Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
15 replies to this topic

#1 edgarog

edgarog

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 08 September 2011 - 08:37 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:55:36 PM, on 9/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\DTS.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\AtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\Program Files\OCS Inventory Agent\ocsservice.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
c:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lenovo\Client Security Solution\password_manager.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\IBM\Sametime Connect\sametime.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\lotus\notes\nlnotes.exe
C:\Program Files\AT&T Network Client\NetClient.exe
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\SAP\FrontEnd\sapgui\saplogon.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ehgestrada\My Documents\HousecallLauncher.exe
C:\DOCUME~1\EHGEST~1\LOCALS~1\Temp\7zS48.tmp\setup.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\ehgestrada\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovocentral.lenovo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKUS\S-1-5-21-3108564141-2461804920-2821191145-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-3108564141-2461804920-2821191145-1007\..\RunOnce: [TaskBarOnTop] C:\WINDOWS\SYSTEM32\SetWinTB.exe /TOPMOST=Y (User 'Administrator')
O4 - HKUS\S-1-5-21-3108564141-2461804920-2821191145-1007\..\RunOnce: [] (User 'Administrator')
O4 - HKUS\S-1-5-21-893219669-150845782-1589865915-11805\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'TEMP')
O4 - HKUS\S-1-5-21-893219669-150845782-1589865915-11805\..\RunOnce: [TaskBarOnTop] C:\WINDOWS\SYSTEM32\SetWinTB.exe /TOPMOST=Y (User 'TEMP')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - STCWeb.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://telwancam.dnsalias.com:8010/RtspVaPgDec.cab
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://webvpn.us.lenovo.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274886520078
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} (CV781Object Object) - http://telwancam.dnsalias.com:8090/AVC_AX_724.cab
O16 - DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - https://w3-03.ibm.com/Hyperion/zeroadmin/component/Brio.InsightNoHelp.en.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} (OCXDownloadChecker Control) - http://telwancam.dnsalias.com:9000/cab/OCXChecker_8320.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intercalleurope.webex.com/client/T27L10NSP11EP14/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = lenovo.com
O17 - HKLM\Software\..\Telephony: DomainName = lenovo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E477C33D-F4AD-4BEC-913F-3A1E127F4B94}: Domain = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E477C33D-F4AD-4BEC-913F-3A1E127F4B94}: NameServer = 9.18.232.128,9.18.167.128
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = lenovo.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = lenovo.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: ATFUS - C:\WINDOWS\system32\FpWinLogonNp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\WINDOWS\system32\ADMonitor.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: Ataman TCP Remote Logon Services - Unknown owner - C:\Hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\WINDOWS\system32\AtService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\WINDOWS\system32\DTS.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Fingerprint Server (FingerprintServer) - AuthenTec,Inc - C:\WINDOWS\system32\FpLogonServ.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iClarityQoSService - AVAYA Communication - C:\Program Files\Avaya\Avaya one-X Communicator\QosServM.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://www.ocsinventory-ng.org - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\EHGEST~1\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - c:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\\agent.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - c:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 22850 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 PM

Posted 13 September 2011 - 07:25 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

This is the only item in your log that is supcicious. Would you know what it is / does in a Temporary folder?

C:\DOCUME~1\EHGEST~1\LOCALS~1\Temp\7zS48.tmp\setup.exe
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

Please let me know what problem you are having with this computer.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 PM

Posted 19 September 2011 - 08:38 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 edgarog

edgarog
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 21 September 2011 - 03:12 PM

Hi Nasdaq, below the log of dds.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by ehgestrada at 10:02:33 on 2011-09-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.1360 [GMT -5:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IBM\Sametime Connect\sametime.exe
C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe
C:\Documents and Settings\ehgestrada\My Documents\HousecallLauncher.exe
C:\DOCUME~1\EHGEST~1\LOCALS~1\Temp\7zS3.tmp\setup.exe
C:\Program Files\AT&T Network Client\NetClient.exe
C:\Program Files\lotus\notes\nlnotes.exe
C:\Program Files\lotus\notes\nNOTESMM.EXE
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovocentral.lenovo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Trixie.Bho: {b0744341-96e0-4341-9ed2-8bc36ce0ccd0} - mscoree.dll
BHO: IePasswordManagerHelper Class: {bf468356-bb7e-42d7-9f15-4f3b9bcfced2} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t network client\NetSP.exe" -show
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [Tpam.exe] "c:\program files\ibm\personal communications\tpam.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [LPMailChecker] c:\progra~1\thinkv~1\prdctr\LPMLCHK.exe
mRun: [LENOVO.TPFNF6R] c:\program files\lenovo\hotkey\TPFNF6R.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
IE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
Trusted Zone: lenovo.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - STCWeb.cab
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://telwancam.dnsalias.com:8010/RtspVaPgDec.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.us.lenovo.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274886520078
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} - hxxp://telwancam.dnsalias.com:8090/AVC_AX_724.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - hxxps://w3-03.ibm.com/Hyperion/zeroadmin/component/Brio.InsightNoHelp.en.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://telwancam.dnsalias.com:9000/cab/OCXChecker_8320.cab
DPF: {CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intercalleurope.webex.com/client/T27L10NSP11EP14/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{67BED218-F714-4BE6-958F-5CF76D2E9657} : DhcpNameServer = 10.34.70.21 10.34.70.22 10.38.0.101 10.38.0.111 10.96.1.18 10.99.20.14 131.161.247.232 205.152.37.23
TCP: Interfaces\{E477C33D-F4AD-4BEC-913F-3A1E127F4B94} : NameServer = 9.18.232.128,9.18.167.128
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: ACNotify - ACNotify.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: atmgrtok - atmgrtok.dll
Notify: igfxcui - igfxdev.dll
Notify: pcsinst - pcsinst.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 10.37.9.234 Lenovo-Print
Hosts: 10.96.13.31 PEKAX121 pekax121.lenovo.com
Hosts: 10.96.14.103 international group
.
============= SERVICES / DRIVERS ===============
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-1-28 20520]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-12-21 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-12-21 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-12-21 1839776]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-5-24 239760]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
S2 Ataman TCP Remote Logon Services;Ataman TCP Remote Logon Services;c:\hyperion\biplus\bin\sqr\remote\bin\atrls.exe [2010-5-26 71168]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-3-19 1680632]
S2 CBA8;LANDesk® Management Agent;c:\program files\landesk\shared files\residentAgent.exe [2008-11-18 155648]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-3-19 98304]
S2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\landesk\ldclient\policy.client.invoker.exe [2010-5-24 118784]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-7-13 45424]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-4-28 94208]
S2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\ocs inventory agent\OcsService.exe [2008-4-21 69632]
S2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-5-24 53248]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ehgest~1\locals~1\temp\dx9\sessionlauncher.exe --> c:\docume~1\ehgest~1\locals~1\temp\dx9\SessionLauncher.exe [?]
S2 Softmon;LANDesk® Software Monitoring Service;c:\program files\landesk\ldclient\softmon.exe [2010-5-24 385024]
S2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-7-13 62320]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-13 520192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
S2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2010-5-24 2058776]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-10-9 493248]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-3-19 106496]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2010-5-24 482176]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-12-21 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-28 105592]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2009-3-19 118784]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [2010-5-24 11904]
S3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [2010-5-24 3328]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2011-5-7 28672]
S3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [2010-5-24 3712]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110920.002\NAVENG.SYS [2011-9-20 86136]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110920.002\NAVEX15.SYS [2011-9-20 1576312]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-4-12 18432]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-6-15 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-6-15 11104]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-25 1120752]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2010-5-24 37312]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [2009-6-3 15744]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys --> c:\windows\system32\drivers\wdcsam.sys [?]
.
=============== Created Last 30 ================
.
2011-09-21 11:48:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-01 01:43:43 -------- d-----w- c:\program files\iPod
2011-09-01 01:41:15 159744 ------w- c:\program files\internet explorer\módulos\npqtplugin7.dll
2011-09-01 01:41:15 159744 ------w- c:\program files\internet explorer\módulos\npqtplugin6.dll
2011-09-01 01:41:15 159744 ------w- c:\program files\internet explorer\módulos\npqtplugin5.dll
2011-09-01 01:41:15 159744 ------w- c:\program files\internet explorer\módulos\npqtplugin4.dll
2011-09-01 01:41:14 159744 ------w- c:\program files\internet explorer\módulos\npqtplugin3.dll
2011-09-01 01:41:14 159744 ------w- c:\program files\internet explorer\módulos\npqtplugin2.dll
2011-09-01 01:41:14 159744 ------w- c:\program files\internet explorer\módulos\npqtplugin.dll
2011-09-01 01:37:29 -------- d-----w- c:\program files\Bonjour
2011-08-30 14:23:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-30 14:23:46 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-08-30 03:36:21 65808 ------w- c:\windows\system32\drivers\tmrkb.sys
2011-08-29 17:24:21 98816 ------w- c:\windows\sed.exe
2011-08-29 17:24:21 518144 ------w- c:\windows\SWREG.exe
2011-08-29 17:24:21 256000 ------w- c:\windows\PEV.exe
2011-08-29 17:24:21 208896 ------w- c:\windows\MBR.exe
2011-08-29 16:21:37 22216 ------w- c:\windows\system32\drivers\mbam.sys
2011-08-29 16:21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-29 13:37:43 -------- d-----w- c:\documents and settings\ehgestrada\application data\redsn0w
.
==================== Find3M ====================
.
2011-07-12 16:20:54 83816 ------w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20:54 73064 ------w- c:\windows\system32\dnssd.dll
2011-07-12 16:20:54 50536 ------w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20:54 178536 ------w- c:\windows\system32\dnssdX.dll
2011-07-05 23:37:00 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37:00 69632 ------w- c:\windows\system32\QuickTime.qts
2011-07-05 21:31:21 64512 ------w- c:\windows\wait32.exe
2011-07-05 21:31:19 61440 ------w- c:\windows\StkATVAp.exe
2011-07-05 21:31:18 106496 ------w- c:\windows\Stk1150.exe
2011-07-05 21:31:15 46080 ------w- c:\windows\setdebug.exe
2011-07-05 21:31:14 28672 ------w- c:\windows\PWMBTHLP.EXE
2011-07-05 21:31:13 306688 ------w- c:\windows\IsUninst.exe
2011-07-03 20:36:02 146432 ------w- c:\windows\regedit.exe
2011-07-01 22:18:53 10752 ------w- c:\windows\hh.exe
.
============= FINISH: 10:08:24.90 ===============

