Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have something--Trojan possibly


  • This topic is locked This topic is locked
2 replies to this topic

#1 moondo

moondo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:22 PM

Posted 14 December 2008 - 01:44 AM

Hi, my computer gives me popups whenever I open Firefox... so I'm posting the RSIT reports. I can also do the Combofix and GMER log if necessary.

Thanks in advance!

Logfile of random's system information tool 1.04 (written by random/random)
Run by moondo at 2008-12-14 01:47:27
Microsoft Windows XP Professional Service Pack 3
System drive C: has 39 GB (36%) free of 110 GB
Total RAM: 2014 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:29 AM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SysNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\moondo\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\moondo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {1CAD29DF-1D6D-41A2-8C55-EAA2C7EDCDEB} - C:\WINDOWS\msagent\intl\d3dnu.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\pmnmkjjh.dll
O2 - BHO: {272bb5a1-dcdf-2809-ede4-10cd75ff3317} - {7133ff57-dc01-4ede-9082-fdcd1a5bb272} - C:\WINDOWS\system32\ebbmji.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {8377E9AB-B260-408C-9431-FCDD0ECE8230} - C:\WINDOWS\system32\efcARkif.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ec3c6a9a] rundll32.exe "C:\WINDOWS\system32\apspuwgx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: taqype.dll ebbmji.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: d3dnu - C:\WINDOWS\msagent\intl\d3dnu.dll
O20 - Winlogon Notify: pmnmkjjh - C:\WINDOWS\SYSTEM32\pmnmkjjh.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 13021 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CAD29DF-1D6D-41A2-8C55-EAA2C7EDCDEB}]
C:\WINDOWS\msagent\intl\d3dnu.dll [2008-12-14 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\pmnmkjjh.dll [2008-12-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7133ff57-dc01-4ede-9082-fdcd1a5bb272}]
C:\WINDOWS\system32\ebbmji.dll [2008-12-14 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-27 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8377E9AB-B260-408C-9431-FCDD0ECE8230}]
C:\WINDOWS\system32\efcARkif.dll [2008-12-14 302592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-27 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-02-12 546672]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-14 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-14 512000]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2007-03-29 181808]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2007-03-07 243248]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-28 925696]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2007-02-08 536576]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-27 136600]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2007-03-22 120368]
"AMSG"=C:\Program Files\ThinkVantage\AMSG\Amsg.exe [2007-02-01 419376]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2007-03-27 413696]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2007-03-27 126976]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2007-01-30 2618944]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-16 13537280]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-07-16 86016]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe [2006-02-14 507904]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"ec3c6a9a"=C:\WINDOWS\system32\apspuwgx.dll [2008-12-14 72704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-25 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2008-12-01 2356088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-11-29 342336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2006-10-23 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2006-10-23 734872]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="taqype.dll ebbmji.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2007-03-27 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\d3dnu]
C:\WINDOWS\msagent\intl\d3dnu.dll [2008-12-14 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnmkjjh]
C:\WINDOWS\system32\pmnmkjjh.dll [2008-12-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2007-03-15 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-13 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\pmnmkjjh.dll [2008-12-12 34816]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\efcARkif
"notification packages"=scecli
psqlpwd
ACGina

