combofix log:
ComboFix 09-05-03.3 - David 05/04/2009 2:18.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1307 [GMT -7:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated)
FW: Symantec Client Firewall *disabled*
FILE ::
c:\windows\LOOP.exe
c:\windows\system32\haheboye.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\LOOP.exe
c:\windows\system32\haheboye.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.
2009-05-02 23:54 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-05-02 23:54 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-05-02 23:54 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-05-02 23:54 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-05-02 23:54 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-05-02 23:54 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-05-02 23:54 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-05-02 23:54 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-05-02 23:54 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-05-02 23:53 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-05-01 09:10 . 2009-05-01 09:10 -------- d-----w c:\documents and settings\David\Application Data\Malwarebytes
2009-05-01 09:09 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 09:09 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 09:09 . 2009-05-01 09:09 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 09:09 . 2009-05-01 09:10 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 07:38 . 2009-05-01 07:38 233472 ----a-w c:\windows\system32\REX Shared Library.dll
2009-05-01 06:48 . 2003-11-07 18:48 54272 ----a-w c:\windows\system32\KERNELO2.DLL
2009-04-22 09:23 . 2009-04-22 09:23 -------- d-----w c:\program files\Moleskinsoft Clone Remover 3.5
2009-04-22 04:32 . 2009-04-22 04:32 -------- d-----w c:\program files\Trend Micro
2009-04-14 05:32 . 2009-04-15 00:28 -------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-04-14 05:31 . 2009-04-15 00:28 -------- d-----w c:\program files\NCH Swift Sound
2009-04-13 03:35 . 2009-04-13 03:35 -------- d-----w C:\David Iskandaryan neve2
2009-04-10 01:05 . 2009-05-04 06:39 -------- d--h--w C:\$AVG8.VAULT$
2009-04-10 00:41 . 2009-04-29 20:31 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-10 00:41 . 2009-04-29 20:31 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-10 00:41 . 2009-04-29 20:31 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-10 00:41 . 2009-04-29 20:31 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-10 00:41 . 2009-05-02 20:53 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-10 00:41 . 2009-04-10 00:56 -------- d-----w c:\documents and settings\David\Application Data\AVGTOOLBAR
2009-04-10 00:41 . 2009-04-10 00:41 -------- d-----w c:\program files\AVG
2009-04-10 00:41 . 2009-04-17 00:03 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-09 03:12 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-09 00:14 . 2009-04-30 00:15 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-09 00:09 . 2009-04-09 00:09 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-07 23:19 . 2006-10-18 05:29 487479 ----a-w c:\windows\system32\SkinMagic.dll
2009-04-07 23:19 . 2009-04-07 23:19 -------- d-----w c:\program files\Smallvideosoft
2009-04-07 03:02 . 2009-04-07 03:02 -------- d--h--w c:\windows\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 09:17 . 2006-04-30 05:46 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 09:13 . 2007-07-15 19:41 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-04 08:43 . 2009-02-11 04:40 882 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-04 06:29 . 2007-07-20 08:21 256 ----a-w c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
2009-05-04 06:05 . 2007-07-15 19:42 40 ----a-w c:\windows\system32\profile.dat
2009-05-03 07:15 . 2007-07-15 19:47 5427 ----a-w c:\windows\system32\EGATHDRV.SYS
2009-05-03 00:10 . 2007-07-15 19:30 300 ----a-w c:\windows\Tasks\PMTask.job
2009-05-02 07:34 . 2008-07-15 21:40 -------- d-----w c:\program files\Digidesign
2009-05-01 09:34 . 2009-04-03 09:00 -------- d-----w c:\program files\Common
2009-05-01 06:48 . 2007-07-21 03:24 -------- d-----w c:\program files\VstPlugins
2009-05-01 06:48 . 2007-08-08 01:20 -------- d-----w c:\program files\Native Instruments
2009-04-30 00:16 . 2009-04-09 00:14 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-10 02:26 . 2007-07-15 19:30 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-08 06:30 . 2008-10-12 07:36 -------- d-----w c:\program files\Winamp
2009-04-08 06:30 . 2009-03-18 06:31 -------- d-----w c:\program files\iTunes
2009-04-07 10:52 . 2008-01-11 09:14 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-23 06:30 . 2007-07-15 20:00 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-18 06:31 . 2009-03-18 06:31 -------- d-----w c:\program files\iPod
2009-03-18 06:30 . 2009-03-18 06:30 -------- d-----w c:\program files\QuickTime
2009-03-18 06:13 . 2008-05-09 01:07 -------- d-----w c:\program files\Apple Software Update
2009-03-18 06:11 . 2009-03-18 06:11 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-03-16 07:20 . 2009-02-11 04:38 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-03-06 14:00 . 2006-04-30 05:11 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 06:59 . 2009-03-18 06:28 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 06:59 . 2008-05-09 01:07 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2006-04-30 05:11 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2006-04-30 05:10 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2006-04-30 05:10 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2006-04-30 05:10 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2006-04-30 05:10 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2006-04-30 05:10 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2006-04-30 05:11 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2006-04-30 05:10 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2006-04-30 05:11 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2006-04-30 05:11 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-03 22:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2006-04-30 05:11 55808 ----a-w c:\windows\system32\secur32.dll
2009-01-26 10:27 . 2008-02-23 06:49 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-26 10:27 . 2008-02-23 06:49 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-26 10:27 . 2008-02-23 06:49 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-26 10:27 . 2008-02-23 06:49 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-26 10:27 . 2008-02-23 06:49 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2009-01-08 22:08 . 2009-01-08 22:08 24418 --sha-w c:\windows\system32\pijifazo.exe
