Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SAGIPSUL / SENEKA POP-UP GENERATING MALWARE


  • This topic is locked This topic is locked
24 replies to this topic

#1 ovechkin

ovechkin

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 14 January 2009 - 01:37 AM

hi there folks,

I have been hit by the SAGIPSUL (from the url the pop-ups most often try to reach) trojan / virus / malware a day ago.

I have gone through the posts and followed through with the ComboFix solution.

Heres the log.

(However after the log was generated after automatic boot up a pop-up still managed to be generated although never fully loaded)

+++++ ++ ++++ ++++


********************* ( Just read the INSTRUCTIONS above about NOT POSTING COMBO FIX LOG unless SPECIFICALLY REQUESTED TO - 8:37 a.m. Pacific 1/14 ) SORRY*****************************************

Edited by ovechkin, 14 January 2009 - 11:39 AM.


BC AdBot (Login to Remove)

 


#2 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 14 January 2009 - 02:10 AM

POP UP URLS :

85.17.166.131
hxxp://softinvader.com/banners/O/kshdkfsjHGJHGGHHHGGGGGGkslkdldfgjMMMMMMMMMkfsdmngkdjfgNNNNNskdjflskdfjnjdfjhgggggggggjsdjhjsfhaaaaaalkdflkj.html

Edited by Orange Blossom, 11 February 2013 - 03:36 AM.
Deactivate link. ~ OB


#3 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 14 January 2009 - 02:19 AM

And yes the blue screen code ran something like this : 0x0000008e

forgive me for not jotting down the source of the fatal error

#4 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 14 January 2009 - 11:34 AM

Other URL :

mate1.com
<hxxp://nbjmp.com/click/?c=112882&s=36910&subid=rgk-single>

So still seeing POP-UPs.

ComboFix didnt do much here.

Edited by Orange Blossom, 11 February 2013 - 03:36 AM.
Deactivate link. ~ OB


#5 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 15 January 2009 - 03:35 AM

Was able to take some screen shots of the pop -ups.

Can others confirm if these are the same ones they seem to be confronted with?

Attached Files

  • Attached File  sd.jpg   25.89KB   8 downloads
  • Attached File  L.jpg   32.59KB   7 downloads
  • Attached File  sas.jpg   165.6KB   10 downloads


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 16 January 2009 - 01:02 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 25 January 2009 - 11:08 PM

MBAM LOG


Malwarebytes' Anti-Malware 1.33
Database version: 1695
Windows 5.1.2600 Service Pack 2

1/25/2009 8:01:18 PM
mbam-log-2009-01-25 (20-01-18).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134869
Time elapsed: 39 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 7
Registry Keys Infected: 15
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\qnjkojle.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wmgcyjjk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfEwWMg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\llaaynjs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\oggcfo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dqridpqm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\etdier.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76b385ba-eefe-4f62-bb96-a550671d3ad8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{76b385ba-eefe-4f62-bb96-a550671d3ad8} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2096de4-92c3-4cb5-a697-571d86bc3987} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2096de4-92c3-4cb5-a697-571d86bc3987} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76b385ba-eefe-4f62-bb96-a550671d3ad8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2096de4-92c3-4cb5-a697-571d86bc3987} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\falhfwec (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\falhfwec (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\falhfwec (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f0c0d80d (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\khfEwWMg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\khfEwWMg.dllbox (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\c:\windows\system32\khfewwmg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gMWwEfhk.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gMWwEfhk.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\etdier.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qnjkojle.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eljokjnq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmgcyjjk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kjjycgmw.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyncewee.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eewecnyx.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\llaaynjs.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\oggcfo.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dqridpqm.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Rish Meister\Local Settings\Temporary Internet Files\Content.IE5\10NESY07\upd105320[1] (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Rish Meister\Local Settings\Temporary Internet Files\Content.IE5\10NESY07\upd105320[2] (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Rish Meister\Local Settings\Temporary Internet Files\Content.IE5\KDIRMN4Z\index[1] (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Rish Meister\Local Settings\Temporary Internet Files\Content.IE5\KDIRMN4Z\index[2] (Trojan.Vundo.H) -> Delete on reboot.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ghosbs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\prunnet.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP250\A0084172.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP263\A0086538.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fqqawa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lrpidyeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tkowyluo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hwcqsh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ixvsmryz.sys (Rootkit.Agent) -> Delete on reboot.

#8 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 25 January 2009 - 11:12 PM

INFO LOG of RSIT

info.txt logfile of random's system information tool 1.05 2009-01-25 20:10:21

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Access Help-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\Setup.exe" -l0x9 UNINSTALL
AccessDiver v4.402-->"C:\Program Files\Accessdiver\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{C031CD16-1112-4133-B8C6-68F9582B3476}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Camtasia Studio 5-->MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
Client Security Solution-->MsiExec.exe /I{48227AEB-DC8E-4A90-A274-0B4A39D699B1}
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.0-->"C:\Program Files\DVDFab 5\unins000.exe"
ESET NOD32 Antivirus-->MsiExec.exe /I{7D974ACA-4EE5-412C-8E6A-A5B57B305727}
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Desktop-->MsiExec.exe /I{E4A72492-6674-46F4-8322-7FE498B6CD17}
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Help Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{986F64DC-FF15-449D-998F-EE3BCEC6666A}\Setup.exe" -l0x9 -AddRemove
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{C3B6AEB1-390C-4792-8677-CD87F8B2C959}\setup\hpzscr01.exe -datfile hposcr28.dat -onestop
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 3.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 11.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel® PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD Creator 3-->"C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech Legacy USB Camera Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\10.51.2023\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\legacyqcam\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"legacyqcam_10.51" /clone_wait /hide_progress
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
Logitech Updater-->MsiExec.exe /I{53735ECE-E461-4FD0-B742-23A352436D3A}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}\Setup.exe" -l0x9 -AddRemove
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft redistributable runtime DLLs VS2005(x86)-->MsiExec.exe /I{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Nitro PDF Professional-->MsiExec.exe /I{081D00DF-35F0-4570-8037-3E289795928F}
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up -->"C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"
Productivity Center Supplement for ThinkPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\SETUP.EXE" -l0x9 -AddRemove
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Remove Multimedia Center-->C:\swtools\apps\MMCfTO\customiz\sequencer.exe -fc:\swtools\apps\MMCfTO\customiz\uninst.seq
Rescue and Recovery-->MsiExec.exe /I{7726CF62-7B45-4E6D-9266-615346816BCA}
SAP Business Explorer-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPBI" /uninstall
SAP GUI 7.10-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /product="SAPGUI710" /uninstall
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{71883667-71F2-48A1-AB72-28D518D8AC4A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{71883667-71F2-48A1-AB72-28D518D8AC4A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
SnagIt 8-->MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Icons for Lenovo-->MsiExec.exe /I{B334D9AE-1393-423E-97C0-3BDC3360E692}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
System Migration Assistant-->MsiExec.exe /X{9EA84FDD-CCC0-47FD-A993-923165BEA47A}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}\setup.dll" -l0x9 UNINSTALLFROMSYS
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
ThinkPad Configuration-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad EasyEject Utility -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE -U -ITkp0588p.inf -ISFG
ThinkPad PC Card Power Policy-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUnInstall 132 C:\SWTOOLS\OSFIXES\PCMCIAPW\pcmciapw.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALL
ThinkVantage Active Protection System-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x9 anything
ThinkVantage Away Manager-->Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Productivity Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\SETUP.EXE" -l0x9 -AddRemove
ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe"
TVUPlayer 2.4.1.0-->C:\Program Files\TVUPlayer\uninst.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wallpapers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}\Setup.exe" -l0x9 UNINSTALL
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XP Themes-->MsiExec.exe /I{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: ESET NOD32 Antivirus 3.0

System event log

Computer Name: PRIVLGD-AXS
Event Code: 7036
Message: The Background Intelligent Transfer Service service entered the running state.

Record Number: 49598
Source Name: Service Control Manager
Time Written: 20090110182954.000000-480
Event Type: information
User:

Computer Name: PRIVLGD-AXS
Event Code: 7035
Message: The Background Intelligent Transfer Service service was successfully sent a start control.