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 PM

Posted 21 September 2011 - 06:00 PM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some RootKit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Please post the log and let me know what problem persists.

#6 edgarog

edgarog
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 22 September 2011 - 09:02 AM

Ill do the combo fix part today, additional to this I downloaded Kaspersky removal tool and it has detected 127 threats! I cleaned up everything but today after rebooting the computer I have received a strange network access request on Symantec's firewall, below are the details(I obviously declined the network access):
File Version:
File Description: jqs.exe
File Path: C:\Program Files\Java\jre6\bin\jqs.exe
Digital Signature:
Process ID: 0xfa0 (Hexadecimal) 4000 (Decimal)

Connection origin: remote initiated
Protocol: UDP
Local Address: 255.255.255.255
Local Port: 67 (BOOTPS - Dynamic Host Configuration Protocol [DHCP] Server)
Remote Name:
Remote Address: 0.0.0.0
Remote Port: 68

Ethernet packet details:
Ethernet II (Packet Length: 590)
Destination: ff-ff-ff-ff-ff-ff
Source: 00-1e-37-3a-1b-e8
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 20
Protocol: 0x11 (UDP - User Datagram Protocol)
Header checksum: 0xada4 (Correct)
Source: 0.0.0.0
Destination: 255.255.255.255
Bootstrap Protocol
Boot Request
Option 53: DHCP Message Type = DHCP Discover
Option 55: Parameter Request List:
1 = Subnet Mask
2 = Unknown
3 = Router
5 = Unknown
6 = Domain Name Server
11 = Unknown
12 = Host Name
13 = Unknown
15 = Domain Name
16 = Unknown
17 = Unknown
18 = Unknown
43 = Unknown
54 = Unknown
60 = Vendor-Specific Information
67 = Unknown
128 = Unknown
129 = Unknown
130 = Unknown
131 = Unknown
132 = Unknown
133 = Unknown
134 = Unknown
135 = Unknown
Option 57: Unknown Option (2 Bytes)
Option 97: Unknown Option (17 Bytes)
Option 93: Unknown Option (2 Bytes)
Option 94: Unknown Option (3 Bytes)
Option 60: Vendor Class ID = PXEClient:Arch:00000:UNDI:002001

Binary dump of the packet:
0000: FF FF FF FF FF FF 00 1E : 37 3A 1B E8 08 00 45 00 | ........7:....E.
0010: 02 40 00 01 00 00 14 11 : A4 AD 00 00 00 00 FF FF | .@..............
0020: FF FF 00 44 00 43 02 2C : 7E 58 01 01 06 00 39 3A | ...D.C.,~X....9:
0030: 1B E8 00 08 80 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0040: 00 00 00 00 00 00 00 1E : 37 3A 1B E8 00 00 00 00 | ........7:......
0050: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0060: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0070: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0080: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0090: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
00A0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
00B0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
00C0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
00D0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
00E0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
00F0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0100: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0110: 00 00 00 00 00 00 63 82 : 53 63 35 01 01 37 18 01 | ......c.Sc5..7..
0120: 02 03 05 06 0B 0C 0D 0F : 10 11 12 2B 36 3C 43 80 | ...........+6<C.
0130: 81 82 83 84 85 86 87 39 : 02 04 EC 61 11 00 40 CA | .......9...a..@.
0140: A4 D7 27 8F 31 CC 8A 28 : B5 E8 01 86 9E 8B 5D 02 | ..'.1..(......].
0150: 00 00 5E 03 01 02 01 3C : 20 50 58 45 43 6C 69 65 | ..^....< PXEClie
0160: 6E 74 3A 41 72 63 68 3A : 30 30 30 30 30 3A 55 4E | nt:Arch:00000:UN
0170: 44 49 3A 30 30 32 30 30 : 31 FF 00 00 00 00 00 00 | DI:002001.......
0180: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0190: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
01A0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
01B0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
01C0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
01D0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
01E0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
01F0: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0200: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0210: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0220: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0230: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 | ................
0240: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 | ..............

I have also ran netstat -o and keep seeing a lot of connections being directed to local host (bc I have modified the hosts file) they were previously connections to jl.chura.pl (but I saw on a blog that adding a line redirecting the address to local host would help)

#7 edgarog

edgarog
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 24 September 2011 - 03:27 PM

Hi Nasdaq, I sent you a PM, please let me know if I can send DDS log by PM too, thanks

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 PM

Posted 24 September 2011 - 06:19 PM

All communication must be done in this topic.

