Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Vundo virus removal request


  • This topic is locked This topic is locked
7 replies to this topic

#1 jengels2002

jengels2002

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 06 January 2009 - 07:24 AM

It all started when downloading images from Yahoo.
It began with repid antivirus then blossomed into popups, etc. Finally culminated with a blue screen Stop: 0X00000008E.
To fix, i have used symantac Fixvundo and Mlwarebytes. I am currently running through safe mode. Upon logging in "non-safemode" windows, I get the blue screen with rhe stop: message as indicated above.

Can someone look through and determine the infections and removal options? Any help would be greatly appretiated.

Thanks,

Joe



DDS (Version 1.1.0) - NTFSx86 NETWORK
Run by ro-joe at 7:12:23.45 on Tue 01/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.804 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\init32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\ro-joe\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_15\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AbacastDistributedOnDemand:11] c:\documents and settings\ro-joe\local settings\application data\abacastdistributedondemand\node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TpShocks] TpShocks.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UsMegaOnMon] c:\program files\track4win monitor\STMonitor.exe
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [msiexec.exe] msiconf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_15\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: stmxqe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli psqlpwd ACGina

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-5-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2008-11-18 44664]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-4-20 307984]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-9 57344]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
S0 qiyhi;qiyhi;c:\windows\system32\drivers\arveotxd.sys --> c:\windows\system32\drivers\arveotxd.sys [?]
S0 venbim;venbim;c:\windows\system32\drivers\qxdtuul.sys --> c:\windows\system32\drivers\qxdtuul.sys [?]
S1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-11-9 11520]
S1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-11-9 4224]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-11-9 4442]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2007-4-4 943696]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-4-27 575064]
S4 gupdate1c966222ad7ad8e;Google Update Service (gupdate1c966222ad7ad8e);c:\program files\google\update\GoogleUpdate.exe [2008-12-24 119280]
S4 HIT_PARA;HIT_PARA;c:\windows\system32\drivers\HIT_Para.sys [2008-12-10 8204]
S4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-11-18 94208]
S4 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
S4 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
S4 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
S4 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2007-6-12 205328]
S4 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2007-6-12 36368]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-25 24652]
S4 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]

