-15 49152]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2007-08-30 205480]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2007-08-28 73728]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-05-10 98304]
"FJTWAIN Setup"=C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe [2007-03-08 131072]
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2005-04-20 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2005-04-20 396288]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2007-02-09 1165680]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2007-02-09 149024]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2009-07-29 425984]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2009-07-29 172032]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2008-03-03 72240]
"VMware hqtray"=C:\Program Files\VMware\VMware Workstation\hqtray.exe [2008-03-03 55856]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"Message Center Plus"=C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27 49976]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2007-05-07 702072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"=C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe [2007-09-21 49152]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-12 68856]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-21 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2001-09-24 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PRISMAPI.DLL]
C:\WINDOWS\system32\PRISMAPI.DLL [2006-10-12 450649]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [2009-05-21 100104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 233472]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Reform\AutoUpd.exe"="C:\Program Files\Reform\AutoUpd.exe:*:Enabled:AutoUpd"
"C:\Work area and demodata\Tasman\Bin\javaw.exe"="C:\Work area and demodata\Tasman\Bin\javaw.exe:*:Enabled:javaw"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java launcher"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\rxxxxxxon.domain\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe"="C:\Documents and Settings\rxxxxxxon.domain\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\IBM\Updater\jre\bin\java.exe"="C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe"="C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector"
"C:\Program Files\IBM\Updater\ucsmb.exe"="C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\Program Files\Reform\AutoUpd.exe"="C:\Program Files\Reform\AutoUpd.exe:*:Enabled:AutoUpd"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\WS_FTP\WS_FTP95.exe"="C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95"
"C:\Program Files\dtSearch\bin\dts_svr.exe"="C:\Program Files\dtSearch\bin\dts_svr.exe:*:Enabled:dts_svr"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Disabled:Microsoft Office Word"
"C:\Work area and demodata\Tasman\Bin\javaw.exe"="C:\Work area and demodata\Tasman\Bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Reform\Queue\ReformToECabinet.exe"="C:\Program Files\Reform\Queue\ReformToECabinet.exe:*:Enabled:ReformToECabinet"
"C:\Program Files\SimpleCopier\simplecopier.exe"="C:\Program Files\SimpleCopier\simplecopier.exe:*:Enabled:SimpleCopier"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\rxxxxxxon.domain\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe"="C:\Documents and Settings\rxxxxxxon.domain\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client"
"C:\Program Files\Hyland\Services\Workflow\Admin\Hyland.Applications.Workflow.Timers.Admin.exe"="C:\Program Files\Hyland\Services\Workflow\Admin\Hyland.Applications.Workflow.Timers.Admin.exe:*:Enabled:Hyland.Applications.Workflow.TimersAdmi
n"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