Record Number: 49597
Source Name: Service Control Manager
Time Written: 20090110182953.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: PRIVLGD-AXS
Event Code: 14344
Message: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Record Number: 49596
Source Name: WMPNetworkSvc
Time Written: 20090110182824.000000-480
Event Type: error
User:

Computer Name: PRIVLGD-AXS
Event Code: 14344
Message: A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.

Record Number: 49595
Source Name: WMPNetworkSvc
Time Written: 20090110182823.000000-480
Event Type: error
User:

Computer Name: PRIVLGD-AXS
Event Code: 7036
Message: The Windows Media Player Network Sharing Service service entered the running state.

Record Number: 49594
Source Name: Service Control Manager
Time Written: 20090110182823.000000-480
Event Type: information
User:

Application event log

Computer Name: PRIVLGD-AXS
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 848
Source Name: SecurityCenter
Time Written: 20080519212305.000000-420
Event Type: error
User:

Computer Name: PRIVLGD-AXS
Event Code: 0
Message:
Record Number: 847
Source Name: ThinkVantage Registry Monitor Service
Time Written: 20080519212304.000000-420
Event Type: information
User:

Computer Name: PRIVLGD-AXS
Event Code: 2004
Message: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Record Number: 846
Source Name: PerfNet
Time Written: 20080519182934.000000-420
Event Type: error
User:

Computer Name: PRIVLGD-AXS
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 845
Source Name: SecurityCenter
Time Written: 20080519182916.000000-420
Event Type: information
User:

Computer Name: PRIVLGD-AXS
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 844
Source Name: SecurityCenter
Time Written: 20080519182916.000000-420
Event Type: error
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Lenovo
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"RR"=C:\Program Files\Lenovo\Rescue and Recovery
"SMA"=C:\Program Files\ThinkVantage\SMA\
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"SWSHARE"=C:\SWSHARE
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TVT"=C:\Program Files\Lenovo
"TVTCOMMON"=C:\Program Files\Common Files\Lenovo
"TVTPYDIR"=C:\Program Files\Common Files\Lenovo\Python24
"windir"=%SystemRoot%

-----------------EOF-----------------


LOG log of RSIT

Logfile of random's system information tool 1.05 (written by random/random)
Run by Rish Meister at 2009-01-25 20:10:05
Microsoft Windows XP Professional Service Pack 2
System drive C: has 68 GB (62%) free of 110 GB
Total RAM: 2046 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:19 PM, on 1/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Documents and Settings\Rish Meister\Desktop\RSIT\RSIT.exe
C:\Program Files\trend micro\Rish Meister.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dice.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.xenoport.com/dana-cached/setup/...perSetupSP1.cab
O20 - AppInit_DLLs: ocyzof.dll xltrbo.dll etdier.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 12281 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-16 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01 161352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2006-02-23 237568]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2006-06-02 856064]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2006-03-15 106496]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-07-24 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-19 925696]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2006-07-04 110592]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-08-16 69632]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"PDService.exe"=C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe [2006-03-13 41472]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2006-07-14 2341632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-04-12 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-22 185896]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Nitro PDF Printer Monitor"=C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe [2008-08-13 210224]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-14 29744]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-14 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-13 512000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-13 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2006-05-31 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3
"btwdins"=2
"RasMan"=3
"ISSVC"=2
"Irmon"=2
"SUService"=2
"seclogon"=2
"lanmanserver"=2
"Diskeeper"=2
"CryptSvc"=2
"BITS"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ocyzof.dll xltrbo.dll etdier.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-09-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [2006-08-16 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-04-25 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\khfEwWMg
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\UTorrent\utorrent.exe"="C:\Program Files\UTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Documents and Settings\Rish Meister\Desktop\Tvants.exe"="C:\Documents and Settings\Rish Meister\Desktop\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\Sopcast\adv\SopAdver.exe"="C:\Program Files\Sopcast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Sopcast\SopCast.exe"="C:\Program Files\Sopcast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{003155dd-e98f-11dd-9462-0016cfa9dcb9}]
shell\AutoRun\command - E:\InstallSeagateManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{199d9ce2-9500-11dd-9371-001641ae323a}]
shell\AutoRun\command - E:\Launch.exe /run


======List of files/folders created in the last 3 months======

2009-01-25 20:10:05 ----D---- C:\rsit
2009-01-25 20:10:05 ----D---- C:\Program Files\trend micro
2009-01-25 19:18:27 ----D---- C:\Documents and Settings\Rish Meister\Application Data\Malwarebytes
2009-01-25 19:18:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-25 19:18:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-23 16:27:13 ----A---- C:\WINDOWS\system32\gmfopq.dll
2009-01-23 16:27:09 ----A---- C:\WINDOWS\system32\xdlaqprs.dll
2009-01-22 16:26:24 ----SH---- C:\WINDOWS\system32\kfprfpnp.ini
2009-01-22 03:13:31 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-22 02:06:57 ----D---- C:\Program Files\Common Files\Logitech
2009-01-21 16:23:59 ----SH---- C:\WINDOWS\system32\ppmrvcvu.ini
2009-01-21 16:21:00 ----A---- C:\WINDOWS\system32\smglwc.dll
2009-01-21 16:20:55 ----A---- C:\WINDOWS\system32\cvolxbcr.dll
2009-01-20 17:22:15 ----A---- C:\WINDOWS\system32\lvci11801048.dll
2009-01-20 17:17:27 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-01-20 17:17:23 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-01-20 17:14:52 ----D---- C:\Program Files\Logitech
2009-01-20 16:38:18 ----A---- C:\WINDOWS\CD_Start.INI
2009-01-20 16:25:11 ----A---- C:\WINDOWS\system32\iinjig.dll
2009-01-20 16:24:53 ----A---- C:\WINDOWS\system32\nigpumei.dll
2009-01-20 16:21:54 ----SH---- C:\WINDOWS\system32\vridqodb.ini
2009-01-20 11:31:54 ----RA---- C:\WINDOWS\system32\hpowiax7.dll
2009-01-19 16:19:48 ----SH---- C:\WINDOWS\system32\ivnilcmg.ini
2009-01-18 14:58:39 ----SH---- C:\WINDOWS\system32\kimfxska.ini
2009-01-17 14:58:13 ----A---- C:\WINDOWS\system32\trroqqmy.dll
2009-01-16 11:47:45 ----SHD---- C:\RECYCLER
2009-01-16 11:45:04 ----D---- C:\WINDOWS\temp
2009-01-16 11:45:02 ----A---- C:\ComboFix.txt
2009-01-16 11:42:48 ----SH---- C:\WINDOWS\system32\enuiixgh.ini
2009-01-13 21:55:14 ----A---- C:\Boot.bak
2009-01-13 21:55:10 ----RASHD---- C:\cmdcons
2009-01-13 21:54:07 ----A---- C:\WINDOWS\zip.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\VFIND.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\SWSC.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\SWREG.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\sed.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\grep.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\fdsv.exe
2009-01-13 21:53:56 ----D---- C:\WINDOWS\ERDNT
2009-01-13 21:53:56 ----D---- C:\Qoobox
2009-01-13 16:56:10 ----A---- C:\WINDOWS\system32\fbe31c73-.txt
2009-01-11 19:23:13 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2009-01-11 19:20:38 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2009-01-11 19:20:22 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2009-01-11 19:20:20 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2009-01-11 19:19:45 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2009-01-11 19:19:45 ----RA---- C:\WINDOWS\system32\hpovst15.dll
2009-01-11 19:19:45 ----RA---- C:\WINDOWS\system32\hpotscl6.dll
2009-01-11 19:19:45 ----RA---- C:\WINDOWS\system32\difxapi.dll
2009-01-10 01:59:46 ----D---- C:\Documents and Settings\Rish Meister\Application Data\HP
2009-01-10 00:45:05 ----D---- C:\Documents and Settings\Rish Meister\Application Data\HPAppData
2009-01-10 00:10:58 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-01-10 00:10:58 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-01-10 00:10:36 ----D---- C:\Program Files\Common Files\HP
2009-01-10 00:10:35 ----D---- C:\Program Files\Hewlett-Packard
2009-01-10 00:10:31 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-01-09 23:52:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-09 23:51:22 ----HD---- C:\Config.Msi
2009-01-09 23:44:07 ----D---- C:\Program Files\HP
2008-12-22 12:17:16 ----D---- C:\Program Files\DVDFab 5
2008-12-22 12:16:00 ----D---- C:\Program Files\DVDFab
2008-12-22 12:13:27 ----D---- C:\Documents and Settings\Rish Meister\Application Data\RipIt4Me
2008-12-20 14:12:15 ----D---- C:\mynetflixrips
2008-12-15 20:35:28 ----D---- C:\Alps
2008-12-10 01:37:31 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2008-12-10 01:37:30 ----A---- C:\temp.txt
2008-12-10 01:37:15 ----D---- C:\Program Files\Xilisoft
2008-12-06 13:01:21 ----D---- C:\Program Files\Seagate
2008-12-06 13:01:21 ----D---- C:\Documents and Settings\All Users\Application Data\Seagate
2008-12-06 13:00:30 ----D---- C:\Program Files\MSXML 6.0
2008-12-06 13:00:08 ----SHD---- C:\WINDOWS\ftpcache
2008-11-26 09:32:16 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-26 09:32:16 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-26 09:32:16 ----A---- C:\WINDOWS\system32\java.exe
2008-11-15 18:37:33 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-11-11 00:30:56 ----D---- C:\Program Files\DivX
2008-11-08 00:42:11 ----D---- C:\WINDOWS\7BB40A228D9843F9A08AE7EFF5AB1324.TMP
2008-10-30 07:38:26 ----D---- C:\Documents and Settings\Rish Meister\Application Data\Juniper Networks