=============== Created Last 30 ================

2009-01-06 06:12 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-01-06 02:00 502 a------- c:\windows\system32\win32hlp.cnf
2009-01-06 01:28 1 a------- c:\windows\system32\uniq.tll
2009-01-06 01:28 1 a------- c:\windows\system32\test.ttt
2009-01-06 01:28 24,576 a------- c:\windows\system32\pcload.exe
2009-01-05 21:19 <DIR> --d----- c:\windows\LastGood.Tmp
2009-01-05 19:31 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-05 18:46 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-05 13:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-05 13:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-05 13:38 13,724 a------- c:\windows\system32\wpa.bak
2009-01-05 13:28 30,208 ac------ c:\windows\system32\dllcache\sm81w.dll
2009-01-05 13:27 7,680 ac------ c:\windows\system32\dllcache\migregdb.exe
2009-01-05 13:26 400,384 ac------ c:\windows\system32\dllcache\fxsxp32.dll
2009-01-05 13:25 19,456 ac------ c:\windows\system32\dllcache\agt0804.dll
2009-01-05 13:22 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-05 13:22 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-05 13:22 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-05 13:22 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-05 13:22 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-01-05 13:22 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-05 13:22 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-01-05 13:17 152,576 a------- c:\windows\system32\irftp.exe
2009-01-05 13:17 87,424 a------- c:\windows\system32\drivers\irda.sys
2009-01-05 13:17 27,136 a------- c:\windows\system32\irmon.dll
2009-01-05 13:17 8,192 a------- c:\windows\system32\wshirda.dll
2009-01-05 13:08 19,584 a------- c:\windows\system32\drivers\rasirda.sys
2009-01-05 07:53 1,072,123,904 a------- c:\windows\MEMORY.DMP
2009-01-02 11:36 <DIR> --d----- c:\docume~1\ro-joe\applic~1\Malwarebytes
2009-01-02 11:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-02 11:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 11:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-02 11:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 17:55 <DIR> --d----- c:\program files\Lavasoft
2009-01-01 17:18 <DIR> --d----- c:\docume~1\ro-joe\applic~1\GlarySoft
2009-01-01 17:17 <DIR> --d----- c:\program files\AskBarDis
2009-01-01 17:17 <DIR> --d----- c:\program files\Glary Registry Repair
2009-01-01 17:14 <DIR> --d----- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-01-01 02:36 90,112 a------- c:\windows\DUMP8915.tmp
2009-01-01 00:09 262,144 a------- C:\ntuser.dat
2008-12-31 23:39 <DIR> --d----- c:\temp\REX81
2008-12-31 23:39 <DIR> --d----- c:\windows\system32\xn
2008-12-31 23:39 <DIR> --d----- c:\windows\system32\p2
2008-12-25 20:41 22,016 a------- c:\windows\system32\drivers\msircomm.sys
2008-12-22 01:18 <DIR> --d----- c:\docume~1\ro-joe\applic~1\MySpace
2008-12-22 01:18 <DIR> --d----- c:\program files\MySpace
2008-12-18 17:22 802,889 a------- c:\windows\setupapi.old
2008-12-16 23:01 <DIR> --d----- c:\windows\system32\E177E04D548C4006A465EEB92D3DE021
2008-12-16 23:01 65 a------- c:\windows\minitab.ini
2008-12-16 23:00 <DIR> --d----- c:\program files\Minitab 15
2008-12-16 10:00 208,896 a------- c:\windows\system32\HPP2800V.DLL
2008-12-16 10:00 45,056 a------- c:\windows\system32\hppapts0.dll
2008-12-16 10:00 36,864 a------- c:\windows\system32\hppasnm0.dll
2008-12-16 10:00 36,864 a------- c:\windows\system32\hppapml0.dll
2008-12-16 10:00 36,864 a------- c:\windows\system32\hppadt40.dll
2008-12-16 10:00 32,768 a------- c:\windows\system32\hppamon0.dll
2008-12-16 10:00 484 a------- c:\windows\system32\HPP2800V.DAT
2008-12-15 10:59 <DIR> --d----- C:\2600949
2008-12-15 09:13 <DIR> --d----- c:\docume~1\ro-joe\applic~1\Windows Search
2008-12-14 20:44 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2008-12-14 20:44 389,180 a------- c:\windows\system32\UCS32P.DLL
2008-12-14 20:44 36,864 a------- c:\windows\system32\CNQU70.DLL
2008-12-14 20:44 339,968 a------- c:\windows\system32\N124UFW.dll
2008-12-14 20:44 <DIR> --d-h--- C:\CanoScan
2008-12-14 20:26 <DIR> --d----- c:\program files\Canon
2008-12-14 20:24 <DIR> --d----- c:\temp\CanoScanTB_v4131
2008-12-14 20:24 <DIR> --d----- c:\temp\CanoScan_Toolbox_v4131
2008-12-10 17:22 0 a------- C:\s2os.4
2008-12-10 16:14 30 a--sh--- c:\windows\system32\LV.rst
2008-12-10 16:14 26 a--sh--- c:\windows\system32\LV.key
2008-12-10 16:14 14 a--sh--- c:\windows\system32\LV.ent
2008-12-10 16:14 0 a--sh--- c:\windows\system32\LV.41s
2008-12-10 16:14 2,240 a------- c:\windows\system32\esnecil.nlp
2008-12-10 16:14 2,240 a------- c:\windows\system32\esnecil.ind
2008-12-10 16:14 684 a------- c:\windows\system32\LV.ckn
2008-12-10 16:12 27 a------- c:\windows\Crypkey.ini
2008-12-10 16:11 2,577 a------- c:\windows\system32\config.hsp
2008-12-10 16:11 27,648 a----r-- c:\windows\Setup_ck.exe
2008-12-10 16:11 165,888 a------- c:\windows\Ckconfig.exe
2008-12-10 16:11 52,224 a------- c:\windows\system32\Crypserv.exe
2008-12-10 16:11 24,608 a------- c:\windows\system32\Ckldrv.sys
2008-12-10 16:11 18,432 a------- c:\windows\Setup_ck.dll
2008-12-10 16:11 11,776 a------- c:\windows\Ckrfresh.exe
2008-12-10 16:11 8,204 a------- c:\windows\system32\drivers\HIT_Para.sys
2008-12-10 16:11 317,952 a------- c:\windows\system32\ROBOEX32.DLL
2008-12-10 16:11 197,696 a------- c:\windows\system32\Unidrv.dll
2008-12-10 16:11 2,897 a------- c:\windows\system32\lv.exe
2008-12-10 16:10 <DIR> --d----- C:\LVWIN70
2008-12-10 07:52 <DIR> --d----- C:\BHLjae
2008-12-09 11:19 <DIR> --d----- c:\windows\system32\Program FilesMotic
2008-12-09 11:07 5,504 a------- c:\windows\system32\drivers\mstee.sys
2008-12-09 11:04 <DIR> --d----- c:\docume~1\ro-joe\applic~1\Motic
2008-12-09 11:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Motic
2008-12-09 11:04 1,051,648 a------- c:\windows\system32\WDMCapX.ocx
2008-12-09 11:03 18,982 a------- c:\windows\system32\om518ext.ax
2008-12-09 11:03 <DIR> --d----- c:\program files\Motic
2008-12-07 23:13 <DIR> --d----- c:\program files\Yahoo!