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\moondo\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\steamapps\moondo\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\moondo\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-14 01:47:27 ----D---- C:\rsit
2008-12-14 01:45:33 ----A---- C:\WINDOWS\system32\ebbmji.dll
2008-12-14 01:45:31 ----A---- C:\WINDOWS\system32\aeohavod.dll
2008-12-14 01:43:23 ----A---- C:\WINDOWS\SysNotifier.exe
2008-12-14 01:43:16 ----SH---- C:\WINDOWS\system32\xgwupspa.ini
2008-12-14 01:43:11 ----A---- C:\WINDOWS\system32\apspuwgx.dll
2008-12-14 01:42:16 ----ASH---- C:\WINDOWS\system32\fikRAcfe.ini2
2008-12-14 01:42:16 ----ASH---- C:\WINDOWS\system32\fikRAcfe.ini
2008-12-14 01:42:12 ----A---- C:\WINDOWS\system32\efcARkif.dll
2008-12-14 01:35:59 ----A---- C:\ComboFix.txt
2008-12-14 01:24:09 ----A---- C:\Boot.bak
2008-12-14 01:24:04 ----RASHD---- C:\cmdcons
2008-12-14 01:22:51 ----A---- C:\WINDOWS\zip.exe
2008-12-14 01:22:51 ----A---- C:\WINDOWS\VFIND.exe
2008-12-14 01:22:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-14 01:22:51 ----A---- C:\WINDOWS\SWSC.exe
2008-12-14 01:22:51 ----A---- C:\WINDOWS\SWREG.exe
2008-12-14 01:22:51 ----A---- C:\WINDOWS\sed.exe
2008-12-14 01:22:51 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-14 01:22:51 ----A---- C:\WINDOWS\grep.exe
2008-12-14 01:22:51 ----A---- C:\WINDOWS\fdsv.exe
2008-12-14 01:13:58 ----A---- C:\WINDOWS\gmer.ini
2008-12-14 01:13:54 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-14 01:13:54 ----A---- C:\WINDOWS\gmer.exe
2008-12-14 01:13:54 ----A---- C:\WINDOWS\gmer.dll
2008-12-14 00:00:59 ----D---- C:\WINDOWS\ERDNT
2008-12-14 00:00:59 ----D---- C:\Qoobox
2008-12-13 23:21:15 ----D---- C:\Program Files\Trend Micro
2008-12-12 21:23:19 ----D---- C:\WINDOWS\pss
2008-12-12 21:21:33 ----A---- C:\WINDOWS\system32\efcCTJDW.dll
2008-12-12 21:19:26 ----A---- C:\WINDOWS\system32\e71faee4-.txt
2008-12-12 21:12:30 ----A---- C:\WINDOWS\system32\pmnmkjjh.dll
2008-12-11 20:40:37 ----D---- C:\Program Files\Avira
2008-12-11 20:40:37 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-11 19:43:52 ----SHD---- C:\Config.Msi
2008-12-11 19:17:19 ----D---- C:\Program Files\Steam
2008-12-11 03:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 03:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 03:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 15:48:03 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-12-06 15:48:03 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-12-06 15:48:03 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-12-06 15:48:03 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-12-06 15:47:51 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-12-06 15:47:45 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-12-06 15:47:45 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-12-06 15:47:45 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-12-06 15:47:34 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-12-06 15:47:24 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-12-06 15:47:24 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-12-06 15:47:24 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-12-06 15:47:24 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-12-06 15:47:20 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-12-06 15:47:20 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-12-04 19:08:25 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-12-02 16:31:56 ----D---- C:\Documents and Settings\moondo\Application Data\skypePM