======List of files/folders modified in the last 3 months======

2009-01-25 20:10:05 ----RD---- C:\Program Files
2009-01-25 20:06:14 ----D---- C:\Program Files\Mozilla Firefox
2009-01-25 20:05:32 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-01-25 20:04:41 ----AD---- C:\WINDOWS
2009-01-25 20:04:36 ----A---- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
2009-01-25 20:03:04 ----D---- C:\WINDOWS\system32\drivers
2009-01-25 20:03:03 ----AD---- C:\WINDOWS\system32
2009-01-25 20:02:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-25 20:02:12 ----D---- C:\Documents and Settings\Rish Meister\Application Data\uTorrent
2009-01-25 20:01:24 ----D---- C:\WINDOWS\Prefetch
2009-01-25 00:00:36 ----D---- C:\SWSHARE
2009-01-23 13:02:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-22 03:14:39 ----SHD---- C:\WINDOWS\Installer
2009-01-22 02:06:57 ----D---- C:\Program Files\Common Files
2009-01-21 17:03:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-20 17:23:18 ----D---- C:\Program Files\Common Files\LogiShrd
2009-01-20 17:23:05 ----HD---- C:\WINDOWS\inf
2009-01-20 17:22:16 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-20 17:16:51 ----SD---- C:\Documents and Settings\Rish Meister\Application Data\Microsoft
2009-01-20 11:34:24 ----SD---- C:\WINDOWS\Tasks
2009-01-20 11:33:13 ----A---- C:\WINDOWS\win.ini
2009-01-20 11:32:25 ----D---- C:\WINDOWS\twain_32
2009-01-18 22:55:43 ----SHD---- C:\WINDOWS\CSC
2009-01-16 22:33:32 ----D---- C:\Program Files\Google
2009-01-16 22:33:09 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-16 11:41:07 ----A---- C:\WINDOWS\system.ini
2009-01-16 11:37:44 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-16 11:36:05 ----D---- C:\WINDOWS\system32\config
2009-01-16 11:35:11 ----D---- C:\WINDOWS\AppPatch
2009-01-15 23:33:04 ----D---- C:\Documents and Settings\Rish Meister\Application Data\dvdcss
2009-01-15 15:03:58 ----D---- C:\WINDOWS\WinSxS
2009-01-15 14:45:33 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-13 21:55:14 ----RASH---- C:\boot.ini
2009-01-13 20:15:11 ----D---- C:\WINDOWS\Minidump
2009-01-09 23:51:46 ----ASHD---- C:\WINDOWS\system32\dllcache
2009-01-04 20:13:49 ----D---- C:\Icons
2008-12-30 20:27:42 ----D---- C:\Program Files\TVUPlayer
2008-12-18 11:31:58 ----D---- C:\Documents and Settings\Rish Meister\Application Data\Mozilla
2008-12-16 17:57:42 ----SHD---- C:\System Volume Information
2008-12-10 00:17:22 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:17:19 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\px.dll
2008-12-03 16:10:18 ----A---- C:\WINDOWS\cdplayer.ini
2008-11-26 09:32:16 ----D---- C:\Program Files\Java
2008-11-25 21:39:40 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-25 16:47:43 ----D---- C:\Program Files\Common Files\Lenovo
2008-11-25 16:47:41 ----D---- C:\Program Files\Lenovo
2008-11-25 11:43:24 ----D---- C:\WINDOWS\Registration
2008-11-24 20:56:28 ----A---- C:\WINDOWS\saplogon.ini
2008-11-23 19:48:32 ----A---- C:\WINDOWS\ODBC.INI
2008-11-11 00:31:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-06 15:03:19 ----D---- C:\WINDOWS\Help
2008-11-05 12:38:11 ----D---- C:\Program Files\TVAnts
2008-11-02 07:26:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 4736]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-08-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-08-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-04 17699]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-07-20 7168]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-05 16512]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-08-16 5120]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R2 smihlp;SMI helper driver; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R2 tvtfilter;tvtfilter; \??\C:\WINDOWS\system32\drivers\tvtfilter.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-01-30 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5416.sys [2007-06-26 1296800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-09-12 1724416]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-31 851434]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-19 181760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys [2005-12-05 936448]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-05 192512]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2005-11-10 10112]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-18 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-13 177664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-04-25 28800]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2006-07-14 17664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-09-16 57856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys [2005-12-05 670208]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-05-14 57216]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-31 67384]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2008-07-26 95384]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-04-06 364628]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-09-12 413696]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2005-11-10 73782]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2006-08-16 73728]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2005-06-20 77824]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-07-14 723712]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2006-07-14 1974272]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2006-07-14 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2004-08-04 3584]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-14 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2006-05-31 266295]
S4 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]

-----------------EOF-----------------

#9 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 25 January 2009 - 11:22 PM

GMER LOG Attached

Attached Files

  • Attached File  GMER.txt   18.89KB   4 downloads


#10 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 25 January 2009 - 11:40 PM

Developments since I last reported on this malware / trojan
---------------------------------------------------------------------

~ Interferes with WIRELESS CONNECTION at startup. In essence wireless takes longer to successfully connect at startup - like a whole minute and a half longer - and I have XP and not Vista !
~ Interferes with legitimate attempts to open a Firefox or IE6 Browser ( Yes I still use IE6 coz they chopped the HISTORY button on IE7 )
~ POP UPs dont fully load the page they were meant to. They just end up in an error page
~ Very inconsistent with pop-up generating frequency meaning pop-ups come abruptly and end abruptly at any given browsing moment.

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 26 January 2009 - 06:11 PM

I don't know why do you took so long to reply, so be advised, I will be away from 28 Jan until 2 Feb..


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 26 January 2009 - 11:04 PM

COMBOFIX


ComboFix 09-01-21.04 - Rish Meister 2009-01-26 19:52:37.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1479 [GMT -8:00]
Running from: c:\documents and settings\Rish Meister\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\cvolxbcr.dll
c:\windows\system32\enuiixgh.ini
c:\windows\system32\gmfopq.dll
c:\windows\system32\hpowiax7.dll
c:\windows\system32\iinjig.dll
c:\windows\system32\ivnilcmg.ini
c:\windows\system32\kfprfpnp.ini
c:\windows\system32\kimfxska.ini
c:\windows\system32\nigpumei.dll
c:\windows\system32\ppmrvcvu.ini
c:\windows\system32\smglwc.dll
c:\windows\system32\vridqodb.ini
c:\windows\system32\xdlaqprs.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-27 to 2009-01-27 )))))))))))))))))))))))))))))))
.