======List of files/folders created in the last 3 months======

2010-01-01 08:42:14 ----SHD---- C:\RECYCLER
2009-12-31 13:12:42 ----D---- C:\Program Files\ESET
2009-12-31 09:32:43 ----A---- C:\ComboFix.txt
2009-12-31 09:06:24 ----A---- C:\Boot.bak
2009-12-31 09:06:17 ----RASHD---- C:\cmdcons
2009-12-31 09:03:08 ----A---- C:\WINDOWS\zip.exe
2009-12-31 09:03:08 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-12-31 09:03:08 ----A---- C:\WINDOWS\SWSC.exe
2009-12-31 09:03:08 ----A---- C:\WINDOWS\SWREG.exe
2009-12-31 09:03:08 ----A---- C:\WINDOWS\sed.exe
2009-12-31 09:03:08 ----A---- C:\WINDOWS\PEV.exe
2009-12-31 09:03:08 ----A---- C:\WINDOWS\NIRCMD.exe
2009-12-31 09:03:08 ----A---- C:\WINDOWS\MBR.exe
2009-12-31 09:03:08 ----A---- C:\WINDOWS\grep.exe
2009-12-31 09:02:56 ----D---- C:\WINDOWS\ERDNT
2009-12-31 09:02:14 ----AD---- C:\Qoobox
2009-12-28 18:47:36 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2009-12-28 18:47:35 ----A---- C:\WINDOWS\system32\w3svapi.dll
2009-12-28 18:47:35 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2009-12-28 18:47:35 ----A---- C:\WINDOWS\system32\axperf.ini
2009-12-28 18:47:35 ----A---- C:\WINDOWS\system32\aspperf.dll
2009-12-28 18:47:34 ----A---- C:\WINDOWS\system32\wamregps.dll
2009-12-28 18:47:34 ----A---- C:\WINDOWS\system32\inetsloc.dll
2009-12-28 18:47:34 ----A---- C:\WINDOWS\system32\iisrstap.dll
2009-12-28 18:47:34 ----A---- C:\WINDOWS\system32\iisreset.exe
2009-12-28 18:47:34 ----A---- C:\WINDOWS\system32\iismui.dll
2009-12-28 18:47:34 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2009-12-28 18:47:33 ----A---- C:\WINDOWS\system32\infoctrs.ini
2009-12-28 18:47:32 ----A---- C:\WINDOWS\system32\infoctrs.dll
2009-12-28 18:47:32 ----A---- C:\WINDOWS\system32\convlog.exe
2009-12-28 18:47:32 ----A---- C:\WINDOWS\system32\admxprox.dll
2009-12-28 18:22:58 ----A---- C:\WINDOWS\imsins.BAK
2009-12-28 12:51:08 ----D---- C:\Program Files\CCleaner
2009-12-27 15:20:25 ----D---- C:\WINDOWS\SQLTools9_KB934458_ENU
2009-12-26 19:39:52 ----D---- C:\rsit
2009-12-25 22:45:38 ----D---- C:\Program Files\Common Files\Hyland
2009-12-21 12:11:29 ----HDC---- C:\WINDOWS\ie7
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\zh-TW
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\zh-HK
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\tr-TR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\sv-SE
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\pt-BR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\nl-NL
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\nb-NO
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\ko-KR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\it-IT
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\he-IL
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\fr-FR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\fi-FI
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\es-ES
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\el-GR
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\de-DE
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\da-DK
2009-12-20 16:11:46 ----D---- C:\WINDOWS\system32\ar-SA
2009-12-20 13:36:41 ----D---- C:\WINDOWS\Prefetch
2009-12-20 09:50:34 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\FileZilla
2009-12-20 09:50:18 ----D---- C:\Program Files\FileZilla FTP Client
2009-12-20 09:10:32 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-12-20 09:10:15 ----A---- C:\WINDOWS\system32\comsdupd.exe
2009-12-20 09:10:04 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2009-12-20 09:10:04 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2009-12-20 09:10:03 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-12-20 09:10:03 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2009-12-20 09:10:02 ----A---- C:\WINDOWS\system32\credssp.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3svc.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3msm.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dot3api.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dimsroam.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2009-12-20 09:10:01 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eapphost.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eappgnui.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eappcfg.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\eapolqec.dll
2009-12-20 09:10:00 ----A---- C:\WINDOWS\system32\dot3ui.dll
2009-12-20 09:09:59 ----A---- C:\WINDOWS\system32\eapsvc.dll
2009-12-20 09:09:59 ----A---- C:\WINDOWS\system32\eapqec.dll
2009-12-20 09:09:59 ----A---- C:\WINDOWS\system32\eappprxy.dll
2009-12-20 09:09:58 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2009-12-20 09:09:56 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2009-12-20 09:09:56 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2009-12-20 09:09:55 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2009-12-20 09:09:55 ----A---- C:\WINDOWS\system32\kmsvc.dll
2009-12-20 09:09:55 ----A---- C:\WINDOWS\system32\kbdpash.dll