==================== Find3M ====================

2009-01-06 01:59 111,616 a------- c:\windows\system32\userinit.exe
2009-01-05 13:20 23,444 a------- c:\windows\system32\emptyregdb.dat
2009-01-04 22:00 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2009-01-01 02:19 90,112 a------- c:\windows\DUMP688d.tmp
2008-11-14 17:03 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-14 16:36 50 a------- c:\windows\system32\drivers\LENOVO_2007_WLY.MRK
2008-11-09 20:38 23,552 a------- c:\windows\system32\drivers\psasrv.exe
2008-11-09 20:37 7,012 a------- c:\windows\system32\drivers\pmemnt.sys
2008-11-09 20:16 0 a---hr-- c:\windows\system32\drivers\IBM_2007_WLY_TP.MRK
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

============= FINISH: 7:13:14.21 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jengels2002

jengels2002
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 06 January 2009 - 08:53 AM

Just removed spybot and ad-aware.
Ran an ESET scan as well.

Update: As soon as I log into windows, I am logged back off.
I do have the install disk.

Edited by jengels2002, 06 January 2009 - 10:30 PM.


#3 jengels2002

jengels2002
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 18 January 2009 - 12:53 PM

Fixed the log off problem with updating userinit and wsaupdater.

Attached is the newest log


DDS (Ver_09-01-18.01) - NTFSx86
Run by ro-joe at 12:47:40.18 on Sun 01/18/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.459 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\KB1F48.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Track4Win Monitor\STMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ro-joe\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ro-joe\Desktop\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_15\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AbacastDistributedOnDemand:11] c:\documents and settings\ro-joe\local settings\application data\abacastdistributedondemand\node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TpShocks] TpShocks.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [snpstd] c:\windows\vsnpstd.exe
mRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UsMegaOnMon] c:\program files\track4win monitor\STMonitor.exe
dRun: [msiexec.exe] msiconf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
uPolicies-explorer: NoSetActiveDesktop = 30
uPolicies-explorer: NoActiveDesktopChanges = 30
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_15\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: psfus - psqlpwd.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: stmxqe.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Notification Packages = scecli psqlpwd ACGina

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-5-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2008-11-9 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2008-11-9 4224]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-11-9 4442]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2008-11-18 44664]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-4-20 307984]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-11-9 57344]
R4 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2008-11-18 94208]
R4 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R4 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R4 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R4 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2007-6-12 205328]
R4 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2007-6-12 36368]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-25 24652]
R4 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
S0 qiyhi;qiyhi;c:\windows\system32\drivers\arveotxd.sys --> c:\windows\system32\drivers\arveotxd.sys [?]
S0 venbim;venbim;c:\windows\system32\drivers\qxdtuul.sys --> c:\windows\system32\drivers\qxdtuul.sys [?]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\trend micro\officescan client\TmPfw.exe [2007-4-4 943696]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files\trend micro\officescan client\TmProxy.exe [2007-4-27 575064]
S4 gupdate1c966222ad7ad8e;Google Update Service (gupdate1c966222ad7ad8e);c:\program files\google\update\GoogleUpdate.exe [2008-12-24 119280]
S4 HIT_PARA;HIT_PARA;c:\windows\system32\drivers\HIT_Para.sys [2008-12-10 8204]