2009-01-25 20:14 . 2009-01-25 20:14 250 --a------ c:\windows\gmer.ini
2009-01-25 20:10 . 2009-01-25 20:10 <DIR> d-------- C:\rsit
2009-01-25 20:10 . 2009-01-25 20:10 <DIR> d-------- c:\program files\trend micro
2009-01-25 19:18 . 2009-01-25 19:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 19:18 . 2009-01-25 19:18 <DIR> d-------- c:\documents and settings\Rish Meister\Application Data\Malwarebytes
2009-01-25 19:18 . 2009-01-25 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-25 19:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-25 19:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-22 03:13 . 2009-01-22 10:03 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-01-22 02:06 . 2009-01-22 02:06 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-21 17:19 . 2009-01-21 17:19 726,008 --a------ c:\documents and settings\Rish Meister\gotomypc_438.exe
2009-01-21 17:02 . 2009-01-21 17:03 3,902,784 --a------ c:\documents and settings\Rish Meister\gosetup.exe
2009-01-20 17:23 . 2009-01-26 16:52 0 --a------ c:\windows\system32\drivers\logiflt.iad
2009-01-20 17:22 . 2008-07-26 07:25 627,864 --a------ c:\windows\system32\drivers\lvrs.sys
2009-01-20 17:22 . 2008-07-26 07:23 195,096 --a------ c:\windows\system32\lvci11801048.dll
2009-01-20 17:17 . 2009-01-20 17:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
2009-01-20 17:17 . 2009-01-22 02:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2009-01-20 17:14 . 2009-01-20 17:17 <DIR> d-------- c:\program files\Logitech
2009-01-20 16:38 . 2009-01-20 16:38 32 --a------ c:\windows\CD_Start.INI
2009-01-17 14:58 . 2009-01-17 14:58 3,912 --a------ c:\windows\system32\trroqqmy.dll
2009-01-13 16:55 . 2009-01-25 20:02 2,204 --a------ c:\windows\falhfwec
2009-01-11 19:23 . 2009-01-11 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2009-01-11 19:21 . 2008-01-24 13:22 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-01-11 19:21 . 2008-01-24 13:22 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-11 19:20 . 2009-01-11 19:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-11 19:20 . 2008-01-24 13:23 271,704 -ra------ c:\windows\system32\hpzids01.dll
2009-01-11 19:20 . 2007-10-20 18:25 118,272 --a------ c:\windows\system32\hpz3l5mu.dll
2009-01-11 19:20 . 2008-01-24 13:22 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys
2009-01-11 19:19 . 2008-01-24 13:22 581,632 -ra------ c:\windows\system32\hpotscl6.dll
2009-01-11 19:19 . 2008-01-24 13:22 372,736 -ra------ c:\windows\system32\hppldcoi.dll
2009-01-11 19:19 . 2008-01-24 13:22 309,760 -ra------ c:\windows\system32\difxapi.dll
2009-01-11 19:19 . 2008-01-24 13:22 303,104 -ra------ c:\windows\system32\hpovst15.dll
2009-01-10 01:59 . 2009-01-10 01:59 <DIR> d-------- c:\documents and settings\Rish Meister\Application Data\HP
2009-01-10 00:45 . 2009-01-12 10:26 <DIR> d-------- c:\documents and settings\Rish Meister\Application Data\HPAppData
2009-01-10 00:10 . 2009-01-10 00:10 <DIR> d-------- c:\program files\Hewlett-Packard
2009-01-10 00:10 . 2009-01-10 00:10 <DIR> d-------- c:\program files\Common Files\HP
2009-01-10 00:10 . 2009-01-10 00:10 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-10 00:10 . 2009-01-10 00:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-10 00:10 . 2009-01-10 00:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-09 23:52 . 2009-01-20 17:22 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-09 23:51 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-09 23:51 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys
2009-01-09 23:44 . 2009-01-11 12:26 <DIR> d-------- c:\program files\HP
2009-01-09 23:41 . 2009-01-20 11:38 166,422 --a------ c:\windows\hpoins28.dat
2009-01-09 23:41 . 2008-06-30 20:02 796 --------- c:\windows\hpomdl28.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-27 00:52 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-01-26 18:16 --------- d-----w c:\documents and settings\Rish Meister\Application Data\uTorrent
2009-01-22 01:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 01:23 --------- d-----w c:\program files\Common Files\LogiShrd
2009-01-17 06:33 --------- d-----w c:\program files\Google
2009-01-16 07:33 --------- d-----w c:\documents and settings\Rish Meister\Application Data\dvdcss
2008-12-31 04:27 --------- d-----w c:\program files\TVUPlayer
2008-12-22 20:17 --------- d-----w c:\program files\DVDFab 5
2008-12-22 20:16 --------- d-----w c:\program files\DVDFab
2008-12-22 20:13 --------- d-----w c:\documents and settings\Rish Meister\Application Data\RipIt4Me
2008-12-10 09:37 --------- d-----w c:\program files\Xilisoft
2008-12-10 08:17 36,624 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-12-06 21:01 --------- d-----w c:\program files\Seagate
2008-12-06 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\Seagate
2008-12-06 21:00 --------- d-----w c:\program files\MSXML 6.0
2008-09-18 00:23 56,912 ----a-w c:\documents and settings\Rish Meister\g2mdlhlpx.exe
2007-02-02 01:11 582 ----a-w c:\program files\readme.txt
2007-02-02 01:02 313,344 ----a-w c:\program files\hjsplit.exe
2006-12-29 22:15 626,688 ----a-w c:\program files\Common Files\sapconsaccess.dll
2006-12-29 22:15 40,960 ----a-w c:\program files\Common Files\DigitalSignature.ocx
2006-12-29 22:15 3,100,672 ----a-w c:\program files\Common Files\sapxlhelper.dll
2006-12-29 22:15 192,512 ----a-w c:\program files\Common Files\sapconsr3.dll
2006-12-07 17:26 1,129,984 ----a-w c:\program files\Common Files\SAPActiveXL.xlt
2006-12-07 17:26 1,124,864 ----a-w c:\program files\Common Files\SAPActiveXL_nosig.xlt
2008-11-14 20:49 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-13_22.14.54.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-26 04:14:44 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 05:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2009-01-21 01:17:41 15,086 ----a-r c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ARPPRODUCTICON.exe
+ 2009-01-21 01:17:41 15,086 ----a-r c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\DesktopShortcut_10110FE91EE84A3DADFD1294F86BE5FC.exe
+ 2009-01-21 01:17:41 53,248 ----a-r c:\windows\Installer\{3AF8FCCD-F51A-4014-9002-F195E1CBC876}\ProgramGroupShortcut_EFA2BBEBCF93493B904B1B970B8DFAB6.exe
+ 2009-01-22 10:06:58 57,344 ----a-r c:\windows\Installer\{53735ECE-E461-4FD0-B742-23A352436D3A}\ARPPRODUCTICON.exe
+ 2009-01-15 23:04:51 81,920 ----a-r c:\windows\Installer\{71883667-71F2-48A1-AB72-28D518D8AC4A}\ARPPRODUCTICON.exe
+ 2009-01-15 23:04:53 45,056 ----a-r c:\windows\Installer\{71883667-71F2-48A1-AB72-28D518D8AC4A}\NewShortcut1_68F918D3F91F411B8936985CC2BD4192.exe
+ 2009-01-15 23:04:52 81,920 ----a-r c:\windows\Installer\{71883667-71F2-48A1-AB72-28D518D8AC4A}\NewShortcut2_B7AA0888E8864144BA725EAA61DC15D5.exe
+ 2009-01-15 23:04:53 81,920 ----a-r c:\windows\Installer\{71883667-71F2-48A1-AB72-28D518D8AC4A}\NewShortcut3_3AA20A2C6BEF43A6A3B4F09C5D78D1D4.exe
+ 2009-01-26 04:14:44 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2007-02-03 18:30:57 1,507,232 ----a-r c:\windows\system32\drivers\lvpopflt.sys
+ 2008-07-26 15:24:48 95,384 ----a-w c:\windows\system32\drivers\lvpopflt.sys
+ 2008-07-26 16:25:02 25,624 ----a-w c:\windows\system32\drivers\LVPr2Mon.sys
- 2007-02-03 18:32:34 41,504 ----a-r c:\windows\system32\drivers\LVUSBSta.sys
+ 2008-07-26 15:26:20 41,752 ----a-w c:\windows\system32\drivers\LVUSBSta.sys
- 2007-02-03 18:32:45 1,939,360 ----a-r c:\windows\system32\drivers\lvuvc.sys
+ 2008-07-26 15:26:42 4,658,584 ----a-w c:\windows\system32\drivers\lvuvc.sys
- 2007-02-03 18:32:58 22,560 ----a-r c:\windows\system32\drivers\lvuvcflt.sys
+ 2008-07-26 15:26:54 23,832 ----a-w c:\windows\system32\drivers\lvuvcflt.sys
+ 2006-11-21 02:02:40 847,392 -c--a-r c:\windows\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\lv321av.sys
+ 2006-11-21 02:04:11 264,992 -c--a-r c:\windows\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\lvcodec2.dll
+ 2006-11-21 02:04:23 121,632 -c--a-r c:\windows\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\lvcoinst.dll
+ 2006-11-21 02:07:02 211,744 -c--a-r c:\windows\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\LVUI2.dll
+ 2006-11-21 02:07:13 527,136 -c--a-r c:\windows\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\LVUI2RC.dll
+ 2006-11-21 02:07:47 166,688 -c--a-r c:\windows\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r c:\windows\system32\DRVSTORE\lv321v_B62F53422CAFF994DD031623AB63B906862AFCA9\msvcr71.dll
+ 2008-02-01 09:43:00 489,624 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LV561AV.sys
+ 2008-02-01 09:43:24 416,280 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcodec2.dll
+ 2008-02-01 09:43:34 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvcoinst.dll
+ 2008-02-01 09:46:14 490,008 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2.dll
+ 2008-02-01 09:46:26 465,432 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUI2RC.dll
+ 2008-02-01 09:46:38 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\LVUSBSta.sys
+ 2008-02-01 09:47:22 236,056 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\lvWIAext.dll
+ 2008-02-01 09:49:50 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvELCHv_3AAC34B8077234D1546F2D72FEA219DE3BAF5FCE\WUApp32.exe
+ 2007-02-03 18:27:55 490,784 -c--a-r c:\windows\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\LV561AV.sys
+ 2007-02-03 18:29:07 264,992 -c--a-r c:\windows\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\lvcodec2.dll
+ 2007-02-03 18:29:19 129,824 -c--a-r c:\windows\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\lvcoinst.dll
+ 2007-02-03 18:32:21 215,840 -c--a-r c:\windows\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\LVUI2.dll
+ 2007-02-03 18:32:21 527,136 -c--a-r c:\windows\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\LVUI2RC.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r c:\windows\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\LVUSBSta.sys
+ 2007-02-03 18:33:09 166,688 -c--a-r c:\windows\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r c:\windows\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\msvcr71.dll
+ 2007-02-04 00:17:28 435,736 -c--a-r c:\windows\system32\DRVSTORE\lvELCHv_9F7BE67F2856843252665E5DA13A0A0939AA29AB\WUApp32.exe
+ 2008-07-26 15:22:20 13,848 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lv302af.sys
+ 2008-07-26 15:23:28 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvcoinst.dll
+ 2008-07-26 15:25:46 627,864 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\lvrs.sys
+ 2008-07-26 15:26:20 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\LVUSBSta.sys
+ 2008-07-26 15:29:56 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2s_AAF0D42957859C79796117C24EE40D0758F83C77\WUApp32.exe
+ 2008-07-26 15:22:32 2,570,520 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LV302V32.SYS
+ 2008-07-26 15:23:18 416,280 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcodec2.dll
+ 2008-07-26 15:23:28 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvcoinst.dll
+ 2008-07-26 15:26:08 490,008 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2.dll
+ 2008-07-26 15:26:20 465,432 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUI2RC.dll
+ 2008-07-26 15:26:20 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\LVUSBSta.sys
+ 2008-07-26 15:27:18 236,056 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\lvWIAext.dll
+ 2008-07-26 15:29:56 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvPEPI2v_9B63DE375D38D105257209AE91A63E0509B924B9\WUApp32.exe
+ 2007-02-03 18:27:15 14,240 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIs_1EA7FC9E4D54C554A2B1C0552ED30ADE85DE0187\lv302af.sys
+ 2007-02-03 18:29:19 129,824 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIs_1EA7FC9E4D54C554A2B1C0552ED30ADE85DE0187\lvcoinst.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIs_1EA7FC9E4D54C554A2B1C0552ED30ADE85DE0187\LVUSBSta.sys
+ 2007-02-04 00:17:28 435,736 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIs_1EA7FC9E4D54C554A2B1C0552ED30ADE85DE0187\WUApp32.exe
+ 2007-02-03 18:27:27 938,272 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\LV302V32.SYS