Do you have any difficulties in running the ComboFix tool?

#9 edgarog

edgarog
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 27 September 2011 - 07:04 PM

combofix log

ComboFix 11-09-21.04 - ehgestrada 09/22/2011 9:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1944.898 [GMT -5:00]
Running from: c:\documents and settings\ehgestrada\My Documents\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\DetectSchedulerSU.exe.8badc819.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\installUtil.exe.89c0d2f9.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory\StartSuService.exe.ace7fffa.ini
c:\documents and settings\All Users\Application Data\MS
c:\documents and settings\ehgestrada\WINDOWS
c:\windows\Install
c:\windows\Install\Notes My Attachments 3.82\data2.cab
c:\windows\Install\Notes My Attachments 3.82\ISSetup.dll
c:\windows\Install\Notes My Attachments 3.82\layout.bin
c:\windows\Install\Notes My Attachments 3.82\Lotus My Attachments Setup.lnk
c:\windows\Install\Notes My Attachments 3.82\pclip.ico
c:\windows\Install\Notes My Attachments 3.82\Setup.bat
c:\windows\Install\Notes My Attachments 3.82\setup.exe
c:\windows\Install\Notes My Attachments 3.82\setup.ini
c:\windows\Install\Notes My Attachments 3.82\setup.inx
c:\windows\Install\Notes My Attachments 3.82\setup.iss
c:\windows\Install\Office 2003\AUTORUN.INF
c:\windows\Install\Office 2003\CC561401.CAB
c:\windows\Install\Office 2003\CD561401.CAB
c:\windows\Install\Office 2003\CF561401.CAB
c:\windows\Install\Office 2003\CL561401.CAB
c:\windows\Install\Office 2003\CM561401.CAB
c:\windows\Install\Office 2003\CP561401.CAB
c:\windows\Install\Office 2003\CR561401.CAB
c:\windows\Install\Office 2003\CS561401.CAB
c:\windows\Install\Office 2003\E2561410.CAB
c:\windows\Install\Office 2003\E3561405.CAB
c:\windows\Install\Office 2003\E4561410.CAB
c:\windows\Install\Office 2003\EV561405.CAB
c:\windows\Install\Office 2003\FILES\OWC10\SETUP.EXE
c:\windows\Install\Office 2003\FILES\OWC10\SETUP.INI
c:\windows\Install\Office 2003\FILES\OWC11\SETUP.EXE
c:\windows\Install\Office 2003\FILES\OWC11\SETUP.INI
c:\windows\Install\Office 2003\FILES\PFILES\COMMON\MSSHARED\DW\1033\DWINTL20.DLL
c:\windows\Install\Office 2003\FILES\PFILES\COMMON\MSSHARED\DW\DW20.EXE
c:\windows\Install\Office 2003\FILES\PFILES\COMMON\MSSHARED\DW\DWDCW20.DLL
c:\windows\Install\Office 2003\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\FILTERS.TXT
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\OCLNINTL.OPC
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\OFREADME.HTM
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\OLREADME.HTM
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\PPREADME.HTM
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\PSS10O.CHM
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\PSS10R.CHM
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\PVREADME.HTM
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\SETUP.CHM
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\WDREADME.HTM
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\1033\XLREADME.HTM
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\OCLEAN.DLL
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\OCLNCORE.OPC
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\OCLNCUST.OPC
c:\windows\Install\Office 2003\FILES\PFILES\MSOFFICE\OFFICE11\OFFCLN.EXE
c:\windows\Install\Office 2003\FILES\SETUP\OSE.EXE
c:\windows\Install\Office 2003\FILES\SETUP\OWC10.XML
c:\windows\Install\Office 2003\FILES\SETUP\OWC11.XML
c:\windows\Install\Office 2003\FILES\SETUP\SETUP.INI
c:\windows\Install\Office 2003\FILES\SETUP\STD11.XML
c:\windows\Install\Office 2003\FILES\WINDOWS\INF\AER_1033.ADM
c:\windows\Install\Office 2003\G3561403.CAB
c:\windows\Install\Office 2003\GV561403.CAB
c:\windows\Install\Office 2003\IJ561401.CAB
c:\windows\Install\Office 2003\install.bat
c:\windows\Install\Office 2003\IS561401.CAB
c:\windows\Install\Office 2003\IU561401.CAB
c:\windows\Install\Office 2003\L2561403.CAB
c:\windows\Install\Office 2003\L3561403.CAB
c:\windows\Install\Office 2003\L4561403.CAB
c:\windows\Install\Office 2003\L9561403.CAB
c:\windows\Install\Office 2003\LenovoEDGE.MST
c:\windows\Install\Office 2003\LV561403.CAB
c:\windows\Install\Office 2003\M2561406.CAB
c:\windows\Install\Office 2003\M3561404.CAB
c:\windows\Install\Office 2003\M4561403.CAB
c:\windows\Install\Office 2003\M9561403.CAB
c:\windows\Install\Office 2003\MA561403.CAB
c:\windows\Install\Office 2003\MC561403.CAB
c:\windows\Install\Office 2003\MG561403.CAB
c:\windows\Install\Office 2003\MH561401.CAB
c:\windows\Install\Office 2003\MO561403.CAB
c:\windows\Install\Office 2003\MT561403.CAB
c:\windows\Install\Office 2003\O0561401.CAB
c:\windows\Install\Office 2003\O1561403.CAB
c:\windows\Install\Office 2003\O9561403.CAB
c:\windows\Install\Office 2003\OWC10.MSI
c:\windows\Install\Office 2003\OWC11.MSI
c:\windows\Install\Office 2003\PA561401.CAB
c:\windows\Install\Office 2003\PR103368.CAB
c:\windows\Install\Office 2003\PR103678.CAB
c:\windows\Install\Office 2003\PR308246.CAB
c:\windows\Install\Office 2003\Q2561405.CAB
c:\windows\Install\Office 2003\Q3561405.CAB
c:\windows\Install\Office 2003\Q4561405.CAB
c:\windows\Install\Office 2003\QV561405.CAB
c:\windows\Install\Office 2003\README.HTM
c:\windows\Install\Office 2003\SETUP.EXE
c:\windows\Install\Office 2003\SETUP.HTM
c:\windows\Install\Office 2003\SKU012.CAB
c:\windows\Install\Office 2003\SKU012.XML
c:\windows\Install\Office 2003\SKU026.CAB
c:\windows\Install\Office 2003\SKU0A4.CAB
c:\windows\Install\Office 2003\STD11.MSI
c:\windows\Install\Office 2003\TR103621.CAB
c:\windows\Install\Office 2003\TR308222.CAB
c:\windows\Install\Office 2003\V3561403.CAB
c:\windows\Install\Office 2003\W2561405.CAB
c:\windows\Install\Office 2003\W3561405.CAB
c:\windows\Install\Office 2003\W4561405.CAB
c:\windows\Install\Office 2003\WV561405.CAB
c:\windows\Install\Office 2003\YA561403.CAB
c:\windows\Install\Office 2003\YB561408.CAB
c:\windows\Install\Office 2003\YC561403.CAB
c:\windows\Install\Office 2003\YH561403.CAB
c:\windows\Install\Office 2003\YI561401.CAB
c:\windows\Install\Office 2003\YL561402.CAB
c:\windows\Install\Office 2003\YM561403.CAB
c:\windows\Install\Office 2003\YO561403.CAB
c:\windows\Install\Office 2003\YS561401.CAB
c:\windows\Install\Office 2003\YT561401.CAB
c:\windows\Install\Office 2003\ZA561401.CAB
c:\windows\Install\Office 2003\ZC561402.CAB
c:\windows\Install\Office 2003\ZD561402.CAB
c:\windows\Install\Office 2003\ZE561406.CAB
c:\windows\Install\Office 2003\ZF612702.CAB
c:\windows\Install\Office 2003\ZG561401.CAB
c:\windows\Install\Office 2003\ZH561403.CAB
c:\windows\Install\Office 2003\ZI561402.CAB
c:\windows\Install\Office 2003\ZJ561401.CAB
c:\windows\Install\Office 2003\ZK561401.CAB
c:\windows\Install\Office 2003\ZM561401.CAB
c:\windows\Install\Office 2003\ZN561401.CAB
c:\windows\Install\Office 2003\ZO561401.CAB
c:\windows\Install\Office 2003\ZQ561401.CAB
c:\windows\Install\Office 2003\ZR561403.CAB
c:\windows\Install\Office 2003\ZS561401.CAB
c:\windows\Install\Office 2003\ZT561401.CAB
c:\windows\Install\Office 2003\ZU561401.CAB
c:\windows\Install\Office 2003\ZV561401.CAB
c:\windows\Install\Office 2003\ZY561401.CAB
c:\windows\Install\Office 2003\ZZ561401.CAB
c:\windows\Install\Office 2007 Converters\FileFormatConverters.exe
c:\windows\Install\Office 2007 Converters\install.bat
c:\windows\Install\Office 2007 Converters\Office_2007_viewer.au3
c:\windows\Install\Office 2007 Converters\Office_2007_viewer.au3.ini
c:\windows\Install\Office 2007 Converters\Office_2007_viewer.exe
c:\windows\Install\RNR4.2\Common\Lenovo\amd64\i2cw.dll
c:\windows\Install\RNR4.2\Common\Lenovo\amd64\psadd.sys
c:\windows\Install\RNR4.2\Common\Lenovo\amd64\tvti2c.sys
c:\windows\Install\RNR4.2\Common\Lenovo\BMGR\0000001.BIN
c:\windows\Install\RNR4.2\Common\Lenovo\BMGR\bmgr.exe
c:\windows\Install\RNR4.2\Common\Lenovo\BMGR\bmgr32.exe
c:\windows\Install\RNR4.2\Common\Lenovo\BMGR\bootmgr.bin
c:\windows\Install\RNR4.2\Common\Lenovo\CDRecord.dll
c:\windows\Install\RNR4.2\Common\Lenovo\crmw.exe
c:\windows\Install\RNR4.2\Common\Lenovo\delay.exe
c:\windows\Install\RNR4.2\Common\Lenovo\dm.exe
c:\windows\Install\RNR4.2\Common\Lenovo\dsetup.exe
c:\windows\Install\RNR4.2\Common\Lenovo\dsetup64.exe
c:\windows\Install\RNR4.2\Common\Lenovo\i2cinst.exe
c:\windows\Install\RNR4.2\Common\Lenovo\i2cw.dll
c:\windows\Install\RNR4.2\Common\Lenovo\icudt32.dll
c:\windows\Install\RNR4.2\Common\Lenovo\icuuc32.dll
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\unzip\COPYING.OLD
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\unzip\funzip.exe
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\unzip\funzip.txt
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\unzip\LICENSE
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\unzip\unzip.exe
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\unzip\unzip.txt
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\unzip\unzipsfx.exe
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\zip\LICENSE
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\zip\MANUAL
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\zip\zip.exe
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\zip\zipnote.exe
c:\windows\Install\RNR4.2\Common\Lenovo\infozip\zip\zipsplit.exe
c:\windows\Install\RNR4.2\Common\Lenovo\instdrvw.exe
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\antlr.runtime.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\App.config
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\CopyrightInfo.TXT
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\egather.xsd
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\en-US\IAViewer.resources.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\en-US\Resource.resources.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\en\IAViewer.resources.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\en\Resource.resources.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\Engine.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\IA.exe
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\IA.exe.config
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\kehelper.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\Level.xml