=============== Created Last 30 ================

2009-01-16 22:04 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-01-16 22:04 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-01-16 22:04 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-16 22:04 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-01-16 22:04 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-01-16 22:04 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-01-16 22:04 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-16 22:04 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-01-16 22:04 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-01-16 19:56 <DIR> --ds---- c:\documents and settings\ro-joe\UserData
2009-01-14 21:42 <DIR> --d----- c:\documents and settings\ro-joe\.housecall6.6
2009-01-14 21:36 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-14 21:36 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-14 21:36 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-14 21:36 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-14 21:36 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-14 21:35 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-13 20:45 23,040 ac------ c:\windows\system32\dllcache\EXCH_regtrace.exe
2009-01-13 20:44 6,144 ac------ c:\windows\system32\dllcache\kbdax2.dll
2009-01-13 20:43 480,256 ac------ c:\windows\system32\dllcache\cintsetp.exe
2009-01-13 20:40 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-13 20:40 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-13 20:40 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-13 20:40 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-13 20:40 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-01-13 20:40 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-13 20:36 152,576 a------- c:\windows\system32\irftp.exe
2009-01-13 20:36 87,424 a------- c:\windows\system32\drivers\irda.sys
2009-01-13 20:36 27,136 a------- c:\windows\system32\irmon.dll
2009-01-13 20:36 8,192 a------- c:\windows\system32\wshirda.dll
2009-01-13 20:30 19,584 a------- c:\windows\system32\drivers\rasirda.sys
2009-01-13 20:27 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-01-13 20:27 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-01-13 20:27 24,661 a------- c:\windows\system32\spxcoins.dll
2009-01-13 20:27 13,312 a------- c:\windows\system32\irclass.dll
2009-01-12 20:11 331,264 a------- c:\windows\system32\wpdsp.dll
2009-01-12 20:11 18,944 a------- c:\windows\system32\drivers\wpdusb.sys
2009-01-12 20:11 10,752 a------- c:\windows\system32\wpdtrace.dll
2009-01-12 20:11 331,776 a------- c:\windows\system32\wpdmtpdr.dll
2009-01-12 20:11 114,176 a------- c:\windows\system32\wpdmtp.dll
2009-01-12 20:11 66,560 a------- c:\windows\system32\wpdmtpus.dll
2009-01-12 20:11 61,952 a------- c:\windows\system32\wpdconns.dll
2009-01-12 20:11 47,104 a------- c:\windows\system32\uwdf.exe
2009-01-12 20:11 38,912 a------- c:\windows\system32\wpd_ci.dll
2009-01-12 20:11 38,912 a------- c:\windows\system32\wdfmgr.exe
2009-01-12 20:11 15,872 a------- c:\windows\system32\wdfapi.dll
2009-01-12 20:10 1,512,448 a------- c:\windows\system32\WMVADVE.DLL
2009-01-12 20:10 335,872 a------- c:\windows\system32\WMDRMdev.dll
2009-01-12 20:10 290,816 a------- c:\windows\system32\WMDRMNet.dll
2009-01-12 20:10 1,218,808 a------- c:\windows\system32\wmvadvd.dll
2009-01-12 20:10 480,768 a------- c:\windows\system32\Audiodev.dll
2009-01-12 20:10 360,448 a------- c:\windows\system32\l3codecp.acm
2009-01-12 20:10 175,104 a------- c:\windows\system32\wmpsrcwp.dll
2009-01-12 20:10 1,589,760 a------- c:\windows\system32\wmpencen.dll
2009-01-12 19:40 14,573 a----r-- c:\windows\SETC9.tmp
2009-01-12 19:40 13,753 a----r-- c:\windows\SET8E.tmp
2009-01-12 19:40 1,086,058 a----r-- c:\windows\SET82.tmp
2009-01-12 19:40 1,042,903 a----r-- c:\windows\SET7F.tmp
2009-01-06 09:59 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-06 06:12 <DIR> --d----- c:\program files\Microsoft Windows OneCare Live
2009-01-06 02:00 502 a------- c:\windows\system32\win32hlp.cnf
2009-01-06 01:28 1 a------- c:\windows\system32\uniq.tll
2009-01-06 01:28 1 a------- c:\windows\system32\test.ttt
2009-01-05 19:31 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-05 18:46 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-05 13:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-05 13:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-05 13:38 13,724 a------- c:\windows\system32\wpa.bak
2009-01-05 13:22 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-01-05 13:04 7,334 ac------ c:\windows\system32\dllcache\wmerrenu.cat
2009-01-05 13:04 14,573 a----r-- c:\windows\SETD7.tmp
2009-01-05 13:04 13,753 a----r-- c:\windows\SET9C.tmp
2009-01-05 13:04 1,086,058 a----r-- c:\windows\SET90.tmp
2009-01-05 13:04 1,042,903 a----r-- c:\windows\SET8D.tmp
2009-01-05 07:53 1,072,123,904 a------- c:\windows\MEMORY.DMP
2009-01-02 11:36 <DIR> --d----- c:\docume~1\ro-joe\applic~1\Malwarebytes
2009-01-02 11:36 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-02 11:36 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 11:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-02 11:36 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 17:18 <DIR> --d----- c:\docume~1\ro-joe\applic~1\GlarySoft
2009-01-01 17:17 <DIR> --d----- c:\program files\AskBarDis
2009-01-01 17:17 <DIR> --d----- c:\program files\Glary Registry Repair
2009-01-01 17:14 <DIR> --d----- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-01-01 02:36 90,112 a------- c:\windows\DUMP8915.tmp
2009-01-01 00:09 262,144 a------- C:\ntuser.dat
2008-12-31 23:39 <DIR> --d----- c:\temp\REX81
2008-12-31 23:39 <DIR> --d----- c:\windows\system32\xn
2008-12-31 23:39 <DIR> --d----- c:\windows\system32\p2
2008-12-25 20:41 22,016 a------- c:\windows\system32\drivers\msircomm.sys
2008-12-22 01:18 <DIR> --d----- c:\docume~1\ro-joe\applic~1\MySpace
2008-12-22 01:18 <DIR> --d----- c:\program files\MySpace