2008-12-02 16:30:28 ----D---- C:\Documents and Settings\moondo\Application Data\Skype
2008-12-02 16:28:51 ----D---- C:\Program Files\Skype
2008-12-02 16:28:51 ----D---- C:\Program Files\Common Files\Skype
2008-12-02 16:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-12-01 05:48:45 ----D---- C:\Documents and Settings\moondo\Application Data\GRETECH
2008-11-30 12:10:38 ----A---- C:\WINDOWS\system32\msxml2a.dll
2008-11-30 12:10:38 ----A---- C:\WINDOWS\ssndii.exe
2008-11-30 12:10:37 ----D---- C:\WINDOWS\Samsung
2008-11-30 12:09:07 ----A---- C:\WINDOWS\system32\sugo3LMK.DLL
2008-11-30 12:09:07 ----A---- C:\WINDOWS\system32\SUGO3CI.exe
2008-11-30 12:09:07 ----A---- C:\WINDOWS\system32\SUGO3CI.dll
2008-11-30 12:09:05 ----D---- C:\Program Files\Samsung
2008-11-30 12:08:50 ----D---- C:\WINDOWS\ML-2510_GDI
2008-11-29 06:47:23 ----D---- C:\Documents and Settings\moondo\Application Data\BitTorrent
2008-11-29 06:47:11 ----D---- C:\Program Files\DNA
2008-11-29 06:47:11 ----D---- C:\Documents and Settings\moondo\Application Data\DNA
2008-11-29 06:47:10 ----D---- C:\Program Files\BitTorrent
2008-11-28 22:33:01 ----D---- C:\WINDOWS\Sun
2008-11-27 18:54:48 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-27 18:54:48 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-27 18:54:48 ----A---- C:\WINDOWS\system32\java.exe
2008-11-27 18:54:48 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-27 14:46:58 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-26 04:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-26 04:44:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-26 04:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-26 04:43:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-26 04:43:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-26 04:43:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-26 04:42:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-26 04:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-26 04:42:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-26 04:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-26 04:42:24 ----D---- C:\WINDOWS\ie7updates
2008-11-26 04:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-26 04:41:08 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-26 04:40:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-26 04:40:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-26 04:40:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-26 04:40:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-26 04:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-26 04:40:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-26 04:40:18 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-26 04:40:11 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-26 04:40:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-26 04:39:30 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-11-26 04:18:09 ----D---- C:\Documents and Settings\moondo\Application Data\Macromedia
2008-11-26 03:48:11 ----D---- C:\WINDOWS\system32\Client Security Solution
2008-11-26 03:46:04 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-26 03:46:03 ----D---- C:\Program Files\Windows Live Toolbar
2008-11-26 03:45:55 ----SH---- C:\Documents and Settings\moondo\Application Data\desktop.ini
2008-11-26 03:45:55 ----SD---- C:\Documents and Settings\moondo\Application Data\Microsoft
2008-11-26 03:45:55 ----D---- C:\Documents and Settings\moondo\Application Data\Lenovo
2008-11-26 03:45:55 ----D---- C:\Documents and Settings\moondo\Application Data\InstallShield