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\adapter.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\demographics.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\devices.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\diskinfo.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\display.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\egc.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\environment.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\firmware.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\gatherer.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\ide.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\lotus.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\memory.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\netsetting.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\network.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\norton.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\pci.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\Printers.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\processes.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\regional.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\scsi.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\security.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\services.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\smbios.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\software.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\startup.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\summary.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\tater.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\timezone.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\local\collect\usage.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\MetaData.xml
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\ParameterList.txt
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\proxy.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\Pub.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\Resource.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\tvtdrv.sys
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\tvtdrv64.sys
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\XML.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\xmlhelper.dll
c:\windows\Install\RNR4.2\Common\Lenovo\InvAgent\XmlWriter.dll
c:\windows\Install\RNR4.2\Common\Lenovo\Logger\logmon.exe
c:\windows\Install\RNR4.2\Common\Lenovo\MND\mapdrv.exe
c:\windows\Install\RNR4.2\Common\Lenovo\MsgBox.exe
c:\windows\Install\RNR4.2\Common\Lenovo\ndisk.dll
c:\windows\Install\RNR4.2\Common\Lenovo\nls\br\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\dk\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\fi\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\fr\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\gr\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\it\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\jp\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\kr\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\nl\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\no\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\po\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\sc\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\sp\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\sv\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\tc\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nls\us\msgbox.ini
c:\windows\Install\RNR4.2\Common\Lenovo\nspect.exe
c:\windows\Install\RNR4.2\Common\Lenovo\paapp.exe
c:\windows\Install\RNR4.2\Common\Lenovo\pfdinst\antupgrade.cmd
c:\windows\Install\RNR4.2\Common\Lenovo\pfdinst\netsf.inf
c:\windows\Install\RNR4.2\Common\Lenovo\pfdinst\netsf_m.inf
c:\windows\Install\RNR4.2\Common\Lenovo\pfdinst\netsvcinst.exe
c:\windows\Install\RNR4.2\Common\Lenovo\pfdinst\tvtpktfilter.sys
c:\windows\Install\RNR4.2\Common\Lenovo\pfdinst\tvtpktft.cat
c:\windows\Install\RNR4.2\Common\Lenovo\pmemw.dll
c:\windows\Install\RNR4.2\Common\Lenovo\PRIMOSDK.DLL
c:\windows\Install\RNR4.2\Common\Lenovo\psadd.cat
c:\windows\Install\RNR4.2\Common\Lenovo\psadd.inf
c:\windows\Install\RNR4.2\Common\Lenovo\psadd.sys
c:\windows\Install\RNR4.2\Common\Lenovo\psadd64.cat
c:\windows\Install\RNR4.2\Common\Lenovo\psainst.exe
c:\windows\Install\RNR4.2\Common\Lenovo\Python24\python24.zip
c:\windows\Install\RNR4.2\Common\Lenovo\RebootHDD.exe
c:\windows\Install\RNR4.2\Common\Lenovo\reg.exe
c:\windows\Install\RNR4.2\Common\Lenovo\rr_res.dll
c:\windows\Install\RNR4.2\Common\Lenovo\Scheduler\reloadsched.exe
c:\windows\Install\RNR4.2\Common\Lenovo\Scheduler\scheduler_proxy.exe
c:\windows\Install\RNR4.2\Common\Lenovo\Scheduler\tvtsched.exe
c:\windows\Install\RNR4.2\Common\Lenovo\smptr.dll
c:\windows\Install\RNR4.2\Common\Lenovo\spi\BuildPkg.pyc
c:\windows\Install\RNR4.2\Common\Lenovo\spi\BuildTOC.exe
c:\windows\Install\RNR4.2\Common\Lenovo\spi\ETFSBOOT.COM
c:\windows\Install\RNR4.2\Common\Lenovo\spi\FCopier.exe
c:\windows\Install\RNR4.2\Common\Lenovo\spi\hdd.pyc
c:\windows\Install\RNR4.2\Common\Lenovo\spi\iubcopy.pyc
c:\windows\Install\RNR4.2\Common\Lenovo\spi\mkpwriso.pyc
c:\windows\Install\RNR4.2\Common\Lenovo\spi\mkspiim.pyc
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\br\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\dk\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\fi\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatAE.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatAR.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatBR.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatCZ.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatDK.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatFI.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatFR.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatGK.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatGR.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatHB.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatHE.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatHK.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatHU.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatIT.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatJP.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatKR.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatNL.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatNO.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatPL.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatPO.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatRU.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatSC.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatSP.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatSV.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatTC.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatTR.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\formatUS.in
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\fr\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\gr\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\it\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\jp\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\kr\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\nl\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\no\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\po\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\sc\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\sp\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\sv\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\tc\FCOPIER.INI
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\us\fcopier.ini
c:\windows\Install\RNR4.2\Common\Lenovo\spi\nls\us\Lang.ini
c:\windows\Install\RNR4.2\Common\Lenovo\spi\OSCDIMG.EXE
c:\windows\Install\RNR4.2\Common\Lenovo\spi\pwms.zip
c:\windows\Install\RNR4.2\Common\Lenovo\spi\reccd.pyc
c:\windows\Install\RNR4.2\Common\Lenovo\spi\reccd2.pyc
c:\windows\Install\RNR4.2\Common\Lenovo\spi\RRMedia.exe
c:\windows\Install\RNR4.2\Common\Lenovo\spi\setuphdd.pyc
c:\windows\Install\RNR4.2\Common\Lenovo\spi\signiso.exe
c:\windows\Install\RNR4.2\Common\Lenovo\spi\spilib.pyc
c:\windows\Install\RNR4.2\Common\Lenovo\spi\swinpe.txt
c:\windows\Install\RNR4.2\Common\Lenovo\TOC.dll
c:\windows\Install\RNR4.2\Common\Lenovo\tvt_lenovo_res2.dll
c:\windows\Install\RNR4.2\Common\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\Install\RNR4.2\Common\Lenovo\tvt_think_res.dll
c:\windows\Install\RNR4.2\Common\Lenovo\tvt_version.dll
c:\windows\Install\RNR4.2\Common\Lenovo\tvt_windows_eventlog.dll
c:\windows\Install\RNR4.2\Common\Lenovo\tvtbioschk.exe
c:\windows\Install\RNR4.2\Common\Lenovo\tvtcoreutil.dll
c:\windows\Install\RNR4.2\Common\Lenovo\tvti2c.cat
c:\windows\Install\RNR4.2\Common\Lenovo\Tvti2c.inf
c:\windows\Install\RNR4.2\Common\Lenovo\tvti2c.sys
c:\windows\Install\RNR4.2\Common\Lenovo\tvti2c64.cat
c:\windows\Install\RNR4.2\Common\Lenovo\tvtutilspy.dll
c:\windows\Install\RNR4.2\Common\Lenovo\ui.dll
c:\windows\Install\RNR4.2\Common\Lenovo\xml4c-depdom_5_5.dll
c:\windows\Install\RNR4.2\Common\Lenovo\xml4c_5_5.dll
c:\windows\Install\RNR4.2\Common\Lenovo\xml4cmessages5_5.dll
c:\windows\Install\RNR4.2\Common\Lenovo\zlib.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Active Update\AULauncher.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Active Update\AULauncher.ini
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\64\shadow.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\anticrypt.pyc
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\apkgmes.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\apubkey.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\auncpw.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\httpfile.pyc
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\inRR.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\IUService.ini
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\MailMan.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\msgBox.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\netwk.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\reboot.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\RetryOnError.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\status.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\xmltool.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ADM\xmltool.pyc
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\br_check.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\br_funcs.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\burnCd.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\CDRecord.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\ChooseCD.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\CIMProvider.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\dictionary.xml
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\FileCtrl.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\FR\tvtumon.cat
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\FR\tvtumon.inf
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\FR\x86\tvtumon.sys
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\getinfo.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\getinfo.ini
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\i2cw.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\InstApps.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\instfilt.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\KernelFile.xml