+ 2007-02-03 18:29:07 264,992 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\lvcodec2.dll
+ 2007-02-03 18:29:19 129,824 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\lvcoinst.dll
+ 2007-02-03 18:32:21 215,840 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\LVUI2.dll
+ 2007-02-03 18:32:21 527,136 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\LVUI2RC.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\LVUSBSta.sys
+ 2007-02-03 18:33:09 166,688 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\msvcr71.dll
+ 2007-02-04 00:17:28 435,736 -c--a-r c:\windows\system32\DRVSTORE\lvPEPIv_92318949FCA64BA41E43C18548BE271658B9709C\WUApp32.exe
+ 2007-02-03 18:31:33 66,848 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3c_614DC83852B13504853C99BAD2166FFB56D07935\lvselsus.sys
+ 2007-02-03 18:32:58 22,560 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3c_614DC83852B13504853C99BAD2166FFB56D07935\lvuvcflt.sys
+ 2007-02-03 18:29:19 129,824 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\lvcoinst.dll
+ 2007-02-03 18:30:57 1,507,232 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\lvpopflt.sys
+ 2007-02-03 18:31:33 66,848 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\lvselsus.sys
+ 2007-02-03 18:32:34 41,504 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\LVUSBSta.sys
+ 2007-02-04 00:17:28 435,736 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3s_637BBD470692B4142169E3F4D52A7F3055BF7B3D\WUApp32.exe
+ 2007-02-03 18:29:07 264,992 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\lvcodec2.dll
+ 2007-02-03 18:29:19 129,824 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\lvcoinst.dll
+ 2007-02-03 18:32:21 215,840 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\LVUI2.dll
+ 2007-02-03 18:32:21 527,136 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\LVUI2RC.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\LVUSBSta.sys
+ 2007-02-03 18:32:45 1,939,360 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\lvuvc.sys
+ 2007-02-03 18:33:09 166,688 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\msvcr71.dll
+ 2007-02-04 00:17:28 435,736 -c--a-r c:\windows\system32\DRVSTORE\lvPRO3v_34FDA56461F22AA0217B087391C6CD78C1732BC4\WUApp32.exe
+ 2008-07-26 15:26:54 23,832 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5c_1BFC52D9685745C065979BCEBCC76EF496BB7037\lvuvcflt.sys
+ 2008-07-26 15:23:28 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvcoinst.dll
+ 2008-07-26 15:24:48 95,384 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvpopflt.sys
+ 2008-07-26 15:25:46 627,864 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvrs.sys
+ 2008-07-26 15:25:58 66,456 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\lvselsus.sys
+ 2008-07-26 15:26:20 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\LVUSBSta.sys
+ 2008-07-26 15:29:56 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5s_57FBF2DB92AA25DA75C5E6E7205A81E29D58FC02\WUApp32.exe
+ 2008-07-26 15:23:18 416,280 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcodec2.dll
+ 2008-07-26 15:23:28 195,096 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvcoinst.dll
+ 2008-07-26 15:26:08 490,008 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2.dll
+ 2008-07-26 15:26:20 465,432 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUI2RC.dll
+ 2008-07-26 15:26:20 41,752 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\LVUSBSta.sys
+ 2008-07-26 15:26:42 4,658,584 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvuvc.sys
+ 2008-07-26 15:27:18 236,056 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\lvWIAext.dll
+ 2008-07-26 15:29:56 439,568 -c--a-w c:\windows\system32\DRVSTORE\lvPRO5v_84763DE157980C4888FEDFF53A1B7C541DFDE85F\WUApp32.exe
+ 2007-02-03 18:29:19 129,824 -c--a-r c:\windows\system32\DRVSTORE\lvPROs_892D6A9698543E26AE9E1E4CD4202F838392F36D\lvcoinst.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r c:\windows\system32\DRVSTORE\lvPROs_892D6A9698543E26AE9E1E4CD4202F838392F36D\LVUSBSta.sys
+ 2007-02-04 00:17:28 435,736 -c--a-r c:\windows\system32\DRVSTORE\lvPROs_892D6A9698543E26AE9E1E4CD4202F838392F36D\WUApp32.exe
+ 2007-02-03 18:25:55 1,075,360 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\Camdrl.sys
+ 2007-02-03 18:26:06 154,400 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\CamExL20.dll
+ 2007-02-03 18:29:07 264,992 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\lvcodec2.dll
+ 2007-02-03 18:29:19 129,824 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\lvcoinst.dll
+ 2007-02-03 18:32:21 215,840 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\LVUI2.dll
+ 2007-02-03 18:32:21 527,136 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\LVUI2RC.dll
+ 2007-02-03 18:32:34 41,504 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\LVUSBSta.sys
+ 2007-02-03 18:33:09 166,688 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\msvcr71.dll
+ 2007-02-04 00:17:28 435,736 -c--a-r c:\windows\system32\DRVSTORE\lvPROv_2F8FA311AB273C3C2B47DA430D29C591CDDDB624\WUApp32.exe
+ 2006-11-21 02:06:28 65,824 -c--a-r c:\windows\system32\DRVSTORE\lvS213c_2ED6B19949B63F5F3BD3FC5BAC40FE63CEFC27E0\lvselsus.sys
+ 2006-11-21 02:07:36 21,536 -c--a-r c:\windows\system32\DRVSTORE\lvS213c_2ED6B19949B63F5F3BD3FC5BAC40FE63CEFC27E0\lvuvcflt.sys
+ 2006-11-21 02:04:11 264,992 -c--a-r c:\windows\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\lvcodec2.dll
+ 2006-11-21 02:04:23 121,632 -c--a-r c:\windows\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\lvcoinst.dll
+ 2006-11-21 02:07:02 211,744 -c--a-r c:\windows\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\LVUI2.dll
+ 2006-11-21 02:07:13 527,136 -c--a-r c:\windows\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\LVUI2RC.dll
+ 2006-11-21 02:07:25 40,352 -c--a-r c:\windows\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\LVUSBSta.sys
+ 2006-11-21 02:07:36 1,085,216 -c--a-r c:\windows\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\lvuvc.sys
+ 2006-11-21 02:07:47 166,688 -c--a-r c:\windows\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r c:\windows\system32\DRVSTORE\lvS213v_25D0BF886C34221FF88541C44ECCE6F52E647BAC\msvcr71.dll
+ 2007-01-09 00:51:58 65,824 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYc_96D0E39DE53FC74E2F1845FA7AA7B24B9CABD2E1\lvselsus.sys
+ 2007-01-09 00:52:32 21,536 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYc_96D0E39DE53FC74E2F1845FA7AA7B24B9CABD2E1\lvuvcflt.sys
+ 2007-01-09 00:51:35 121,632 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYs_31A1B329DDE39E828D05492B2D0D4E12163A13DF\lvcoinst.dll
+ 2007-01-09 00:51:47 1,512,224 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYs_31A1B329DDE39E828D05492B2D0D4E12163A13DF\lvpopflt.sys
+ 2007-01-09 00:51:58 65,824 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYs_31A1B329DDE39E828D05492B2D0D4E12163A13DF\lvselsus.sys
+ 2007-01-09 00:52:21 40,352 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYs_31A1B329DDE39E828D05492B2D0D4E12163A13DF\LVUSBSta.sys
+ 2007-01-09 00:51:24 264,992 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\lvcodec2.dll
+ 2007-01-09 00:51:35 121,632 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\lvcoinst.dll
+ 2007-01-09 00:52:09 211,744 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\LVUI2.dll
+ 2007-01-09 00:52:09 527,136 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\LVUI2RC.dll
+ 2007-01-09 00:52:21 40,352 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\LVUSBSta.sys
+ 2007-01-09 00:52:32 1,085,216 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\lvuvc.sys
+ 2007-01-09 00:52:36 166,688 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r c:\windows\system32\DRVSTORE\lvSCBYv_19AE5E7076A880D970D3D9DE0FFE6044740B6561\msvcr71.dll
+ 2007-01-09 00:53:12 847,392 -c--a-r c:\windows\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\lv321av.sys
+ 2007-01-09 00:53:23 264,992 -c--a-r c:\windows\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\lvcodec2.dll
+ 2007-01-09 00:53:35 121,632 -c--a-r c:\windows\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\lvcoinst.dll
+ 2007-01-09 00:53:47 211,744 -c--a-r c:\windows\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\LVUI2.dll
+ 2007-01-09 00:53:58 527,136 -c--a-r c:\windows\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\LVUI2RC.dll
+ 2007-01-09 00:54:05 166,688 -c--a-r c:\windows\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\lvWIAext.dll
+ 2003-02-21 12:42:22 348,160 -c--a-r c:\windows\system32\DRVSTORE\lvVLMAv_016D215D90315FD225D4A5DC395573873D874507\msvcr71.dll
- 2009-01-11 08:00:00 5,427 ----a-w c:\windows\system32\EGATHDRV.SYS
+ 2009-01-25 08:00:00 5,427 ----a-w c:\windows\system32\EGATHDRV.SYS
- 2007-02-03 18:29:07 264,992 ----a-r c:\windows\system32\lvcodec2.dll
+ 2008-07-26 15:23:18 416,280 ----a-w c:\windows\system32\lvcodec2.dll
- 2007-02-03 18:32:21 215,840 ----a-r c:\windows\system32\LVUI2.dll
+ 2008-07-26 15:26:08 490,008 ----a-w c:\windows\system32\LVUI2.dll
- 2007-02-03 18:32:21 527,136 ----a-r c:\windows\system32\LVUI2RC.dll
+ 2008-07-26 15:26:20 465,432 ----a-w c:\windows\system32\LVUI2RC.dll
+ 2008-10-01 00:01:14 8,192 ----a-w c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
+ 2008-07-26 16:25:24 109,080 ----a-w c:\windows\temp\logishrd\LVPrcInj01.dll
- 2007-02-03 18:33:09 166,688 ----a-r c:\windows\twain_32\QuickCam\lvWIAext.dll
+ 2008-07-26 15:27:18 236,056 ----a-w c:\windows\twain_32\QuickCam\lvWIAext.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-05 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-24 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-04-12 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-22 185896]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-08-13 210224]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-14 29744]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"TpShocks"="TpShocks.exe" [2006-03-15 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 c:\windows\system32\TP4EX.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-03-24 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 09:07 49152 c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 19:20 40448 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 06:45 28672 c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 03:16 24576 c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ocyzof.dll xltrbo.dll etdier.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-11-14 12:49 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-02-13 21:16 512000 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2006-02-13 21:17 110592 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"btwdins"=2 (0x2)
"RasMan"=3 (0x3)
"ISSVC"=2 (0x2)
"Irmon"=2 (0x2)
"SUService"=2 (0x2)
"seclogon"=2 (0x2)
"lanmanserver"=2 (0x2)
"Diskeeper"=2 (0x2)
"CryptSvc"=2 (0x2)
"BITS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UTorrent\\utorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Documents and Settings\\Rish Meister\\Desktop\\Tvants.exe"=
"c:\\Program Files\\Sopcast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Sopcast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2008-03-24 88576]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2008-03-24 4736]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2008-03-24 57216]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R4 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [2006-03-13 58368]
R4 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
R4 smihlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 3456]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-24 29744]
S4 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2006-04-29 3584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{003155dd-e98f-11dd-9462-0016cfa9dcb9}]
\Shell\AutoRun\command - E:\InstallSeagateManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{199d9ce2-9500-11dd-9371-001641ae323a}]
\Shell\AutoRun\command - E:\Launch.exe /run
.
Contents of the 'Scheduled Tasks' folder