2008-11-26 03:45:55 ----D---- C:\Documents and Settings\moondo\Application Data\Identities
2008-11-26 03:45:55 ----D---- C:\Documents and Settings\moondo\Application Data\Adobe
2008-11-26 03:40:42 ----A---- C:\WINDOWS\smscfg.ini
2008-11-26 03:36:12 ----A---- C:\WINDOWS\system32\capicom.dll
2008-11-26 03:36:10 ----D---- C:\Program Files\Symantec
2008-11-26 03:36:06 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-26 03:35:48 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-26 03:35:09 ----RSHD---- C:\RRbackups
2008-11-26 03:31:52 ----D---- C:\WINDOWS\system32\(null)
2008-11-26 03:31:49 ----A---- C:\WINDOWS\system32\pxinsi64.exe
2008-11-26 03:31:49 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2008-11-26 03:31:49 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-26 03:31:49 ----A---- C:\WINDOWS\system32\pxcpyi64.exe
2008-11-26 03:31:49 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2008-11-26 03:31:49 ----A---- C:\WINDOWS\system32\pxafs.dll
2008-11-26 03:31:32 ----D---- C:\SWSHARE
2008-11-26 03:30:25 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-26 03:30:01 ----A---- C:\WINDOWS\system32\tvt_gina_api.dll
2008-11-26 03:30:01 ----A---- C:\WINDOWS\system32\tvt_gina.dll
2008-11-26 03:26:36 ----D---- C:\Documents and Settings\All Users\Application Data\PC-Doctor
2008-11-26 03:26:08 ----D---- C:\Program Files\PCDR5
2008-11-26 03:26:06 ----D---- C:\Program Files\Lenovo Registration
2008-11-26 03:25:50 ----D---- C:\Documents and Settings\All Users\Application Data\Lenovo
2008-11-26 03:25:46 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-11-26 03:25:46 ----A---- C:\WINDOWS\system32\ahlprun.exe
2008-11-26 03:25:40 ----A---- C:\WINDOWS\system32\MFC71.DLL
2008-11-26 03:25:39 ----D---- C:\Program Files\ThinkVantage
2008-11-26 03:25:18 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-26 03:25:13 ----D---- C:\Program Files\Common Files\Adobe
2008-11-26 03:25:13 ----D---- C:\Program Files\Adobe
2008-11-26 03:24:50 ----D---- C:\Program Files\Sonic Icons for Lenovo
2008-11-26 03:24:46 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-11-26 03:24:43 ----D---- C:\Program Files\Sonic
2008-11-26 03:24:43 ----D---- C:\Program Files\Common Files\SureThing Shared
2008-11-26 03:24:40 ----D---- C:\WINDOWS\system32\DLA
2008-11-26 03:24:40 ----A---- C:\WINDOWS\wininit.ini
2008-11-26 03:24:40 ----A---- C:\WINDOWS\system32\DLAAPI_W.DLL
2008-11-26 03:24:40 ----A---- C:\WINDOWS\DLA.EXE
2008-11-26 03:24:12 ----D---- C:\Program Files\Multimedia Center for Think Offerings
2008-11-26 03:24:12 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-11-26 03:23:13 ----D---- C:\Program Files\Common Files\InterVideo
2008-11-26 03:22:56 ----A---- C:\WINDOWS\system32\IVIresizeW7.dll
2008-11-26 03:22:56 ----A---- C:\WINDOWS\system32\IVIresizePX.dll
2008-11-26 03:22:56 ----A---- C:\WINDOWS\system32\IVIresizeP6.dll
2008-11-26 03:22:56 ----A---- C:\WINDOWS\system32\IVIresizeM6.dll
2008-11-26 03:22:56 ----A---- C:\WINDOWS\system32\IVIresizeA6.dll
2008-11-26 03:22:56 ----A---- C:\WINDOWS\system32\IVIresize.dll
2008-11-26 03:22:50 ----D---- C:\Program Files\InterVideo
2008-11-26 03:22:07 ----D---- C:\Program Files\Java
2008-11-26 03:22:06 ----D---- C:\Program Files\Common Files\Java
2008-11-26 03:21:31 ----D---- C:\Program Files\Common Files\Lenovo
2008-11-26 03:18:44 ----A---- C:\TPHKLOCK.TXT
2008-11-26 03:16:20 ----D---- C:\Program Files\CONEXANT
2008-11-26 03:15:36 ----D---- C:\Program Files\Analog Devices
2008-11-26 03:15:36 ----A---- C:\WINDOWS\system32\wdmioctl.dll