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\launcheg.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\Migration\bin\R2R.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\Migration\SmaLite.zip
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\one.xsl
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\osrestore.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\overinstall.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\pe_masterpw_app.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\pui.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rejuvenate_gui.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rejuvenate_process_status.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\RestoreNow.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rnr_banner.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rnr_gui.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rnr_lenovo_res.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rnr_readme.htm
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rnr_think_res.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rnrDeploy.xml
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rr_fixsis.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rr_res.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rrapi.dll
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\RRBackupInfo.ocx
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rrcmd.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\RRList.ocx
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\RRName.ocx
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\RRPie.ocx
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\rrsync.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\RRTree.ocx
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\setpwd.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\shadow.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\Temp\rnrDeploy.xml
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\tvtparms.xml
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\user_guide.pdf
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\wizrr.exe
c:\windows\Install\RNR4.2\program files\Lenovo\Rescue and Recovery\zlib.dll
c:\windows\Install\RNR4.2\program files\Lenovo\rnr_tpc.dll
c:\windows\Install\RNR4.2\program files\Lenovo\UpdateAppList.dat
c:\windows\Install\RNR4.2\Rescue and Recovery.msi
c:\windows\Install\RNR4.2\System\msxml4.dll
c:\windows\Install\RNR4.2\System\msxml4a.dll
c:\windows\Install\RNR4.2\System\msxml4r.dll
c:\windows\Install\RNR4.2\System32\DISKPART.EXE
c:\windows\Install\RNR4.2\System32\mfc71.dll
c:\windows\Install\RNR4.2\System32\mfc71u.dll
c:\windows\Install\RNR4.2\System32\msvcp71.dll
c:\windows\Install\RNR4.2\System32\msvcr71.dll
c:\windows\Install\RNR4.2\System32\python24.dll
c:\windows\Install\RNR4.2\System32\Redist\MS\System\asycfilt.dll
c:\windows\Install\RNR4.2\System32\Redist\MS\System\comcat.dll
c:\windows\Install\RNR4.2\System32\Redist\MS\System\mfc42u.dll
c:\windows\Install\RNR4.2\System32\Redist\MS\System\msvcp60.dll
c:\windows\Install\RNR4.2\System32\Redist\MS\System\msvcrt.dll
c:\windows\Install\RNR4.2\System32\Redist\MS\System\oleaut32.dll
c:\windows\Install\RNR4.2\System32\Redist\MS\System\olepro32.dll
c:\windows\Install\RNR4.2\System32\Redist\MS\System\stdole2.tlb
c:\windows\Install\RNR4.2\Windows\help\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\LenovoVersion\tvt_help.js
c:\windows\Install\RNR4.2\Windows\help\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0404\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0404\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0404\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0404\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0404\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0404\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0404\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0405\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0405\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0405\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0405\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0405\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0405\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0405\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0406\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0406\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0406\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0406\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0406\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0406\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0406\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0407\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0407\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0407\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0407\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0407\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0407\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0407\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040b\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040b\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040b\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040b\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040b\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040b\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040b\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040c\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040c\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040c\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040c\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040c\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040c\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\040c\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0410\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0410\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0410\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0410\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0410\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0410\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0410\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0411\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0411\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0411\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0411\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0411\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0411\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0411\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0412\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0412\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0412\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0412\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0412\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0412\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0412\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0413\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0413\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0413\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0413\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0413\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0413\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0413\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0414\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0414\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0414\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0414\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0414\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0414\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0414\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0416\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0416\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0416\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0416\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0416\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0416\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0416\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\041d\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\041d\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\041d\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\041d\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\041d\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\041d\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\041d\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0804\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0804\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0804\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0804\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0804\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0804\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0804\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0816\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0816\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0816\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0816\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0816\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0816\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0816\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0c0a\hwpasset.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0c0a\mapwinRNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0c0a\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0c0a\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0c0a\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0c0a\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\MUI\0c0a\transRNR.chm
c:\windows\Install\RNR4.2\Windows\help\recovcd2RNR.chm
c:\windows\Install\RNR4.2\Windows\help\RNR.chm
c:\windows\Install\RNR4.2\Windows\help\rnrenroll.chm
c:\windows\Install\RNR4.2\Windows\help\syswinrnr.chm
c:\windows\Install\RNR4.2\Windows\help\ThinkVersion\tvt_help.js
c:\windows\Install\RNR4.2\Windows\help\transRNR.chm
c:\windows\Install\RNR4.2\Windows\inf\tvtfilter.inf
c:\windows\Install\RNR4.2\WinRoot\SWSHARE\tvtrnr.txt
c:\windows\Install\RNR4.2\Z652ZAB1016US00.TVT
c:\windows\Install\Sametime 7.5.1 Client\community-config.xml
c:\windows\Install\Sametime 7.5.1 Client\plugin_customization.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1.bat
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1.exe
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\_ISMSIDEL.INI