2009-01-08 22:08 . 2009-01-08 22:08 38989 --sha-w c:\windows\system32\pojeguno.dll
2009-01-08 22:08 . 2009-01-08 22:08 50560 --sha-w c:\windows\system32\yodogugo.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-03_00.13.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-04 06:07 . 2009-05-04 06:07 16384 c:\windows\Temp\Perflib_Perfdata_284.dat
+ 2006-04-30 05:55 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2006-04-30 05:55 . 2007-07-27 16:41 26488 c:\windows\system32\spupdsvc.exe
- 2008-03-22 01:13 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2008-03-22 01:13 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2006-04-30 05:11 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
- 2006-04-30 05:11 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2006-04-30 05:11 . 2009-05-04 06:12 91112 c:\windows\system32\perfc009.dat
- 2006-04-30 05:11 . 2009-03-23 06:32 91112 c:\windows\system32\perfc009.dat
+ 2006-04-30 05:10 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2006-04-30 05:10 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2006-04-30 05:10 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
- 2006-11-08 04:03 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2006-11-08 04:03 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2006-04-30 05:30 . 2004-08-04 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2006-04-30 05:30 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
+ 2006-04-30 05:10 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2006-04-30 05:10 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
- 2006-11-07 10:26 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 10:26 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
+ 2006-04-30 05:10 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2006-04-30 05:10 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
- 2006-04-30 05:10 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
+ 2006-04-30 05:10 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 18:58 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
- 2006-10-17 18:58 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2009-02-03 20:08 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
- 2006-10-17 18:58 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-10-17 18:58 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2007-04-25 08:41 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-04-25 08:41 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2006-11-08 04:03 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-11-08 04:03 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-04-24 14:26 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-04-24 14:26 . 2008-12-19 09:10 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2006-11-07 10:26 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2006-11-07 10:26 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
- 2006-10-17 19:06 . 2006-10-17 19:06 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-10-17 19:06 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2006-11-07 10:26 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2006-11-07 10:26 . 2008-12-19 09:10 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-20 10:04 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll
+ 2007-08-20 10:04 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
+ 2006-04-30 05:10 . 2005-07-26 04:20 60416 c:\windows\system32\colbact.dll
- 2006-04-30 05:10 . 2005-07-26 04:39 60416 c:\windows\system32\colbact.dll
+ 2007-07-15 19:57 . 2009-05-04 05:33 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-07-15 19:57 . 2009-05-04 05:33 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-07-15 19:57 . 2009-05-04 05:33 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-05-04 05:39 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-05-04 05:39 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-05-04 05:39 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-05-04 05:39 . 2006-10-17 19:06 78336 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-05-04 05:39 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-05-04 05:39 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
- 2006-04-30 05:11 . 2004-08-04 12:00 351232 c:\windows\system32\winhttp.dll
+ 2006-04-30 05:11 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2006-04-30 05:11 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2006-04-30 05:11 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
+ 2006-04-30 05:30 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2006-04-30 05:30 . 2009-02-11 01:31 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2006-04-30 05:30 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll
+ 2006-04-30 05:11 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2006-04-30 05:11 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
- 2006-04-30 05:11 . 2009-03-23 06:32 493556 c:\windows\system32\perfh009.dat
+ 2006-04-30 05:11 . 2009-05-04 06:12 493556 c:\windows\system32\perfh009.dat
- 2006-04-30 05:11 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
+ 2006-04-30 05:11 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2006-04-30 05:11 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
+ 2006-04-30 05:11 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2006-04-30 05:11 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
+ 2006-04-30 05:11 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
+ 2006-04-30 05:11 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
- 2006-04-30 05:11 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
- 2006-11-08 04:03 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
+ 2006-11-08 04:03 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
+ 2006-04-30 05:10 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2006-04-30 05:10 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2006-04-30 05:10 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2006-04-30 05:10 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2006-10-17 18:57 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2006-04-30 05:10 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
- 2006-10-17 18:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
+ 2006-10-17 18:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
+ 2006-04-30 05:10 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2006-04-30 05:10 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