==================== Find3M ====================

2009-01-18 00:00 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2009-01-13 20:39 23,412 a------- c:\windows\system32\emptyregdb.dat
2009-01-01 02:19 90,112 a------- c:\windows\DUMP688d.tmp
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-11-14 17:03 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 08:01 283,648 a------- c:\windows\system32\gdi32.dll

============= FINISH: 12:48:40.06 ===============

Attached Files



#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:27 AM

Posted 20 January 2009 - 08:32 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 jengels2002

jengels2002
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 20 January 2009 - 06:05 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by ro-joe at 2009-01-20 18:03:35
Microsoft Windows XP Professional Service Pack 2
System drive C: has 53 GB (75%) free of 72 GB
Total RAM: 1022 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:55 PM, on 1/20/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\TEMP\JSB75E.EXE
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Track4Win Monitor\STMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\ro-joe\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\ro-joe\Desktop\RSIT.exe
C:\Program Files\trend micro\ro-joe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UsMegaOnMon] C:\Program Files\Track4Win Monitor\STMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\ro-joe\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe -r:11 -x:1
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1227023956218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227024028343
O16 - DPF: {7E0FDFBB-87D4-43A1-9AD4-41F0EA8AFF7B} (Net6Launcher Class) - https://vpn1.conwedplastics.com/net6helper.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = conwed.conwedplastics.com
O17 - HKLM\Software\..\Telephony: DomainName = conwed.conwedplastics.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = conwed.conwedplastics.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = conwed.conwedplastics.com,Belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = conwed.conwedplastics.com,Belkin
O20 - AppInit_DLLs: stmxqe.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate1c966222ad7ad8e) (gupdate1c966222ad7ad8e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 13548 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\mtrfgxri.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_15\bin\ssv.dll [2008-02-09 452080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-24 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-11-20 911600]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-07-17 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL []
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL []
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2008-06-05 242976]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2008-06-06 181536]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [2008-08-16 425984]
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [2008-08-16 143360]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2007-05-08 702072]
"snpstd"=C:\WINDOWS\vsnpstd.exe [2004-06-10 286720]
"ISUSPM"=C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-03 1323008]
"UsMegaOnMon"=C:\Program Files\Track4Win Monitor\STMonitor.exe [2007-03-08 534528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-02-28 15360]
"AbacastDistributedOnDemand:11"=C:\Documents and Settings\ro-joe\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe [2008-09-29 54776]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="stmxqe.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll [2008-08-16 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-01-03 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [2006-08-16 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-04-25 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-03-17 34080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd
ACGina