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0404.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0405.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0406.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0407.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0408.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0409.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x040a.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x040b.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x040c.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x040e.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0410.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0411.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0412.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0413.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0414.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0415.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0416.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0419.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x041d.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x041f.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0804.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\0x0816.ini
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\1033.MST
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\ISScript1150.Msi
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\Setup.INI
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\setup.msi
c:\windows\Install\Sametime 7.5.1 Client\sametime-connect-blue-win-7.5.1\ST_Splash_Screen.bmp
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.de_DE_Reform.feature_5.3.1.2-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.de_DE_Reform.feature_5.3.1.2-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.de_DE_Reform.feature_5.3.1.2-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.el_GR.feature_5.2.0.0-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.el_GR.feature_5.2.0.0-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.el_GR.feature_5.2.0.0-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.es_ES.feature_5.3.1.5-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.es_ES.feature_5.3.1.5-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.es_ES.feature_5.3.1.5-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.fi_FI.feature_5.3.1.0-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.fi_FI.feature_5.3.1.0-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.fi_FI.feature_5.3.1.0-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.fr_FR.feature_5.2.0.1-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.fr_FR.feature_5.2.0.1-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.fr_FR.feature_5.2.0.1-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.it_IT.feature_5.3.1.1-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.it_IT.feature_5.3.1.1-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.it_IT.feature_5.3.1.1-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.nb_NO.feature_5.2.0.0-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.nb_NO.feature_5.2.0.0-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.nb_NO.feature_5.2.0.0-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.pl_PL.feature_5.3.1.0-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.pl_PL.feature_5.3.1.0-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.pl_PL.feature_5.3.1.0-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.pt_BR.feature_5.3.0.0-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.pt_BR.feature_5.3.0.0-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.pt_BR.feature_5.3.0.0-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.pt_PT.feature_5.3.0.0-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.pt_PT.feature_5.3.0.0-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.pt_PT.feature_5.3.0.0-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.ru_RU.feature_5.2.0.0-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.ru_RU.feature_5.2.0.0-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.ru_RU.feature_5.2.0.0-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.sv_SE.feature_5.3.0.3-20060720\feature.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.sv_SE.feature_5.3.0.3-20060720\feature.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\features\com.ibm.langware.v5.dic.sv_SE.feature_5.3.0.3-20060720\license.html
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.de_DE_Reform_5.3.1.2-20060720\.project
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.de_DE_Reform_5.3.1.2-20060720\build.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.de_DE_Reform_5.3.1.2-20060720\dictionaries\de-DE-Reform-Spell-5312.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.de_DE_Reform_5.3.1.2-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.de_DE_Reform_5.3.1.2-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.el_GR_5.2.0.0-20060720\.project
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.el_GR_5.2.0.0-20060720\build.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.el_GR_5.2.0.0-20060720\dictionaries\el-GR-Spell-5200.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.el_GR_5.2.0.0-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.el_GR_5.2.0.0-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.es_ES_5.3.1.5-20060720\.project
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.es_ES_5.3.1.5-20060720\build.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.es_ES_5.3.1.5-20060720\dictionaries\es-ES-Spell-5315.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.es_ES_5.3.1.5-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.es_ES_5.3.1.5-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fi_FI_5.3.1.0-20060720\.project
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fi_FI_5.3.1.0-20060720\build.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fi_FI_5.3.1.0-20060720\dictionaries\fi-FI-Spell-5310.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fi_FI_5.3.1.0-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fi_FI_5.3.1.0-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fr_FR_5.2.0.1-20060720\.project
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fr_FR_5.2.0.1-20060720\build.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fr_FR_5.2.0.1-20060720\dictionaries\fr-FR-Spell-5201.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fr_FR_5.2.0.1-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.fr_FR_5.2.0.1-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.it_IT_5.3.1.1-20060720\.project
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.it_IT_5.3.1.1-20060720\build.properties
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.it_IT_5.3.1.1-20060720\dictionaries\it-IT-Spell-5311.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.it_IT_5.3.1.1-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.it_IT_5.3.1.1-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.nb_NO_5.2.0.0-20060720\dictionaries\nb-NO-Spell-5200.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.nb_NO_5.2.0.0-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.nb_NO_5.2.0.0-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.pl_PL_5.3.1.0-20060720\dictionaries\pl-PL-Spell-5310.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.pl_PL_5.3.1.0-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.pl_PL_5.3.1.0-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.pt_BR_5.3.0.0-20060720\dictionaries\pt-BR-Spell-5300.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.pt_BR_5.3.0.0-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.pt_BR_5.3.0.0-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.pt_PT_5.3.0.0-20060720\dictionaries\pt-PT-Spell-5300.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.pt_PT_5.3.0.0-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.pt_PT_5.3.0.0-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.ru_RU_5.2.0.0-20060720\dictionaries\ru-RU-Spell-5200.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.ru_RU_5.2.0.0-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.ru_RU_5.2.0.0-20060720\META-INF\MANIFEST.MF
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.sv_SE_5.3.0.3-20060720\dictionaries\sv-SE-Spell-5303.dic
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.sv_SE_5.3.0.3-20060720\fragment.xml
c:\windows\Install\Sametime 7.5.1 Client\SpellCheckerDictionaries\plugins\com.ibm.langware.v5.dic.sv_SE_5.3.0.3-20060720\META-INF\MANIFEST.MF
c:\windows\Install\SMA\INSTALL.BAT
c:\windows\Install\SMA\ITCIinstall.BAT
c:\windows\Install\SMA\JINSTALL.BAT
c:\windows\Install\SMA\SMA\SMA.TPI
c:\windows\Install\SMA\SMA\SMAsetup.exe
c:\windows\Install\SMA\SMA\SWI.XML
c:\windows\Install\SMA\SMASETUP.LOG
c:\windows\Install\SMA\UINSTALL.BAT
c:\windows\Install\VisioViewer\visioviewer.exe
c:\windows\Install\Windows Live Messenger 2009\Contacts.msi
c:\windows\Install\Windows Live Messenger 2009\crt.msi
c:\windows\Install\Windows Live Messenger 2009\dw20shared.msi
c:\windows\Install\Windows Live Messenger 2009\instWLM2009.cmd
c:\windows\Install\Windows Live Messenger 2009\Messenger.msi
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
c:\windows\system32\User
c:\windows\system32\User\Registry.pol
.
.
((((((((((((((((((((((((( Files Created from 2011-08-22 to 2011-09-22 )))))))))))))))))))))))))))))))
.
.
2011-09-21 18:55 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-21 18:55 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-09-21 18:52 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-09-21 18:45 . 2011-06-02 14:07 1867904 -c----w- c:\windows\system32\dllcache\win32k.sys
2011-09-21 18:43 . 2011-06-20 17:44 293376 -c----w- c:\windows\system32\dllcache\winsrv.dll
2011-09-21 18:43 . 2011-04-26 11:07 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2011-09-21 15:04 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-09-01 01:43 . 2011-09-01 01:43 -------- d-----w- c:\program files\iPod
2011-09-01 01:41 . 2011-09-01 01:41 159744 ------w- c:\program files\Internet Explorer\Módulos\npqtplugin7.dll
2011-09-01 01:41 . 2011-09-01 01:41 159744 ------w- c:\program files\Internet Explorer\Módulos\npqtplugin6.dll
2011-09-01 01:41 . 2011-09-01 01:41 159744 ------w- c:\program files\Internet Explorer\Módulos\npqtplugin5.dll
2011-09-01 01:41 . 2011-09-01 01:41 159744 ------w- c:\program files\Internet Explorer\Módulos\npqtplugin4.dll
2011-09-01 01:41 . 2011-09-01 01:41 159744 ------w- c:\program files\Internet Explorer\Módulos\npqtplugin3.dll
2011-09-01 01:41 . 2011-09-01 01:41 159744 ------w- c:\program files\Internet Explorer\Módulos\npqtplugin2.dll
2011-09-01 01:41 . 2011-09-01 01:41 159744 ------w- c:\program files\Internet Explorer\Módulos\npqtplugin.dll
2011-09-01 01:39 . 2011-09-01 01:41 -------- d-----w- c:\program files\QuickTime
2011-09-01 01:37 . 2011-09-01 01:37 -------- d-----w- c:\program files\Bonjour
2011-08-30 14:23 . 2011-09-16 00:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-30 14:23 . 2011-09-15 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-08-30 03:36 . 2011-08-30 03:36 65808 ------w- c:\windows\system32\drivers\tmrkb.sys