2009-01-22 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2008-03-28 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Rish Meister\Application Data\Mozilla\Firefox\Profiles\5fd1q0wg.default\
FF - prefs.js: browser.startup.homepage - hxxp://jewelry.shop.ebay.com/items/Wristwatches__CITIZEN-seiko-watch-wristwatch-croton-bernoulli-diesel-wohler-rolex-bulova-fossil-timex-casio-nike-guess-invicta?_nkw=(CITIZEN%2Cseiko%2Cwatch%2Cwristwatch)%20-(croton%2Cbernoulli%2Cdiesel%2Cwohler%2Crolex%2Cbulova%2Cfossil%2Ctimex%2Ccasio%2Cnike%2Cguess%2Cinvicta)&_dmpt=Wristwatches&_fln=1&_fromfsb=&_sacat=31387&_sop=1&_ssov=1&_trksid=p3286.c0.m282&_mPrRngCbx=1&_udlo=99&_udhi=399
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Rish Meister\Application Data\Mozilla\Firefox\Profiles\5fd1q0wg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-26 19:58:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1580)
c:\windows\system32\vrlogon.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll

- - - - - - - > 'lsass.exe'(1636)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\IPSSVC.EXE
c:\windows\system32\acs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-01-26 20:02:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-27 04:02:48
ComboFix2.txt 2009-01-16 19:45:02
ComboFix3.txt 2009-01-14 06:17:38