+ 2006-04-30 05:10 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2006-04-30 05:10 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
- 2006-04-30 05:10 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
+ 2006-04-30 05:10 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
+ 2006-04-30 05:10 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2006-04-30 05:10 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2006-04-30 05:10 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2006-04-30 05:10 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
- 2006-04-30 05:10 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2006-04-30 05:10 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2009-02-11 01:31 . 2009-02-11 01:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll
- 2006-11-08 04:03 . 2008-12-20 23:15 826368 c:\windows\system32\dllcache\wininet.dll
+ 2006-11-08 04:03 . 2009-03-03 00:18 826368 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
- 2006-11-08 04:03 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-11-08 04:03 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2006-10-17 19:05 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2006-10-17 19:05 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 19:04 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 19:04 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
- 2006-11-08 04:03 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2006-11-08 04:03 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2006-10-17 19:05 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
+ 2006-10-17 19:05 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-11-08 04:03 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-11-08 04:03 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-04-25 08:41 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-04-25 08:41 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-08-17 12:37 . 2009-02-09 10:01 728576 c:\windows\system32\dllcache\lsasrv.dll
+ 2007-07-15 19:29 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2006-10-17 19:04 . 2009-02-28 04:54 636072 c:\windows\system32\dllcache\iexplore.exe
+ 2007-04-25 08:41 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2006-11-07 10:27 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-04-25 08:41 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-04-25 08:41 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2006-11-07 10:25 . 2008-12-19 05:23 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 10:25 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2006-11-07 10:27 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2006-11-07 10:27 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2006-11-07 10:26 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-07 10:26 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2006-11-08 04:03 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-11-08 04:03 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2006-10-17 18:57 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-10-17 18:57 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-10-17 18:58 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-10-17 18:58 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-11-07 10:26 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2006-11-07 10:26 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
- 2006-04-30 05:10 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2006-04-30 05:10 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
+ 2007-07-15 19:57 . 2009-05-04 05:33 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-07-15 19:57 . 2009-05-04 05:33 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-07-15 19:57 . 2009-05-04 05:33 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-07-15 19:57 . 2009-05-04 05:33 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-07-15 19:57 . 2009-05-04 05:33 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2009-05-04 05:39 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-05-04 05:39 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-05-04 05:39 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-05-04 05:39 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-05-04 05:39 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-05-04 05:39 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-05-04 05:39 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
- 2006-04-30 05:11 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
+ 2006-04-30 05:11 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2006-04-30 05:11 . 2008-05-07 05:18 1287680 c:\windows\system32\quartz.dll
+ 2006-04-30 05:11 . 2008-12-20 22:43 1287680 c:\windows\system32\quartz.dll
+ 2006-04-30 05:10 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2006-11-08 04:03 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2006-09-06 06:01 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2006-09-06 06:01 . 2007-04-17 09:28 2455488 c:\windows\system32\ieapfltr.dat
+ 2006-11-08 04:03 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2006-11-08 04:03 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2007-10-29 22:43 . 2008-12-20 22:43 1287680 c:\windows\system32\dllcache\quartz.dll
- 2007-10-29 22:43 . 2008-05-07 05:18 1287680 c:\windows\system32\dllcache\quartz.dll
+ 2007-02-28 09:55 . 2009-02-06 10:32 2186112 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2007-02-28 09:15 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:15 . 2008-08-14 09:18 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:15 . 2008-08-14 09:18 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 09:15 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 09:53 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 09:53 . 2008-08-14 09:55 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-11-08 04:03 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2007-04-25 08:41 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2007-04-17 09:28 . 2007-04-17 09:28 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2007-04-17 09:28 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2007-07-15 19:57 . 2009-05-04 05:33 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-07-15 19:57 . 2009-05-04 05:33 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2007-07-15 19:57 . 2009-03-16 07:26 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-05-04 05:39 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-05-04 05:39 . 