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\user\Application Data\CitrixSAClient.exe"="C:\Documents and Settings\user\Application Data\CitrixSAClient.exe:*:Enabled:Firebox SSL"
"C:\Program Files\NET6\net6vpn.exe"="C:\Program Files\NET6\net6vpn.exe:*:Enabled:Firebox SSL"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Documents and Settings\ro-joe\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe"="C:\Documents and Settings\ro-joe\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe:*:Enabled:Abacast Distributed On-Demand"
"C:\Documents and Settings\ro-joe\Local Settings\Application Data\Abacast\Abaclient.exe"="C:\Documents and Settings\ro-joe\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Documents and Settings\ro-joe\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\ro-joe\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Track4Win Monitor\STMonitor.exe"="C:\Program Files\Track4Win Monitor\STMonitor.exe:*:Enabled:NetworkClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-20 18:03:35 ----D---- C:\rsit
2009-01-17 08:20:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-16 22:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-01-16 21:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-01-14 23:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-14 23:41:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-14 23:41:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-14 23:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-14 23:40:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-14 23:40:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-14 23:40:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-14 23:40:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-14 23:39:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-14 23:39:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-14 23:38:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-14 23:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-14 23:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-13 20:52:00 ----D---- C:\WINDOWS\Prefetch
2009-01-13 20:40:55 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-13 20:36:11 ----A---- C:\WINDOWS\system32\irmon.dll
2009-01-13 20:36:11 ----A---- C:\WINDOWS\system32\irftp.exe
2009-01-13 20:36:10 ----A---- C:\WINDOWS\system32\wshirda.dll
2009-01-13 20:27:00 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-13 20:27:00 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-13 20:26:46 ----RA---- C:\WINDOWS\SETAF.tmp
2009-01-13 20:26:38 ----RA---- C:\WINDOWS\SET74.tmp
2009-01-13 20:26:35 ----RA---- C:\WINDOWS\SET68.tmp
2009-01-13 20:26:33 ----RA---- C:\WINDOWS\SET65.tmp
2009-01-12 20:11:03 ----A---- C:\WINDOWS\system32\wpdtrace.dll
2009-01-12 20:11:03 ----A---- C:\WINDOWS\system32\wpdsp.dll
2009-01-12 20:11:02 ----A---- C:\WINDOWS\system32\wpdmtpus.dll
2009-01-12 20:11:02 ----A---- C:\WINDOWS\system32\wpdmtpdr.dll
2009-01-12 20:11:02 ----A---- C:\WINDOWS\system32\wpdmtp.dll
2009-01-12 20:11:02 ----A---- C:\WINDOWS\system32\wpdconns.dll
2009-01-12 20:11:02 ----A---- C:\WINDOWS\system32\wpd_ci.dll
2009-01-12 20:11:02 ----A---- C:\WINDOWS\system32\wdfmgr.exe
2009-01-12 20:11:02 ----A---- C:\WINDOWS\system32\wdfapi.dll
2009-01-12 20:11:02 ----A---- C:\WINDOWS\system32\uwdf.exe
2009-01-12 20:10:59 ----A---- C:\WINDOWS\system32\WMVADVE.DLL
2009-01-12 20:10:59 ----A---- C:\WINDOWS\system32\WMDRMNet.dll
2009-01-12 20:10:59 ----A---- C:\WINDOWS\system32\WMDRMdev.dll
2009-01-12 20:10:54 ----A---- C:\WINDOWS\system32\wmvadvd.dll
2009-01-12 20:10:48 ----A---- C:\WINDOWS\system32\Audiodev.dll
2009-01-12 20:10:47 ----A---- C:\WINDOWS\system32\wmpsrcwp.dll
2009-01-12 20:10:46 ----A---- C:\WINDOWS\system32\wmpencen.dll
2009-01-12 19:40:42 ----RA---- C:\WINDOWS\SETC9.tmp
2009-01-12 19:40:36 ----RA---- C:\WINDOWS\SET8E.tmp
2009-01-12 19:40:31 ----RA---- C:\WINDOWS\SET82.tmp
2009-01-12 19:40:29 ----RA---- C:\WINDOWS\SET7F.tmp
2009-01-12 19:09:02 ----SH---- C:\boot.ini
2009-01-06 12:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-01-06 12:20:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-06 12:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-06 12:19:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-06 12:19:29 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-06 12:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-06 12:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-06 12:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-06 12:18:12 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-06 12:18:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-06 12:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-06 12:17:38 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-01-06 12:16:38 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-01-06 09:59:58 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-06 06:12:00 ----D---- C:\Program Files\Microsoft Windows OneCare Live
2009-01-05 21:19:18 ----D---- C:\Program Files\Windows Live Safety Center
2009-01-05 19:31:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-05 19:19:42 ----A---- C:\WINDOWS\system32\capicom.dll
2009-01-05 14:08:00 ----D---- C:\Documents and Settings\ro-joe\Application Data\Leadertech
2009-01-05 13:53:32 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-05 13:53:32 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 13:38:02 ----A---- C:\WINDOWS\system32\wpa.bak
2009-01-05 13:04:34 ----RA---- C:\WINDOWS\SETD7.tmp
2009-01-05 13:04:30 ----RA---- C:\WINDOWS\SET9C.tmp
2009-01-05 13:04:26 ----RA---- C:\WINDOWS\SET90.tmp
2009-01-05 13:04:24 ----RA---- C:\WINDOWS\SET8D.tmp
2009-01-02 11:36:59 ----D---- C:\Documents and Settings\ro-joe\Application Data\Malwarebytes
2009-01-02 11:36:42 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-02 11:36:41 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-01 17:55:41 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-01 17:18:49 ----D---- C:\Documents and Settings\ro-joe\Application Data\GlarySoft
2009-01-01 17:17:29 ----D---- C:\Program Files\Mozilla Firefox
2009-01-01 17:17:29 ----D---- C:\Program Files\AskBarDis
2009-01-01 17:17:29 ----D---- C:\Documents and Settings\ro-joe\Application Data\Mozilla
2009-01-01 17:17:22 ----D---- C:\Program Files\Glary Registry Repair
2009-01-01 17:14:25 ----D---- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2009-01-01 02:36:19 ----A---- C:\WINDOWS\DUMP8915.tmp
2009-01-01 01:48:04 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-31 23:39:50 ----D---- C:\WINDOWS\system32\xn
2008-12-31 23:39:50 ----D---- C:\WINDOWS\system32\p2
2008-12-31 23:30:41 ----A---- C:\WINDOWS\system32\6b033fc1-.txt
2008-12-24 18:46:40 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-22 01:24:25 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-12-22 01:18:06 ----D---- C:\Documents and Settings\ro-joe\Application Data\MySpace
2008-12-22 01:18:00 ----D---- C:\Program Files\MySpace