Pre-Run: 68,330,504,192 bytes free
Post-Run: 68,334,612,480 bytes free

464

#13 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 26 January 2009 - 11:07 PM

HIJACK THIS LOG


Logfile of random's system information tool 1.05 (written by random/random)
Run by (Redacted) at 2009-01-26 20:05:46
Microsoft Windows XP Professional Service Pack 2
System drive C: has 65 GB (59%) free of 110 GB
Total RAM: 2046 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:05:50 PM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\WINDOWS\system32\acs.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rish Meister\Desktop\RSIT\RSIT.exe
C:\Program Files\trend micro\Rish Meister.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://dice.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://vpn.xenoport.com/dana-cached/setup/...perSetupSP1.cab
O20 - AppInit_DLLs: ocyzof.dll xltrbo.dll etdier.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 11779 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2007-05-01 63048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-16 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-05-01 161352]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2006-02-23 237568]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2006-06-02 856064]
"TpShocks"=C:\WINDOWS\system32\TpShocks.exe [2006-03-15 106496]
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [2006-07-24 94208]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2005-10-17 65536]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-19 925696]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [2006-07-04 110592]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2006-02-02 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [2006-08-16 69632]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"PDService.exe"=C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe [2006-03-13 41472]
"cssauth"=C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2006-07-14 2341632]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-04-12 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-22 185896]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Nitro PDF Printer Monitor"=C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe [2008-08-13 210224]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-14 29744]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"MaxMenuMgr"=C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2008-10-28 181544]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-05 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-14 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-02-13 512000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2006-02-13 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\ThinkPad\BLUETO~1\BTTray.exe [2006-05-31 622653]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3
"btwdins"=2
"RasMan"=3
"ISSVC"=2
"Irmon"=2
"SUService"=2
"seclogon"=2
"lanmanserver"=2
"Diskeeper"=2
"CryptSvc"=2
"BITS"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="ocyzof.dll xltrbo.dll etdier.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-09-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [2006-08-16 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-04-25 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\WINDOWS\system32\notifyf2.dll [2005-07-05 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2005-11-30 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\UTorrent\utorrent.exe"="C:\Program Files\UTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe"="C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\English\setup.exe:*:Enabled:Kaspersky Internet Security 7.0 Setup"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Documents and Settings\Rish Meister\Desktop\Tvants.exe"="C:\Documents and Settings\Rish Meister\Desktop\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\Sopcast\adv\SopAdver.exe"="C:\Program Files\Sopcast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Sopcast\SopCast.exe"="C:\Program Files\Sopcast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{003155dd-e98f-11dd-9462-0016cfa9dcb9}]
shell\AutoRun\command - E:\InstallSeagateManager.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{199d9ce2-9500-11dd-9371-001641ae323a}]
shell\AutoRun\command - E:\Launch.exe /run


======List of files/folders created in the last 3 months======

2009-01-26 20:02:52 ----A---- C:\ComboFix.txt
2009-01-25 20:14:46 ----A---- C:\WINDOWS\gmer.ini
2009-01-25 20:14:44 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-25 20:14:44 ----A---- C:\WINDOWS\gmer.exe
2009-01-25 20:14:44 ----A---- C:\WINDOWS\gmer.dll
2009-01-25 20:10:05 ----D---- C:\rsit
2009-01-25 20:10:05 ----D---- C:\Program Files\trend micro
2009-01-25 19:18:27 ----D---- C:\Documents and Settings\Rish Meister\Application Data\Malwarebytes
2009-01-25 19:18:19 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-25 19:18:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-22 03:13:31 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-22 02:06:57 ----D---- C:\Program Files\Common Files\Logitech
2009-01-20 17:22:15 ----A---- C:\WINDOWS\system32\lvci11801048.dll
2009-01-20 17:17:27 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-01-20 17:17:23 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-01-20 17:14:52 ----D---- C:\Program Files\Logitech
2009-01-20 16:38:18 ----A---- C:\WINDOWS\CD_Start.INI
2009-01-17 14:58:13 ----A---- C:\WINDOWS\system32\trroqqmy.dll
2009-01-16 11:45:04 ----D---- C:\WINDOWS\temp
2009-01-13 21:55:14 ----A---- C:\Boot.bak
2009-01-13 21:55:10 ----RASHD---- C:\cmdcons
2009-01-13 21:54:07 ----A---- C:\WINDOWS\zip.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\VFIND.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\SWSC.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\SWREG.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\sed.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\grep.exe
2009-01-13 21:54:07 ----A---- C:\WINDOWS\fdsv.exe
2009-01-13 21:53:56 ----D---- C:\WINDOWS\ERDNT
2009-01-13 21:53:56 ----D---- C:\Qoobox
2009-01-13 16:56:10 ----A---- C:\WINDOWS\system32\fbe31c73-.txt
2009-01-11 19:23:13 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2009-01-11 19:20:38 ----D---- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2009-01-11 19:20:22 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2009-01-11 19:20:20 ----A---- C:\WINDOWS\system32\hpz3l5mu.dll
2009-01-11 19:19:45 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2009-01-11 19:19:45 ----RA---- C:\WINDOWS\system32\hpovst15.dll
2009-01-11 19:19:45 ----RA---- C:\WINDOWS\system32\hpotscl6.dll
2009-01-11 19:19:45 ----RA---- C:\WINDOWS\system32\difxapi.dll
2009-01-10 01:59:46 ----D---- C:\Documents and Settings\Rish Meister\Application Data\HP
2009-01-10 00:45:05 ----D---- C:\Documents and Settings\Rish Meister\Application Data\HPAppData
2009-01-10 00:10:58 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-01-10 00:10:58 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-01-10 00:10:36 ----D---- C:\Program Files\Common Files\HP
2009-01-10 00:10:35 ----D---- C:\Program Files\Hewlett-Packard
2009-01-10 00:10:31 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-01-09 23:52:09 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-09 23:51:22 ----HD---- C:\Config.Msi
2009-01-09 23:44:07 ----D---- C:\Program Files\HP
2008-12-22 12:17:16 ----D---- C:\Program Files\DVDFab 5
2008-12-22 12:16:00 ----D---- C:\Program Files\DVDFab
2008-12-22 12:13:27 ----D---- C:\Documents and Settings\Rish Meister\Application Data\RipIt4Me
2008-12-20 14:12:15 ----D---- C:\mynetflixrips
2008-12-15 20:35:28 ----D---- C:\Alps
2008-12-10 01:37:31 ----A---- C:\WINDOWS\system32\WNASPI32.DLL
2008-12-10 01:37:30 ----A---- C:\temp.txt
2008-12-10 01:37:15 ----D---- C:\Program Files\Xilisoft
2008-12-06 13:01:21 ----D---- C:\Program Files\Seagate
2008-12-06 13:01:21 ----D---- C:\Documents and Settings\All Users\Application Data\Seagate
2008-12-06 13:00:30 ----D---- C:\Program Files\MSXML 6.0
2008-12-06 13:00:08 ----SHD---- C:\WINDOWS\ftpcache
2008-11-26 09:32:16 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-26 09:32:16 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-26 09:32:16 ----A---- C:\WINDOWS\system32\java.exe
2008-11-15 18:37:33 ----D---- C:\Documents and Settings\All Users\Application Data\TVU Networks
2008-11-11 00:30:56 ----D---- C:\Program Files\DivX
2008-11-08 00:42:11 ----D---- C:\WINDOWS\7BB40A228D9843F9A08AE7EFF5AB1324.TMP
2008-10-30 07:38:26 ----D---- C:\Documents and Settings\Rish Meister\Application Data\Juniper Networks