2011-08-29 16:21 . 2011-08-31 22:00 22216 ------w- c:\windows\system32\drivers\mbam.sys
2011-08-29 16:21 . 2011-09-16 00:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-29 15:57 . 2011-08-29 15:57 -------- d-----w- c:\documents and settings\TEMP
2011-08-29 13:37 . 2011-08-29 13:37 -------- d-----w- c:\documents and settings\ehgestrada\Application Data\redsn0w
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2009-06-03 18:34 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:20 . 2011-07-12 16:20 83816 ------w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ------w- c:\windows\system32\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ------w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ------w- c:\windows\system32\dnssdX.dll
2011-07-08 14:02 . 2009-06-03 18:34 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ------w- c:\windows\system32\QuickTime.qts
2011-07-05 21:31 . 2010-05-24 18:37 64512 ------w- c:\windows\wait32.exe
2011-07-05 21:31 . 2010-10-31 18:08 61440 ------w- c:\windows\StkATVAp.exe
2011-07-05 21:31 . 2010-10-31 18:08 106496 ------w- c:\windows\Stk1150.exe
2011-07-05 21:31 . 2010-05-24 19:41 46080 ------w- c:\windows\setdebug.exe
2011-07-05 21:31 . 2010-05-24 19:29 28672 ------w- c:\windows\PWMBTHLP.EXE
2011-07-05 21:31 . 2010-06-01 18:57 306688 ------w- c:\windows\IsUninst.exe
2011-07-03 20:36 . 2009-06-03 18:34 146432 ------w- c:\windows\regedit.exe
2011-07-01 22:18 . 2009-06-03 18:34 10752 ------w- c:\windows\hh.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="c:\program files\AT&T Network Client\NetSP.exe" [2007-01-13 24576]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-13 487424]
"TpShocks"="TpShocks.exe" [2009-02-03 181536]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-04-16 61728]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2004-04-27 28672]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-10-06 1323008]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-04-16 417792]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-11 142872]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-01-29 185688]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-01-29 124248]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-04-14 15136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-11 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-11 173592]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2009-03-05 3093816]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-03-17 208896]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-04-17 172032]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-04-17 425984]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-12-21 115560]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\ehgestrada\Start Menu\Programs\Startup\
_uninst_22113552.lnk - c:\documents and settings\ehgestrada\Local Settings\Temp\_uninst_22113552.bat [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-2-10 604776]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-5-24 50688]
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [2003-4-9 32768]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2009-03-19 11:55 180224 ------w- c:\windows\system32\FpWinlogonNp.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2004-04-27 22:02 49152 ------w- c:\windows\system32\pcsinst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 20:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ------w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 22:00 1047208 ------w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 12:00 455168 ------w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 12:00 455168 ------w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WDM_DRMKAUD0]
2010-10-21 06:59 385024 ------w- c:\program files\LANDesk\LDClient\softmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WDM_DRMKAUD1]
2010-10-21 06:59 385024 ------w- c:\program files\LANDesk\LDClient\softmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WDM_DRMKAUD2]
2010-10-21 06:59 385024 ------w- c:\program files\LANDesk\LDClient\softmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WDM_SYSAUDIO]
2010-10-21 06:59 385024 ------w- c:\program files\LANDesk\LDClient\softmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
"ANTIVIRUSDISABLENOTIFY"=dword:00000001
"FIREWALLDISABLENOTIFY"=dword:00000001
"UPDATESDISABLENOTIFY"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Avaya\\Avaya one-X Communicator\\SparkEmulator.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [1/28/2009 7:57 PM 20520]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 4:50 AM 46144]
R2 Ataman TCP Remote Logon Services;Ataman TCP Remote Logon Services;c:\hyperion\BIPlus\bin\SQR\Remote\bin\atrls.exe [5/26/2010 4:43 PM 71168]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [3/19/2009 6:48 AM 1680632]
R2 CBA8;LANDesk® Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [11/18/2008 9:21 AM 155648]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [3/19/2009 6:53 AM 98304]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [5/24/2010 1:26 PM 118784]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [4/21/2008 7:03 AM 69632]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [5/24/2010 2:29 PM 53248]
R2 Softmon;LANDesk® Software Monitoring Service;c:\program files\LANDesk\LDClient\softmon.exe [5/24/2010 1:26 PM 385024]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [7/13/2009 1:13 PM 62320]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/13/2008 5:40 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 4:50 AM 360448]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [5/24/2010 2:26 PM 2058776]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10/9/2009 10:07 AM 493248]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [5/24/2010 2:28 PM 482176]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [5/24/2010 2:20 PM 239760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/28/2011 8:17 PM 105592]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [5/24/2010 1:26 PM 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [5/24/2010 1:26 PM 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [5/24/2010 1:26 PM 3712]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/24/2010 2:27 PM 37312]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [7/13/2009 1:13 PM 45424]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [4/28/2009 10:58 AM 94208]
S2 SessionLauncher;SessionLauncher;c:\docume~1\EHGEST~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\EHGEST~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [3/19/2009 6:52 AM 106496]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/21/2010 12:16 PM 23888]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [3/19/2009 6:55 AM 118784]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 8:18 AM 24216]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [5/7/2011 2:52 AM 28672]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [4/12/2011 11:14 PM 18432]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [6/15/2011 11:44 PM 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [6/15/2011 11:44 PM 11104]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 8:15 AM 1120752]
S3 vmx_svga;vmx_svga;c:\windows\system32\drivers\vmx_svga.sys [6/3/2009 1:33 PM 15744]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-22 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-05-24 17:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovocentral.lenovo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {{20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - c:\windows\system32\mscoree.DLL
Trusted Zone: lenovo.com
TCP: DhcpNameServer = 10.34.70.21 10.34.70.22 10.38.0.101 10.38.0.111 10.96.1.18 10.99.20.14 131.161.247.232 205.152.37.23
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} - STCWeb.cab
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://telwancam.dnsalias.com:8010/RtspVaPgDec.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.us.lenovo.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8214B72E-B0CD-466E-A44D-1D54D926038D} - hxxp://telwancam.dnsalias.com:8090/AVC_AX_724.cab
DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - hxxps://w3-03.ibm.com/Hyperion/zeroadmin/component/Brio.InsightNoHelp.en.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-ACNotify - ACNotify.dll
Notify-atmgrtok - atmgrtok.dll
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-22 09:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(424)
c:\windows\system32\ATGinaHook.dll
c:\windows\system32\tvt_gina.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.DLL
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\FpWinLogonNp.dll
c:\windows\system32\AFSSClientLib.dll
c:\windows\system32\netprovcredman.dll
c:\program files\IBM\Personal Communications\atmgrtok.dll
c:\program files\IBM\Personal Communications\MILLUTIL.DLL
c:\windows\system32\pcsinst.dll
c:\windows\system32\igfxdev.dll
c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
- - - - - - - > 'lsass.exe'(584)
c:\windows\SYSTEM32\SYSFER.DLL
.
- - - - - - - > 'explorer.exe'(4932)
c:\windows\SYSTEM32\SYSFER.DLL
c:\windows\system32\WININET.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_interface.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\netprovcredman.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Cisco Systems\SSL VPN Client\agent.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\IBM\SQLLIB\BIN\db2jds.exe
c:\program files\IBM\SQLLIB\BIN\db2sec.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\progra~1\LANDesk\LDClient\collector.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Avaya\Avaya one-X Communicator\QosServM.exe
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\windows\system32\CBA\pds.exe
c:\program files\LANDesk\LDClient\tmcsvc.exe
c:\program files\LANDesk\LDClient\LDIScn32.EXE
c:\progra~1\LANDesk\LDClient\issuser.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\lxdncoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\lotus\notes\ntmulti.exe
c:\program files\AT&T Network Client\NetCfgSv.EXE
c:\program files\LANDesk\Shared Files\proxyhost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\StkASv2K.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\progra~1\LANDesk\LDClient\rcgui.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\rundll32.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lexmark 2600 Series\lxdnMsdMon.exe
c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lenovo\Client Security Solution\password_manager.exe
.
**************************************************************************
.
Completion time: 2011-09-22 10:06:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-22 15:06
.
Pre-Run: 68,180,885,504 bytes free
Post-Run: 68,136,189,952 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E202A815AC2E7F1CAFF0D0D8CFC1F81E