2009-12-20 09:09:55 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2009-12-20 09:09:54 ----A---- C:\WINDOWS\system32\mmcperf.exe
2009-12-20 09:09:54 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-12-20 09:09:54 ----A---- C:\WINDOWS\system32\mmcex.dll
2009-12-20 09:09:54 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-12-20 09:09:53 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2009-12-20 09:09:53 ----A---- C:\WINDOWS\system32\mssha.dll
2009-12-20 09:09:51 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2009-12-20 09:09:50 ----A---- C:\WINDOWS\system32\napstat.exe
2009-12-20 09:09:50 ----A---- C:\WINDOWS\system32\napmontr.dll
2009-12-20 09:09:50 ----A---- C:\WINDOWS\system32\napipsec.dll
2009-12-20 09:09:47 ----A---- C:\WINDOWS\system32\onex.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\s3gnb.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\rasqec.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\qutil.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\qcliprov.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\qagentrt.dll
2009-12-20 09:09:46 ----A---- C:\WINDOWS\system32\qagent.dll
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\slrundll.exe
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\slgen.dll
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\slextspk.dll
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\slcoinst.dll
2009-12-20 09:09:45 ----A---- C:\WINDOWS\system32\setupn.exe
2009-12-20 09:09:44 ----A---- C:\WINDOWS\system32\tspkg.dll
2009-12-20 09:09:44 ----A---- C:\WINDOWS\system32\slserv.exe
2009-12-20 09:09:43 ----A---- C:\WINDOWS\system32\wlanapi.dll
2009-12-20 09:09:40 ----N---- C:\WINDOWS\slrundll.exe
2009-12-20 09:09:16 ----A---- C:\WINDOWS\system32\adsiis.dll
2009-12-20 09:09:10 ----A---- C:\WINDOWS\system32\smtpapi.dll
2009-12-20 09:08:55 ----A---- C:\WINDOWS\system32\rwnh.dll
2009-12-20 09:08:53 ----A---- C:\WINDOWS\system32\exstrace.dll
2009-12-20 09:08:52 ----A---- C:\WINDOWS\system32\iisext.dll
2009-12-20 09:08:40 ----A---- C:\WINDOWS\system32\infoadmn.dll
2009-12-20 09:08:33 ----A---- C:\WINDOWS\system32\admwprox.dll
2009-12-20 09:08:32 ----A---- C:\WINDOWS\system32\iismap.dll
2009-12-20 09:08:29 ----A---- C:\WINDOWS\system32\iisRtl.dll
2009-12-20 09:08:28 ----A---- C:\WINDOWS\system32\staxmem.dll
2009-12-20 09:04:09 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-20 08:57:20 ----A---- C:\WINDOWS\003409_.tmp
2009-12-20 08:53:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-19 14:54:11 ----A---- C:\WINDOWS\000001_.tmp
2009-12-18 13:11:46 ----D---- C:\Program Files\Aladdin
2009-12-14 09:15:00 ----A---- C:\RootRepeal report 12-14-09 (09-15-00).txt
2009-12-14 00:12:55 ----A---- C:\WINDOWS\system32\pgdfgsvc.exe
2009-12-13 14:58:27 ----D---- C:\Program Files\Microsoft Baseline Security Analyzer 2
2009-12-10 23:16:06 ----D---- C:\WINDOWS\system32\ACLSet
2009-12-10 21:18:49 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-10 21:18:49 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-10 21:18:49 ----A---- C:\WINDOWS\system32\java.exe
2009-12-10 21:18:27 ----D---- C:\Program Files\Java
2009-12-04 12:38:24 ----A---- C:\WINDOWS\cfgall.ini
2009-12-04 12:37:04 ----D---- C:\Program Files\Trend Micro
2009-12-03 16:14:57 ----D---- C:\swshare
2009-12-03 11:48:32 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\Mozilla
2009-12-01 21:10:10 ----D---- C:\Program Files\Cisco
2009-12-01 21:10:10 ----D---- C:\Documents and Settings\All Users\Application Data\Cisco
2009-11-30 10:56:27 ----D---- C:\WINDOWS\ie8updates
2009-11-30 10:54:19 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-11-19 14:17:40 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\Cisco
2009-11-09 20:51:46 ----D---- C:\WINDOWS\system32\windowspowershell
2009-11-04 16:19:57 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\Macrovision
2009-10-21 15:35:41 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\Zeon
2009-10-21 15:26:51 ----D---- C:\Documents and Settings\All Users\Application Data\Nuance
2009-10-21 15:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\zeon
2009-10-21 15:26:09 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2009-10-21 15:22:49 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\.oit
2009-10-21 15:21:42 ----D---- C:\Program Files\ScanSoft
2009-10-16 10:59:02 ----D---- C:\WINDOWS\SQL9_KB970892_ENU
2009-10-09 10:06:15 ----A---- C:\WINDOWS\system32\TweakUI.exe
2009-10-08 16:03:53 ----D---- C:\Program Files\VS Revo Group
2009-10-07 23:01:12 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\Intel
2009-10-07 23:01:05 ----D---- C:\Program Files\Common Files\Intel
2009-10-07 23:01:05 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2009-10-07 23:00:19 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\Avaya
2009-10-07 22:34:13 ----D---- C:\Program Files\Common Files\SPBA
2009-10-07 22:33:22 ----D---- C:\Program Files\ThinkVantage Fingerprint Software
2009-10-07 20:42:43 ----D---- C:\Documents and Settings\All Users\Application Data\PCDr
2009-10-07 19:36:25 ----D---- C:\SWTOOLS
2009-10-06 18:20:54 ----D---- C:\WINDOWS\pss