======List of files/folders modified in the last 1 months======

2009-01-20 18:03:55 ----D---- C:\Program Files\Trend Micro
2009-01-20 17:59:54 ----D---- C:\WINDOWS\Temp
2009-01-20 17:59:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-20 17:58:48 ----A---- C:\Log.txt
2009-01-20 17:58:22 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-01-20 17:57:57 ----AD---- C:\WINDOWS\system32
2009-01-20 17:57:57 ----A---- C:\WINDOWS\system32\IPSCtrl.INI
2009-01-20 14:27:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-19 20:59:54 ----D---- C:\Program Files\NET6
2009-01-19 20:01:35 ----D---- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2009-01-18 10:52:12 ----AD---- C:\WINDOWS
2009-01-18 08:05:16 ----HD---- C:\WINDOWS\inf
2009-01-18 07:47:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-18 07:46:51 ----A---- C:\WINDOWS\imsins.BAK
2009-01-18 07:46:30 ----D---- C:\WINDOWS\ie7updates
2009-01-18 00:00:35 ----D---- C:\SWSHARE
2009-01-17 21:39:56 ----D---- C:\WINDOWS\system32\drivers
2009-01-17 21:37:32 ----SHD---- C:\RECYCLER
2009-01-17 20:52:37 ----SHD---- C:\WINDOWS\CSC
2009-01-17 17:51:31 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-16 22:08:23 ----D---- C:\WINDOWS\Help
2009-01-16 22:08:23 ----D---- C:\Program Files\Internet Explorer
2009-01-16 22:03:33 ----HDC---- C:\WINDOWS\ie7
2009-01-16 22:01:59 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-14 21:33:17 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-14 07:07:40 ----D---- C:\WINDOWS\system32\appmgmt
2009-01-14 07:07:39 ----D---- C:\Documents and Settings
2009-01-14 00:49:02 ----SHD---- C:\WINDOWS\Installer
2009-01-14 00:48:56 ----RD---- C:\Program Files
2009-01-14 00:48:44 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-14 00:33:16 ----D---- C:\WINDOWS\security
2009-01-13 20:59:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-13 20:55:08 ----D---- C:\WINDOWS\Registration
2009-01-13 20:53:21 ----A---- C:\WINDOWS\setuplog.txt
2009-01-13 20:52:12 ----SHD---- C:\System Volume Information
2009-01-13 20:52:12 ----D---- C:\WINDOWS\system32\Restore
2009-01-13 20:51:07 ----D---- C:\WINDOWS\system32\config
2009-01-13 20:42:49 ----D---- C:\Program Files\Windows Media Player
2009-01-13 20:41:57 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-13 20:41:30 ----D---- C:\WINDOWS\system32\ias
2009-01-13 20:40:58 ----RD---- C:\WINDOWS\Web
2009-01-13 20:40:47 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-13 20:40:33 ----A---- C:\WINDOWS\win.ini
2009-01-13 20:40:27 ----AD---- C:\WINDOWS\system32\oobe
2009-01-13 20:39:36 ----D---- C:\WINDOWS\system32\Com
2009-01-13 20:38:51 ----D---- C:\WINDOWS\system32\wbem
2009-01-13 20:27:06 ----N---- C:\WINDOWS\system.ini
2009-01-13 20:26:48 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-13 15:23:12 ----D---- C:\WINDOWS\system
2009-01-13 15:23:11 ----D---- C:\WINDOWS\system32\Setup
2009-01-13 15:22:58 ----D---- C:\WINDOWS\system32\usmt
2009-01-13 15:22:47 ----D---- C:\WINDOWS\AppPatch
2009-01-13 15:22:35 ----D---- C:\WINDOWS\mui
2009-01-13 15:22:34 ----D---- C:\WINDOWS\ime
2009-01-13 15:22:34 ----D---- C:\WINDOWS\ehome
2009-01-13 15:22:32 ----RSD---- C:\WINDOWS\Fonts
2009-01-13 15:22:31 ----D---- C:\WINDOWS\Media
2009-01-13 15:22:16 ----D---- C:\WINDOWS\PeerNet
2009-01-13 15:21:57 ----D---- C:\WINDOWS\system32\npp
2009-01-13 15:21:48 ----D---- C:\WINDOWS\msagent
2009-01-13 15:18:01 ----D---- C:\WINDOWS\twain_32
2009-01-13 15:17:05 ----D---- C:\WINDOWS\system32\icsxml
2009-01-13 15:16:08 ----D---- C:\WINDOWS\system32\1033
2009-01-13 15:14:40 ----D---- C:\WINDOWS\Driver Cache
2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-06 12:18:40 ----D---- C:\WINDOWS\WinSxS
2009-01-06 09:59:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-05 20:09:30 ----D---- C:\WINDOWS\Minidump
2009-01-05 13:32:52 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-05 13:22:19 ----D---- C:\WINDOWS\srchasst
2009-01-05 13:22:09 ----D---- C:\Program Files\Movie Maker
2009-01-05 13:21:57 ----D---- C:\Program Files\NetMeeting
2009-01-05 13:21:53 ----D---- C:\Program Files\Outlook Express
2009-01-05 13:21:53 ----D---- C:\Program Files\Common Files\System
2009-01-05 13:19:58 ----D---- C:\Program Files\Windows NT
2009-01-04 23:18:58 ----D---- C:\WINDOWS\network diagnostic
2009-01-02 13:03:07 ----D---- C:\Program Files\Yahoo!
2009-01-02 13:02:52 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-01-02 13:01:30 ----D---- C:\Program Files\Common Files\AOL
2009-01-02 12:59:17 ----SD---- C:\Documents and Settings\ro-joe\Application Data\Microsoft
2009-01-01 17:13:42 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-01 02:19:27 ----A---- C:\WINDOWS\DUMP688d.tmp
2009-01-01 00:53:51 ----D---- C:\Documents and Settings\ro-joe\Application Data\Yahoo!
2008-12-31 23:39:54 ----D---- C:\Temp
2008-12-31 23:24:53 ----SD---- C:\WINDOWS\Tasks
2008-12-30 19:09:32 ----A---- C:\WINDOWS\cfgall.ini
2008-12-30 07:49:40 ----A---- C:\WINDOWS\corvu.ini
2008-12-24 19:50:22 ----D---- C:\Program Files\Picasa2
2008-12-24 18:49:03 ----D---- C:\Program Files\Google