======List of files/folders modified in the last 3 months======

2009-01-26 20:02:58 ----D---- C:\Program Files\Mozilla Firefox
2009-01-26 20:02:55 ----D---- C:\WINDOWS\Prefetch
2009-01-26 20:02:54 ----D---- C:\WINDOWS\system32\drivers
2009-01-26 20:02:54 ----AD---- C:\WINDOWS\system32
2009-01-26 20:02:53 ----AD---- C:\WINDOWS
2009-01-26 20:01:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-26 19:59:09 ----A---- C:\WINDOWS\system.ini
2009-01-26 19:58:48 ----A---- C:\WINDOWS\system32\PROCDB.INI
2009-01-26 19:57:07 ----A---- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
2009-01-26 19:54:42 ----D---- C:\WINDOWS\system32\config
2009-01-26 19:54:01 ----D---- C:\WINDOWS\AppPatch
2009-01-26 19:54:01 ----D---- C:\Program Files\Common Files
2009-01-26 19:52:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-26 10:16:47 ----D---- C:\Documents and Settings\Rish Meister\Application Data\uTorrent
2009-01-25 20:10:05 ----RD---- C:\Program Files
2009-01-25 00:00:36 ----D---- C:\SWSHARE
2009-01-22 03:14:39 ----SHD---- C:\WINDOWS\Installer
2009-01-21 17:03:14 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-20 17:23:18 ----D---- C:\Program Files\Common Files\LogiShrd
2009-01-20 17:23:05 ----HD---- C:\WINDOWS\inf
2009-01-20 17:22:16 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-20 17:16:51 ----SD---- C:\Documents and Settings\Rish Meister\Application Data\Microsoft
2009-01-20 11:34:24 ----SD---- C:\WINDOWS\Tasks
2009-01-20 11:33:13 ----A---- C:\WINDOWS\win.ini
2009-01-20 11:32:25 ----D---- C:\WINDOWS\twain_32
2009-01-18 22:55:43 ----SHD---- C:\WINDOWS\CSC
2009-01-16 22:33:32 ----D---- C:\Program Files\Google
2009-01-16 22:33:09 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-16 11:37:44 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-15 23:33:04 ----D---- C:\Documents and Settings\Rish Meister\Application Data\dvdcss
2009-01-15 15:03:58 ----D---- C:\WINDOWS\WinSxS
2009-01-15 14:45:33 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-13 21:55:14 ----RASH---- C:\boot.ini
2009-01-13 20:15:11 ----D---- C:\WINDOWS\Minidump
2009-01-09 23:51:46 ----ASHD---- C:\WINDOWS\system32\dllcache
2009-01-04 20:13:49 ----D---- C:\Icons
2008-12-30 20:27:42 ----D---- C:\Program Files\TVUPlayer
2008-12-18 11:31:58 ----D---- C:\Documents and Settings\Rish Meister\Application Data\Mozilla
2008-12-16 17:57:42 ----SHD---- C:\System Volume Information
2008-12-10 00:17:22 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-10 00:17:19 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-12-10 00:17:18 ----A---- C:\WINDOWS\system32\px.dll
2008-12-03 16:10:18 ----A---- C:\WINDOWS\cdplayer.ini
2008-11-26 09:32:16 ----D---- C:\Program Files\Java
2008-11-25 21:39:40 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-25 16:47:43 ----D---- C:\Program Files\Common Files\Lenovo
2008-11-25 16:47:41 ----D---- C:\Program Files\Lenovo
2008-11-25 11:43:24 ----D---- C:\WINDOWS\Registration
2008-11-24 20:56:28 ----A---- C:\WINDOWS\saplogon.ini
2008-11-23 19:48:32 ----A---- C:\WINDOWS\ODBC.INI
2008-11-11 00:31:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-06 15:03:19 ----D---- C:\WINDOWS\Help
2008-11-05 12:38:11 ----D---- C:\Program Files\TVAnts
2008-11-02 07:26:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-11-18 5660]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-11-18 22684]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-02-20 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-27 36096]
R1 ShockMgr;ShockMgr; C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 4736]
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2006-08-02 14848]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2006-08-02 9343]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2005-07-04 17699]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2006-07-20 7168]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-05-05 16512]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-02-02 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2006-02-02 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-02-02 86652]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-02-02 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-02-02 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-02-02 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-02-02 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-11-18 40544]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-02-20 39944]
R2 EGATHDRV;IBM eGatherer; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-04 12544]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 PrivateDisk;PrivateDisk; \??\C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys []
R2 PROCDD;IPS Helper Driver; C:\WINDOWS\system32\DRIVERS\PROCDD.SYS [2006-08-16 5120]
R2 smi2;smi2; \??\C:\Program Files\SMI2\smi2.sys []
R2 smihlp;SMI helper driver; \??\C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys []
R2 tvtfilter;tvtfilter; \??\C:\WINDOWS\system32\drivers\tvtfilter.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-01-30 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-04-26 93824]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5416.sys [2007-06-26 1296800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-09-12 1724416]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-31 851434]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-04-19 181760]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\hsx_dpv.sys [2005-12-05 936448]
R3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys [2005-12-05 192512]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2005-11-10 10112]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-03 28672]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-18 21376]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-02-13 177664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-04-25 28800]
R3 TVTPktFilter;TVT Packet Filter Service; C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys [2006-07-14 17664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-09-16 57856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\hsx_cnxt.sys [2005-12-05 670208]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-05-14 57216]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-31 67384]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2008-07-26 95384]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-04-06 364628]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-09-12 413696]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2005-11-10 73782]
R2 IPSSVC;IPS Core Service; C:\WINDOWS\system32\IPSSVC.EXE [2006-08-16 73728]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
R2 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\WINDOWS\System32\TPHDEXLG.EXE [2005-06-20 77824]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2005-06-06 32768]
R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2006-07-14 723712]
R2 TVT Backup Service;TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [2006-07-14 1974272]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 tvtnetwk;tvtnetwk; C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe [2006-07-14 45056]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2004-08-04 3584]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-14 29744]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2006-05-31 266295]
S4 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2008-10-20 28672]

-----------------EOF-----------------

#14 ovechkin

ovechkin
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 26 January 2009 - 11:08 PM

Sorry I gave up initially after no one attended to my post.

And then I checked back yesterday to find your post.

One note:

When running the COmboFIX (after the boot up) several programs (start up ones) did open up including

NOD32 (ESET) Antivirus software

although I did disable it before running ComboFix

Edited by ovechkin, 26 January 2009 - 11:10 PM.


#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 26 January 2009 - 11:22 PM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\trroqqmy.dll
c:\windows\falhfwec
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the ComboFix log in your next reply...




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
Post these logs in your next reply..

1. ComboFix
2. ESET Online Scanner
3. Tell me, how's the computer now? :thumbsup:

Edited by fenzodahl512, 26 January 2009 - 11:22 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users