======List of files/folders modified in the last 3 months======

2010-01-01 14:51:17 ----D---- C:\WINDOWS\Temp
2010-01-01 14:19:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-01 12:32:28 ----AD---- C:\WINDOWS\system32
2010-01-01 08:30:09 ----D---- C:\WINDOWS\Registration
2010-01-01 08:25:09 ----D---- C:\WINDOWS\system32\inetsrv
2010-01-01 08:08:24 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\VMware
2010-01-01 08:08:17 ----RSHD---- C:\RRbackups
2010-01-01 08:04:55 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2010-01-01 08:04:50 ----D---- C:\Program Files\Reform_Enterprise_v12
2010-01-01 08:04:38 ----AD---- C:\WINDOWS
2009-12-31 17:17:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-31 13:12:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-31 13:12:42 ----RD---- C:\Program Files
2009-12-31 12:29:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-31 12:29:54 ----D---- C:\WINDOWS\system32\drivers
2009-12-31 09:22:31 ----N---- C:\WINDOWS\system.ini
2009-12-31 09:16:08 ----D---- C:\WINDOWS\system32\config
2009-12-31 09:14:50 ----RSD---- C:\WINDOWS\Fonts
2009-12-31 09:13:14 ----D---- C:\WINDOWS\AppPatch
2009-12-31 09:13:04 ----D---- C:\Program Files\Common Files
2009-12-31 09:06:24 ----RASH---- C:\BOOT.INI
2009-12-30 08:37:29 ----HD---- C:\WINDOWS\inf
2009-12-29 11:54:54 ----D---- C:\WINDOWS\system32\dllcache
2009-12-29 11:54:52 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-29 11:05:24 ----D---- C:\WINDOWS\security
2009-12-28 21:22:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-28 19:28:04 ----RSD---- C:\WINDOWS\assembly
2009-12-28 18:48:20 ----D---- C:\Inetpub
2009-12-28 18:47:31 ----D---- C:\WINDOWS\Help
2009-12-28 17:56:58 ----D---- C:\WINDOWS\Microsoft.NET
2009-12-28 17:40:11 ----SHD---- C:\WINDOWS\Installer
2009-12-28 17:40:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-28 16:45:39 ----A---- C:\moduleName.txt
2009-12-28 15:28:14 ----D---- C:\WINDOWS\system32\XPSViewer
2009-12-28 15:26:35 ----D---- C:\WINDOWS\WinSxS
2009-12-28 13:05:01 ----ASD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-12-28 12:55:03 ----D---- C:\WINDOWS\system32\Logfiles
2009-12-28 12:54:56 ----D---- C:\WINDOWS\Debug
2009-12-27 18:23:21 ----AD---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-12-27 15:22:37 ----D---- C:\Program Files\Microsoft SQL Server
2009-12-26 19:35:31 ----A---- C:\WINDOWS\onbase.ini
2009-12-25 22:19:56 ----A---- C:\WINDOWS\ODBC.INI
2009-12-25 15:58:57 ----D---- C:\Program Files\Hyland
2009-12-25 15:44:33 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-23 15:39:24 ----D---- C:\Program Files\Internet Explorer
2009-12-23 14:57:20 ----D---- C:\Temp
2009-12-23 14:24:41 ----D---- C:\WINDOWS\system32\en-US
2009-12-22 15:01:38 ----D---- C:\WINDOWS\ie7updates
2009-12-22 15:01:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-21 21:45:56 ----A---- C:\WINDOWS\win.ini
2009-12-21 12:12:55 ----D---- C:\WINDOWS\WBEM
2009-12-21 12:12:45 ----D---- C:\WINDOWS\Media
2009-12-20 18:05:29 ----A---- C:\WINDOWS\system32\dmmailsvc.dll
2009-12-20 16:44:55 ----SD---- C:\WINDOWS\Tasks
2009-12-20 16:41:14 ----D---- C:\WINDOWS\system32\wbem
2009-12-20 16:10:29 ----D---- C:\Program Files\Outlook Express
2009-12-20 16:04:14 ----D---- C:\Program Files\Messenger
2009-12-20 13:35:40 ----D---- C:\WINDOWS\system32\Setup
2009-12-20 09:10:13 ----D---- C:\WINDOWS\network diagnostic
2009-12-20 09:10:12 ----D---- C:\WINDOWS\ime
2009-12-20 09:09:40 ----D---- C:\WINDOWS\system32\usmt
2009-12-20 09:09:39 ----D---- C:\WINDOWS\system32\scripting
2009-12-20 09:09:33 ----D---- C:\WINDOWS\l2schemas
2009-12-20 09:09:32 ----D---- C:\WINDOWS\system32\en
2009-12-20 09:09:31 ----D---- C:\WINDOWS\system32\bits
2009-12-20 09:09:31 ----D---- C:\WINDOWS\PeerNet
2009-12-20 09:09:30 ----D---- C:\Program Files\Movie Maker
2009-12-20 09:03:37 ----D---- C:\WINDOWS\system32\Restore
2009-12-20 09:03:37 ----D---- C:\WINDOWS\system32\npp
2009-12-20 09:03:36 ----D---- C:\WINDOWS\mui
2009-12-20 09:03:34 ----D---- C:\WINDOWS\msagent
2009-12-20 09:03:31 ----D---- C:\WINDOWS\srchasst
2009-12-20 09:03:30 ----D---- C:\Program Files\NetMeeting
2009-12-20 09:03:27 ----D---- C:\WINDOWS\system32\Com
2009-12-20 09:03:22 ----D---- C:\Program Files\Windows Media Player
2009-12-20 09:03:21 ----D---- C:\Program Files\Windows NT
2009-12-20 09:03:15 ----D---- C:\Program Files\Common Files\System
2009-12-20 09:02:50 ----AD---- C:\WINDOWS\system32\oobe