2008-11-26 03:15:36 ----A---- C:\WINDOWS\system32\SMMedia.dll
2008-11-26 03:15:36 ----A---- C:\WINDOWS\system32\DSndUp.exe
2008-11-26 03:15:36 ----A---- C:\WINDOWS\system32\CleanUp.exe
2008-11-26 03:15:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-26 03:15:25 ----D---- C:\Program Files\DIFX
2008-11-26 03:14:52 ----D---- C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2008-11-26 03:14:49 ----D---- C:\Program Files\ThinkVantage Fingerprint Software
2008-11-26 03:14:46 ----D---- C:\Documents and Settings\All Users\Application Data\UIB
2008-11-26 03:14:09 ----A---- C:\WINDOWS\system32\btw_ci.dll
2008-11-26 03:13:33 ----D---- C:\Program Files\ThinkPad
2008-11-26 03:13:33 ----A---- C:\WINDOWS\PWMBTHLP.EXE
2008-11-26 03:12:55 ----A---- C:\WINDOWS\vsnp2uvc.exe
2008-11-26 03:12:54 ----A---- C:\WINDOWS\snp2uvc.ini
2008-11-26 03:12:53 ----D---- C:\Program Files\Common Files\snp2uvc
2008-11-26 03:12:53 ----A---- C:\WINDOWS\system32\vsnp2uvc.dll
2008-11-26 03:12:53 ----A---- C:\WINDOWS\system32\rsnp2uvc.dll
2008-11-26 03:12:53 ----A---- C:\WINDOWS\system32\csnp2uvc.dll
2008-11-26 03:12:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-26 03:12:44 ----A---- C:\WINDOWS\system32\SynTPFcs.dll
2008-11-26 03:12:44 ----A---- C:\WINDOWS\system32\SynTPCoI.dll
2008-11-26 03:12:44 ----A---- C:\WINDOWS\system32\SynTPAPI.dll
2008-11-26 03:12:44 ----A---- C:\WINDOWS\system32\SynCtrl.dll
2008-11-26 03:12:44 ----A---- C:\WINDOWS\system32\SynCOM.dll
2008-11-26 03:12:43 ----D---- C:\Program Files\Synaptics
2008-11-26 03:12:37 ----A---- C:\WINDOWS\system32\wgapi.dll
2008-11-26 03:12:37 ----A---- C:\WINDOWS\system32\wcapiU.dll
2008-11-26 03:12:37 ----A---- C:\WINDOWS\system32\wcapi.dll
2008-11-26 03:12:37 ----A---- C:\WINDOWS\system32\oemres.dll
2008-11-26 03:12:37 ----A---- C:\WINDOWS\system32\athcfg20U.dll
2008-11-26 03:12:37 ----A---- C:\WINDOWS\system32\athcfg20resU.dll
2008-11-26 03:12:37 ----A---- C:\WINDOWS\system32\athcfg20res.dll
2008-11-26 03:12:37 ----A---- C:\WINDOWS\system32\acs.exe
2008-11-26 03:12:36 ----A---- C:\WINDOWS\system32\ssleay32.dll
2008-11-26 03:12:36 ----A---- C:\WINDOWS\system32\libeay32.dll
2008-11-26 03:12:36 ----A---- C:\WINDOWS\system32\athcfg20.dll
2008-11-26 03:12:36 ----A---- C:\WINDOWS\system32\athcfg11res.dll
2008-11-26 03:12:36 ----A---- C:\WINDOWS\system32\athcfg11.dll
2008-11-26 03:11:42 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-26 03:11:42 ----D---- C:\Program Files\Lenovo
2008-11-26 03:11:42 ----A---- C:\WINDOWS\system32\ATHCFG10.DLL
2008-11-26 03:11:38 ----D---- C:\Program Files\MSXML 4.0
2008-11-26 03:09:57 ----A---- C:\WINDOWS\system32\verclsid.exe
2008-11-26 03:09:52 ----D---- C:\Program Files\Common Files\Installshield
2008-11-26 03:09:29 ----D---- C:\WINDOWS\WBEM
2008-11-26 03:09:29 ----D---- C:\WINDOWS\system32\en-US
2008-11-26 03:08:03 ----HDC---- C:\WINDOWS\ie7
2008-11-26 03:07:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-26 03:07:48 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-26 03:07:38 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-26 03:07:38 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-11-26 03:07:33 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-26 03:07:25 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-11-26 03:07:10 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-26 03:07:10 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-11-26 03:07:09 ----HDC---- C:\WINDOWS\$NtUninstallWMCSetup$
2008-11-26 03:06:50 ----A---- C:\WINDOWS\system32\Softkbd.exe.config