2008-12-22 01:18:07 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2008-08-15 11520]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-02-28 36096]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2000-02-03 24608]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-10-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-10-02 9343]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2006-11-14 73288]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-13 17844]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2008-09-25 4442]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008-07-31 4608]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-11-06 12080]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R2 smihlp;SMI helper driver; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 tvtfilter;tvtfilter; \??\C:\WINDOWS\system32\drivers\tvtfilter.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-06-20 178688]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-01-03 2782208]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-31 328285]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-31 851434]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-31 67384]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2006-02-28 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-01-03 252048]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-08-08 23720]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 Net6IM;Net6; C:\WINDOWS\system32\DRIVERS\net6im51.sys [2006-08-16 44664]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-03 225664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-04-25 28800]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2007-04-20 307984]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2006-07-14 17664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-02-28 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-28 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-02-28 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2006-02-28 14848]
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekanjcvjqmw.sys []
S2 HIT_PARA;HIT_PARA; C:\WINDOWS\system32\drivers\HIT_PARA.sys [2000-07-23 8204]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-31 30427]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-31 148996]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2006-02-28 9600]
S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-05 192512]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2006-02-28 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2006-02-28 11136]
S3 snpstd;Motic USB Camera; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-11-19 367488]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2006-02-28 15360]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-02-28 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2006-02-28 13952]
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-10-11 874240]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2006-02-28 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2008-08-16 90112]
R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-03-21 364629]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2008-08-16 212992]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-01-03 495616]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2006-05-31 266295]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2000-06-29 52224]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-05-24 622700]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 168432]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-08-08 41248]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2007-01-30 108080]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2007-05-08 771704]
R2 Power Manager DBC Service;Power Manager DBC Service; C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
R2 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2007-05-08 796280]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.exe [2008-05-14 37416]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2006-06-30 32768]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-07-14 723712]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2006-07-14 1974272]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2006-07-14 45056]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-27 439808]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 gupdate1c966222ad7ad8e;Google Update Service (gupdate1c966222ad7ad8e); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-12-24 119280]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TmPfw;OfficeScan NT Firewall; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [2007-04-04 943696]
S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2007-04-27 575064]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-02-28 14336]

-----------------EOF-----------------

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:27 AM

Posted 21 January 2009 - 12:54 PM

Is this a business computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?

I ask because I do not help in cleaning business or corporate computers for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.

Edited by suebaby41, 21 January 2009 - 01:08 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 jengels2002

jengels2002
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 21 January 2009 - 01:15 PM

Yes it is a business computer and yes I am the admin for this computer.
I will go ahead and bring to the IT specialists attention.

Thank you for your help. Consider this topic closed.

Edited by jengels2002, 21 January 2009 - 01:16 PM.


#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:02:27 AM

Posted 21 January 2009 - 02:02 PM

Thank you for letting me know.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users