2009-12-20 09:02:47 ----D---- C:\WINDOWS\system
2009-12-20 08:57:13 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-20 08:53:17 ----D---- C:\WINDOWS\ehome
2009-12-20 01:35:49 ----D---- C:\OBDEMO2008
2009-12-20 01:13:33 ----D---- C:\WINDOWS\addins
2009-12-20 00:49:53 ----A---- C:\WINDOWS\ModemLog_ThinkPad Integrated 56K Modem.txt
2009-12-19 20:29:12 ----D---- C:\Program Files\Canon
2009-12-19 20:23:51 ----D---- C:\Program Files\Sonic
2009-12-19 20:16:59 ----D---- C:\Program Files\Quick Screen Capture
2009-12-19 20:16:35 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\ScanSoft
2009-12-19 20:16:35 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-12-19 16:48:30 ----D---- C:\Program Files\Panda Security
2009-12-19 11:09:15 ----D---- C:\GetSmart
2009-12-17 20:14:52 ----ASD---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\Microsoft
2009-12-13 20:46:23 ----D---- C:\Program Files\Google
2009-12-13 14:54:55 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-10 21:18:33 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-10 19:50:23 ----SD---- C:\WINDOWS\system32\Microsoft
2009-12-04 01:04:07 ----D---- C:\Program Files\Windows Live Safety Center
2009-12-01 15:06:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-30 10:17:12 ----AD---- C:\Documents and Settings
2009-11-24 09:15:36 ----D---- C:\Program Files\Ascent Pricing Configurator
2009-11-17 14:08:20 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\webex
2009-11-05 19:13:58 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2009-11-05 19:12:58 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\ZoomBrowser EX
2009-11-04 16:39:34 ----D---- C:\OnBase Printer Spool
2009-11-04 15:53:35 ----A---- C:\WINDOWS\system32\vprinter.ini
2009-11-03 15:24:04 ----A---- C:\WINDOWS\system32\RPCS.ini
2009-10-29 12:24:12 ----A---- C:\WINDOWS\Vcdem32p.INI
2009-10-29 11:13:28 ----A---- C:\WINDOWS\setscan.ini
2009-10-29 02:46:59 ----N---- C:\WINDOWS\system32\wininet.dll
2009-10-29 02:46:59 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\url.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\occache.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\mstime.dll
2009-10-29 02:46:58 ----A---- C:\WINDOWS\system32\msrating.dll
2009-10-29 02:46:57 ----N---- C:\WINDOWS\system32\mshtml.dll
2009-10-29 02:46:57 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-10-29 02:46:55 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-10-29 02:46:55 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-10-29 02:46:55 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-10-29 02:46:54 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-10-29 02:46:54 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-10-29 02:46:54 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-10-29 02:46:52 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\icardie.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-10-29 02:46:51 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-10-29 02:46:50 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-10-29 02:46:50 ----A---- C:\WINDOWS\system32\corpol.dll
2009-10-29 02:46:50 ----A---- C:\WINDOWS\system32\advpack.dll
2009-10-29 00:38:22 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-10-28 09:36:11 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-10-28 09:36:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-10-28 01:52:46 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-10-22 14:22:53 ----D---- C:\MyWorking
2009-10-22 12:32:45 ----A---- C:\WINDOWS\system32\tsmmc.msc
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 00:38:36 ----A---- C:\WINDOWS\system32\httpapi.dll
2009-10-20 20:11:57 ----D---- C:\Program Files\Microsoft Works
2009-10-20 11:46:57 ----D---- C:\Documents and Settings\rxxxxxxon.domain\Application Data\U3
2009-10-13 13:58:01 ----D---- C:\OnBase
2009-10-13 05:30:16 ----A---- C:\WINDOWS\system32\oakley.dll
2009-10-12 08:38:19 ----A---- C:\WINDOWS\system32\rastls.dll
2009-10-12 08:38:18 ----A---- C:\WINDOWS\system32\raschap.dll
2009-10-09 10:07:41 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-08 14:57:02 ----A---- C:\WINDOWS\system32\uiautomationcore.dll
2009-10-08 14:57:00 ----A---- C:\WINDOWS\system32\oleacc.dll
2009-10-08 14:56:56 ----A---- C:\WINDOWS\system32\oleaccrc.dll
2009-10-07 23:01:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-07 23:01:05 ----D---- C:\Program Files\Intel