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 PM

Posted 28 September 2011 - 08:39 AM

Please let me know what problem persists.

Before we go any further I'm concerned about all these folders and files that were deleted.
I'm not sure if they were delete because they were infected or delete because they normally would not be found on these folders.

If you feel that they are required we can restore them.

Please let me know.

c:\windows\Install
c:\windows\Install\Notes My Attachments 3.82\
....
....

c:\windows\Install\Office 2003
....
....

c:\windows\Install\Office 2007 Converters\
...
...

c:\windows\Install\RNR4.2\Common\Lenovo\
...
...

c:\windows\Install\RNR4.2\program files\Lenovo\
...
...

c:\windows\Install\Sametime 7.5.1 Client
...
...

c:\windows\Install\VisioViewer\visioviewer.exe

etc...



#11 edgarog

edgarog
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 29 September 2011 - 10:21 AM

so Far those deletion hasnt affected me dont know why (maybe those werent needed at all), but I still think that my pc is infected, kaspersky helped a lot, however I keep seeing a lot of connections to jl.chura.pl, :(

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 PM

Posted 29 September 2011 - 10:49 AM

Go start > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed)

repeat with
ipconfig /renew

Then hit Enter, type Exit, hit Enter
*/*

If still being redirected run this tool.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please let me know also if this computer is connected via a wireless router.

#13 edgarog

edgarog
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:46 PM

Posted 01 October 2011 - 02:45 PM

Attached File  MBR.zip   495bytes   0 downloadsaswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-30 21:02:36
-----------------------------
21:02:36.703 OS Version: Windows 5.1.2600 Service Pack 3
21:02:36.703 Number of processors: 2 586 0x170A
21:02:36.703 ComputerName: ehgestrada-2 UserName: ehgestrada
21:02:37.531 Initialize success
21:02:46.703 AVAST engine defs: 11093000
21:02:50.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:02:50.328 Disk 0 Vendor: WDC_WD16 14.0 Size: 152627MB BusType: 3
21:02:50.359 Disk 0 MBR read successfully
21:02:50.359 Disk 0 MBR scan
21:02:50.375 Disk 0 unknown MBR code
21:02:50.390 Disk 0 scanning sectors +312575760
21:02:50.468 Disk 0 scanning C:\WINDOWS\system32\drivers
21:03:11.343 Service scanning
21:03:12.171 Service SysPlant C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys **LOCKED** 32
21:03:12.187 Service Teefer2 C:\WINDOWS\system32\DRIVERS\teefer2.sys **LOCKED** 32
21:03:12.296 Service WPS C:\WINDOWS\system32\drivers\wpsdrvnt.sys **LOCKED** 32
21:03:12.312 Service WpsHelper C:\WINDOWS\system32\drivers\WpsHelper.sys **LOCKED** 32
21:03:12.828 Modules scanning
21:03:19.781 Disk 0 trace - called modules:
21:03:19.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
21:03:19.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a70d5a8]
21:03:19.796 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000cf[0x8a7931d8]
21:03:19.796 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a139028]
21:03:20.312 AVAST engine scan C:\
21:39:51.296 File: C:\Documents and Settings\ehgestrada\My Documents\klantifl.exe **INFECTED** Win32:FunLove-B
23:59:02.421 Scan finished successfully
14:32:37.421 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\ehgestrada\My Documents\MBR.dat"
14:32:37.671 The log file has been saved successfully to "C:\Documents and Settings\ehgestrada\My Documents\aswMBR.txt"

I use both wireless and wired

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 PM

Posted 02 October 2011 - 08:08 AM

Open notepad and copy/paste the text in the quote box below into it:

File::
C:\Documents and Settings\ehgestrada\My Documents\klantifl.exe


Save this as CFScript on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

Your router may be infected. Try this.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:46 PM

Posted 07 October 2011 - 07:42 AM

Are you still with me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users