2008-11-26 03:04:36 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-26 03:01:35 ----A---- C:\WINDOWS\system32\hccoin.dll
2008-11-26 02:59:39 ----A---- C:\WINDOWS\system32\tpinspm.dll
2008-11-26 02:59:39 ----A---- C:\WINDOWS\system32\ibmpmsvc.exe
2008-11-26 02:59:37 ----A---- C:\WINDOWS\system32\Prounstl.exe
2008-11-26 02:59:37 ----A---- C:\WINDOWS\system32\NicInstE.dll
2008-11-26 02:59:37 ----A---- C:\WINDOWS\system32\NicEtCoE.dll
2008-11-26 02:59:37 ----A---- C:\WINDOWS\system32\NicCo.dll
2008-11-26 02:59:37 ----A---- C:\WINDOWS\system32\e1000msg.dll
2008-11-26 02:59:36 ----A---- C:\WINDOWS\system32\TPMDDL.dll
2008-11-26 02:59:34 ----AD---- C:\drivers
2008-11-26 02:43:49 ----D---- C:\SWTOOLS
2008-11-26 02:40:21 ----AD---- C:\I386
2008-11-25 22:42:11 ----D---- C:\Documents and Settings\moondo\Application Data\WinRAR
2008-11-25 19:13:54 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-25 17:36:14 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-11-25 16:48:59 ----D---- C:\Program Files\World of Warcraft
2008-11-25 16:48:59 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-11-25 16:44:01 ----D---- C:\WINDOWS\Minidump
2008-11-25 16:37:25 ----D---- C:\Program Files\World of Warcraft.temp
2008-11-25 16:37:25 ----D---- C:\Program Files\Common Files\Blizzard Entertainment.temp
2008-11-25 16:06:04 ----D---- C:\Documents and Settings\moondo\Application Data\Sun
2008-11-25 16:04:10 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-11-25 16:03:02 ----D---- C:\Program Files\Microsoft Works
2008-11-25 16:02:53 ----D---- C:\Program Files\MSBuild
2008-11-25 16:02:29 ----D---- C:\Program Files\Microsoft Visual Studio
2008-11-25 16:02:29 ----D---- C:\Program Files\Common Files\DESIGNER
2008-11-25 16:01:49 ----D---- C:\Program Files\Microsoft.NET
2008-11-25 15:59:03 ----D---- C:\Program Files\Microsoft Visual Studio 8
2008-11-25 15:58:17 ----D---- C:\WINDOWS\SHELLNEW
2008-11-25 15:57:54 ----D---- C:\Program Files\Microsoft Office
2008-11-25 15:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-25 15:57:30 ----RHD---- C:\MSOCache
2008-11-25 15:14:30 ----D---- C:\WINDOWS\system32\scripting
2008-11-25 15:14:27 ----D---- C:\WINDOWS\l2schemas
2008-11-25 15:14:15 ----D---- C:\WINDOWS\system32\en
2008-11-25 15:14:07 ----D---- C:\WINDOWS\system32\bits
2008-11-25 15:07:18 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-25 15:03:57 ----D---- C:\WINDOWS\network diagnostic
2008-11-25 14:58:17 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-25 14:56:54 ----D---- C:\warc
2008-11-25 14:42:16 ----D---- C:\WINDOWS\nview
2008-11-25 14:42:16 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-25 14:42:00 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-11-25 14:26:31 ----D---- C:\Program Files\GRETECH
2008-11-25 14:23:09 ----D---- C:\Program Files\WinRAR
2008-11-25 14:22:40 ----D---- C:\Documents and Settings\moondo\Application Data\Mozilla
2008-11-25 14:21:28 ----D---- C:\Program Files\Mozilla Firefox
2008-11-25 14:04:13 ----RA---- C:\WINDOWS\system32\dsaNac.dll
2008-11-25 14:04:13 ----RA---- C:\WINDOWS\system32\dsa.dll
2008-11-25 14:04:13 ----A---- C:\WINDOWS\system32\wsimd.dll
2008-11-25 14:04:13 ----A---- C:\WINDOWS\system32\wsfwDS.dll
2008-11-25 14:02:01 ----D---- C:\Program Files\Digital Line Detect
2008-11-25 14:01:39 ----D---- C:\Program Files\NetWaiting
2008-11-25 14:00:23 ----A---- C:\WINDOWS\system32\WorkAfterReboot.exe
2008-11-25 13:57:20 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-25 13:57:18 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-11-25 13:53:36 ----D---- C:\WINDOWS\system32\SoftwareDistribution