2009-10-07 22:21:07 ----D---- C:\Program Files\PCDR5
2009-10-07 21:08:03 ----D---- C:\Program Files\Common Files\Lenovo
2009-10-07 21:08:00 ----D---- C:\Program Files\Lenovo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2009-07-21 11520]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-11-14 73288]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2005-07-05 17699]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2005-04-20 16384]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2006-05-26 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007-03-09 7168]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2004-06-19 120483]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2004-11-04 26672]
R1 vcdrom;Virtual CD-ROM Device Driver; \??\C:\WINDOWS\system32\drivers\VCdRom.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-26 20747]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 InAspi32;InAspi32; \??\C:\WINDOWS\system32\drivers\InAspi32.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NTPDA;NTPDA; C:\WINDOWS\system32\drivers\NTPDA.sys [2001-12-13 3446]
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2004-09-10 84064]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R2 tifsfilter;Maxtor MaxBlast FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-01-27 44384]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-03-03 28592]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2005-04-14 70144]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-05-17 133200]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-21 2156032]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-05-02 161792]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-10-18 242304]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2009-03-19 25000]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-14 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2009-01-07 30144]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-10 260224]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2008-12-08 50832]
R3 TPInput;TPInput; C:\WINDOWS\System32\DRIVERS\TPInput.sys [2006-09-26 6528]
R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2005-10-09 17792]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-03-03 16816]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2009-03-13 238208]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2009-06-22 16384]
S3 catchme;catchme; \??\C:\schrauber\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2006-10-26 357344]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2003-09-23 7296]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys []
S3 memcard;PCMCIA Memory Card Driver; C:\WINDOWS\system32\DRIVERS\memcard.sys [2001-08-17 8320]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 MXBULK;DualCam Still, MXBulk3.Sys; C:\WINDOWS\System32\Drivers\MXBulk3.sys [2002-01-22 50688]
S3 MXCap;DSC-06 Video Camera; C:\WINDOWS\system32\DRIVERS\MXCap3.sys [2002-04-17 63104]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NAVAP;NAVAP; \??\C:\Program Files\NavNT\NAVAP.sys []
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070829.009\NAVENG.sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070829.009\NAVEX15.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2006-04-17 16694]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-09-22 9856]
S3 portio;TPM Service; C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-05-19 13757]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNTNLUSB;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2004-09-10 27056]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TPM11;NSC Integrated Trusted Platform Module 1.1; C:\WINDOWS\system32\DRIVERS\nsctpm11.sys [2005-04-21 14336]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbkey;USB Dongle; C:\WINDOWS\system32\DRIVERS\USBKey.sys [2003-01-01 28848]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2008-03-03 30768]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-02-03 20152]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-01 128104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2009-07-29 98304]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2009-07-29 221184]
R2 Ascent Capture Service;Ascent Capture Service; c:\program files\ascent\bin\acsvc.exe [2006-09-21 40960]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-21 483328]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
R2 FJTWMKSV;FJTWMKSV; C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe [2007-03-08 45056]
R2 Hyland.Core.PageHandlers.NTService;Hyland PageHandlers Service; C:\Program Files\Hyland\Services\PageHandlers\Hyland.Core.PageHandlers.NTService.exe [2008-11-27 20480]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2009-03-19 38176]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-10 153376]
R2 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe [2007-06-22 95592]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 MSSQL$ASCENTCAPTURE;MSSQL$ASCENTCAPTURE; C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe [2005-05-03 9150464]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2007-05-07 771704]
R2 PRISMSVC;PRISMSVC; C:\WINDOWS\system32\PRISMSVC.EXE [2006-10-12 61529]
R2 Reform12_Spooler_Service;Reform12 Spooler Service; C:\Program Files\Reform_Enterprise_v12\ReformEnt.exe [2009-05-26 6459904]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
R2 S24EventMonitor;Intel® PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-02-27 909312]
R2 SentinelProtectionServer;SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2004-09-10 189536]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 ssCaptureManager;ssCaptureWorkflow; C:\GetSmart\ssCaptureManager.exe [2009-10-02 14848]
R2 ssContentIndex;ssContentSearch; C:\Program Files\Square9\Content Search\ssContentIndex.exe [2009-03-19 15360]
R2 SSXMLTransform;SSXMLTransform; C:\Program Files\Square9\XML Transform\SSXMLConverter.exe [2008-07-02 32768]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2009-06-12 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2007-05-07 796280]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-29 32768]
R2 TSSCoreService;TSS Core Service; C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe [2005-12-21 722480]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe [2006-08-21 1384448]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-03-03 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2008-03-03 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2008-03-03 150064]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R3 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-02-09 407072]
R3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2007-04-27 575064]
S2 SSImp Engine;SSImp Engine; C:\GetSmart\SSIMPORTERWS.exe [2009-09-11 32768]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-11-16 69632]
S3 ASMPB;AutoStore Status Monitor Port Broker; C:\Program Files\NSI\AutoStore\ASMPB.exe [2007-01-11 102400]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 AutoStore;AutoStore; C:\Program Files\NSI\AutoStore\batch.exe [2007-01-11 69632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 ControlSpoolService;PrintFree Spooler Service; C:\Program Files\PrintFree\DLL\F5SSpool.exe [2008-12-17 593920]
S3 E-mail Archive;E-mail Archive Service; C:\OnBase\EMArchiver.exe [2007-11-09 17158144]
S3 exe_dmwebsvcmgr;exe_dmwebsvcmgr; C:\Program Files\Hyland\Services\Web Server\dmwebsvcmgr.exe [2008-11-27 1822720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 Grn27fsm;PrintFree Directory Watch Service; C:\Program Files\PrintFree\DLL\F5SSubServices.exe [2008-12-17 98816]
S3 Grn27LPD;PrintFree LPD Service; C:\Program Files\PrintFree\DLL\F5SSubServices.exe [2008-12-17 98816]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-13 182768]
S3 Hyland.Diagnostics.NTService;Hyland Diagnostics Service; C:\Program Files\Hyland\Services\Diagnostics\Hyland.Diagnostics.NTService.exe [2008-11-27 24576]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LicMan;LicMan; C:\Program Files\Common Files\ODT-OCE\LicMan\bin\LicMan.exe [2005-11-09 798720]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2004-08-04 19456]
S3 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S3 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S3 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 SQLAgent$ASCENTCAPTURE;SQLAgent$ASCENTCAPTURE; C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlagent.EXE [2005-05-03 323584]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE [2008-11-24 346976]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2007-11-30 186928]
S3 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------
Go to the top of the page
 