======List of files/folders modified in the last 1 months======

2008-12-14 01:45:33 ----AD---- C:\WINDOWS\system32
2008-12-14 01:43:23 ----AD---- C:\WINDOWS
2008-12-14 01:43:16 ----D---- C:\WINDOWS\Temp
2008-12-14 01:43:16 ----D---- C:\WINDOWS\system32\drivers
2008-12-14 01:36:07 ----D---- C:\WINDOWS\Prefetch
2008-12-14 01:35:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-14 01:34:13 ----RASH---- C:\boot.ini
2008-12-14 01:34:13 ----A---- C:\WINDOWS\win.ini
2008-12-14 01:34:13 ----A---- C:\WINDOWS\system.ini
2008-12-14 01:30:58 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 01:28:13 ----D---- C:\WINDOWS\system32\config
2008-12-14 01:25:50 ----D---- C:\WINDOWS\AppPatch
2008-12-14 01:25:50 ----D---- C:\Program Files\Common Files
2008-12-14 01:25:08 ----SD---- C:\WINDOWS\Tasks
2008-12-14 01:23:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 23:21:15 ----RD---- C:\Program Files
2008-12-11 19:48:38 ----SHD---- C:\WINDOWS\Installer
2008-12-11 03:01:27 ----HD---- C:\WINDOWS\inf
2008-12-11 03:01:20 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 03:01:15 ----ASHD---- C:\WINDOWS\system32\dllcache
2008-12-11 03:01:12 ----D---- C:\Program Files\Internet Explorer
2008-12-11 03:00:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 12:40:55 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 15:47:57 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 15:47:55 ----D---- C:\WINDOWS\Help
2008-11-30 12:11:08 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-27 14:46:59 ----D---- C:\WINDOWS\Debug
2008-11-26 04:43:59 ----D---- C:\Program Files\Messenger
2008-11-26 04:40:18 ----D---- C:\WINDOWS\WinSxS
2008-11-26 03:45:54 ----D---- C:\Documents and Settings
2008-11-26 03:45:41 ----SHD---- C:\System Volume Information
2008-11-26 03:45:15 ----D---- C:\WINDOWS\Registration
2008-11-26 03:31:20 ----A---- C:\WINDOWS\system32\PxWave.dll
2008-11-26 03:31:20 ----A---- C:\WINDOWS\system32\PxSFS.DLL
2008-11-26 03:31:20 ----A---- C:\WINDOWS\system32\PxMas.dll
2008-11-26 03:31:19 ----A---- C:\WINDOWS\system32\Px.dll
2008-11-26 03:23:18 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-26 03:13:33 ----D---- C:\WINDOWS\Media
2008-11-26 03:05:24 ----D---- C:\WINDOWS\pchealth
2008-11-26 03:00:12 ----D---- C:\WINDOWS\repair
2008-11-25 16:04:18 ----RSD---- C:\WINDOWS\assembly
2008-11-25 16:02:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-25 15:58:26 ----D---- C:\Program Files\Common Files\System
2008-11-25 15:50:00 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-25 15:49:42 ----A---- C:\WINDOWS\setuplog.txt
2008-11-25 15:26:30 ----D---- C:\WINDOWS\system32\Setup
2008-11-25 15:26:29 ----D---- C:\WINDOWS\system32\wbem
2008-11-25 15:22:17 ----D---- C:\WINDOWS\security
2008-11-25 15:16:03 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-25 15:16:01 ----D---- C:\WINDOWS\ime
2008-11-25 15:14:40 ----D---- C:\WINDOWS\system32\usmt
2008-11-25 15:14:07 ----D---- C:\WINDOWS\PeerNet
2008-11-25 15:14:02 ----D---- C:\Program Files\Movie Maker
2008-11-25 15:07:04 ----D---- C:\WINDOWS\system32\Restore
2008-11-25 15:07:04 ----D---- C:\WINDOWS\system32\npp
2008-11-25 15:07:04 ----D---- C:\WINDOWS\mui
2008-11-25 15:07:02 ----D---- C:\WINDOWS\msagent
2008-11-25 15:06:57 ----D---- C:\WINDOWS\srchasst
2008-11-25 15:06:54 ----D---- C:\Program Files\NetMeeting
2008-11-25 15:06:52 ----D---- C:\WINDOWS\system32\Com
2008-11-25 15:06:48 ----D---- C:\Program Files\Windows Media Player
2008-11-25 15:06:47 ----D---- C:\Program Files\Windows NT
2008-11-25 15:06:47 ----D---- C:\Program Files\Outlook Express
2008-11-25 15:06:18 ----AD---- C:\WINDOWS\system32\oobe
2008-11-25 15:06:15 ----D---- C:\WINDOWS\system
2008-11-25 14:58:15 ----D---- C:\WINDOWS\ehome
2008-11-25 13:54:13 ----D---- C:\WINDOWS\SoftwareDistribution

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-11-08 11520]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-22 17778]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2006-12-19 4442]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []
R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2008-11-26 33536]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-03-07 311808]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-29 94080]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-10-12 252048]
R3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-14 85969]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-02-27 21040]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-16 6594144]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2006-09-13 28224]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-14 177664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-03-15 40848]
R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2006-09-13 35264]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2007-02-08 17664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
S2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2004-08-11 41984]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2007-03-27 65536]
R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-03-21 364629]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2007-03-27 180224]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-02-27 36400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-27 152984]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-16 159812]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2006-12-15 11776]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-01-30 644672]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2007-03-02 37680]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2007-01-30 722496]
R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2007-02-08 950272]
R2 TVT Scheduler;TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2007-02-08 1118208]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2007-02-08 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------

Attached Files


Edited by moondo, 14 December 2008 - 01:49 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:22 PM

Posted 20 December 2008 - 07:58 PM

Hello moondo,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:22 PM

Posted 29 December 2008 - 03:08 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users