+Quote Post
schrauber
post Jan 2 2010, 05:16 AM
Post #21


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,994
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Hi,


Delete ComboFix and Clean Up
Click Start > Run > type combofix /Uninstall > OK (Note the space between combofix and /Uninstall)
Please advise if this step is missed for any reason as it performs some important actions.



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.






Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean smile.gif



Below I have outlined a series of categories that outline how you can increase the security of your computer so that you will not be infected again in the future.


Practice Safe Internet

One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.

  2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.

  3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.

  4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.

    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites

  5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.

  6. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.

  7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.

  8. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.

  9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.

  10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Visit Microsoft's Windows Update Site Frequently

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Make Internet Explorer 7 more secure
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    1. Change the Download signed ActiveX controls to Prompt
    2. Change the Download unsigned ActiveX controls to Disable
    3. Change the Initialize and script ActiveX controls not marked as safe to Disable
    4. Change the Installation of desktop items to Prompt
    5. Change the Launching programs and files in an IFRAME to Prompt
    6. Change the Navigate sub-frames across different domains to Prompt
    7. When all these settings have been made, click on the OK button.
    8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.



Follow this list and your potential for being infected again will reduce dramatically.


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable as from friday 20th august

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
CopierGuy
post Jan 2 2010, 10:47 AM
Post #22


Member
**

Group: Members
Posts: 16
Joined: 14-December 09
Member No.: 416,626
After the reqired reboot I now get a acsvc.exe error and after I click ok and try to logon I get a window product activation error and it goes back to the logon screen.
Go to the top of the page
 
+Quote Post
schrauber
post Jan 2 2010, 12:08 PM
Post #23


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,994
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
After which required reboot?

This exe file should be related to Thinkpad.


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable as from friday 20th august

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
CopierGuy
post Jan 2 2010, 12:36 PM
Post #24


Member
**

Group: Members
Posts: 16
Joined: 14-December 09
Member No.: 416,626
After OTC ran it asked to reboot. I got the errors after that first reboot. I have tried robooting a few times and then into safe mode. Safe mode will alow me to login without an error but the normal windows login says there is a problem with the windows product activation. The error is "a problem is preventing windows from accurately checking the license for this computer. Error code: 0x80090019
Go to the top of the page
 
+Quote Post
schrauber
post Jan 3 2010, 06:55 AM
Post #25


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,994
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Seems to be a network problem, please see here:

http://forums.techarena.in/windows-xp-support/534958.htm


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable as from friday 20th august

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
CopierGuy
post Jan 3 2010, 07:48 PM
Post #26


Member
**

Group: Members
Posts: 16
Joined: 14-December 09
Member No.: 416,626
Nothing I tried would fix this error so I did a system restore to just before deleting ComboFix and running OTC. I can now login again. I am not sure if it was Combofix or OTC? Is it ok to skip this step? Is there a manual uninstall?
Go to the top of the page
 
+Quote Post
schrauber
post Jan 4 2010, 05:44 PM
Post #27


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,994
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Please just try the step with OTC, and tell me if it works, then I can give you some manual advice to remove the rest.

This post has been edited by schrauber: Jan 4 2010, 05:44 PM


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable as from friday 20th august

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
CopierGuy
post Jan 5 2010, 10:36 AM
Post #28


Member
**

Group: Members
Posts: 16
Joined: 14-December 09
Member No.: 416,626
Do you have another download location for OTC, my internet filter is blocking that URL
Go to the top of the page
 
+Quote Post
schrauber
post Jan 5 2010, 02:53 PM
Post #29


Mr.Mechanic
******

Group: Malware Response Team
Posts: 20,994
Joined: 3-May 08
From: Saarland,Germany
Member No.: 206,858
Hi,

I have attached a copy of the file.
Attached File(s)
Attached File  OTC.zip ( 192.65k ) Number of downloads: 2
 


--------------------
regards,
schrauber




If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!
Unavailable as from friday 20th august

If I have helped you then please consider donating to continue the fight against malware
Go to the top of the page
 
+Quote Post
CopierGuy
post Jan 6 2010, 09:08 PM
Post #30


Member
**

Group: Members
Posts: 16
Joined: 14-December 09
Member No.: 416,626
Thanks. I ran OTC and it finished and asked to reboot. I rebooted and I was able to login without any issue.
Go to the top of the page
 
+Quote Post
« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »
 

3 Pages V  < 1 2 3 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 6th September 2010 - 04:16 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2010 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2010  IPS, Inc.