2009-01-17 05:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-05-04 05:39 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-05-04 05:39 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2006-04-30 05:39 . 2009-02-06 10:32 2186112 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2006-04-30 05:39 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2006-04-30 05:39 . 2008-08-14 09:18 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2006-04-30 05:39 . 2008-08-14 09:18 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2006-04-30 05:39 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2006-04-30 05:39 . 2008-08-14 09:55 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-04-30 05:39 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-05-04 05:34 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2006-02-23 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-25 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-25 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-25 118784]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2007-10-31 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-29 1947928]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2006-03-16 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w c:\program files\Lenovo\AwayTask\AwayNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-02-19 23:03 32768 ----a-w c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-29 20:31 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ----a-w c:\windows\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ----a-w c:\windows\system32\tphklock.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave10"= Digi32.dll
"Midi1"= ma_cmidn.dll
"Midi2"= mbx2midu.dll
"Midi3"= diomidi.dll
"midi4"= ma_cmidn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 gupdate1c98c02e135702e;Google Update Service (gupdate1c98c02e135702e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 133104]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2007-10-31 97808]
R3 DfuUsb;DfuUsb;c:\windows\system32\DRIVERS\DFUUsb.sys [2001-11-27 10880]
R3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\system32\DRIVERS\mausbmr.sys [2006-06-28 110464]
R3 MBX2DFU;MBX2DFU;c:\windows\system32\DRIVERS\MBX2DFU.sys [2007-10-31 21648]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2007-10-31 21904]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R3 SavRoam;SavRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2005-08-19 124608]
R3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2006-11-24 18432]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2009-04-29 12552]
S0 DigiFilter;DigiFilter;c:\windows\System32\drivers\DigiFilt.sys [2006-12-09 16384]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-30 64160]
S0 Shockprf;Shockprf; [x]
S1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2005-11-08 11520]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-29 325896]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-29 108552]
S1 IBMTPCHK;IBMTPCHK;c:\windows\system32\Drivers\IBMBLDID.sys [2006-01-13 6016]
S1 ShockMgr;ShockMgr; [x]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2006-05-25 4442]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-29 298776]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-12 30312]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-30 953168]
S2 MAudioMicroService;M-Audio Micro Installer;c:\program files\M-Audio\M-Audio Micro\MAUSBMRInst.exe [2006-06-27 57344]
S2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 58368]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [2006-07-14 3968]
S3 iLokDrvr;iLok;c:\windows\system32\DRIVERS\iLokDrvr.sys [2008-06-05 54256]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrv10733
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db10c14d-09ef-11dd-bbdc-001558c8d3d2}]
\Shell\AutoRun\command - f:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:15]
2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:34]
2009-05-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
2007-11-16 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8185137424.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 07:52]
2009-05-04 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 04:40]
2009-05-03 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-07-15 16:13]
2008-05-04 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-01-11 22:31]
2007-07-20 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-07-15 00:32]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext =
hxxp://www.lenovo.com/welcome/thinkpadIE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI01DA~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\3u4nshrs.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-04 02:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1416)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\igfxdev.dll
c:\windows\system32\notifyf2.dll
.
Completion time: 2009-05-04 2:24
ComboFix-quarantined-files.txt 2009-05-04 09:24
ComboFix2.txt 2009-05-03 00:19
Pre-Run: 8,901,378,048 bytes free
Post-Run: 8,918,335,488 bytes free
507 --- E O F --- 2009-05-04 05:39
hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:21 AM, on 5/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.lenovo.com/welcome/thinkpadO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cabO16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/St ... b55579.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... oader5.cabO16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -
http://zone.msn.com/BinFrameWork/v10/ZB ... b55579.cabO16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace.com/upload/MySpaceUploader1005.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cabO16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZP ... b55579.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se9563.cabO16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://download.divx.com/player/DivXBrowserPlugin.cabO16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) -
http://zone.msn.com/bingame/zpagames/zp ... b60231.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn.com/binFramework/v ... b56649.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) -
http://zone.msn.com/binframework/v10/St ... b55579.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c98c02e135702e) (gupdate1c98c02e135702e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio Micro Installer (MAudioMicroService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Micro\MAUSBMRInst.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
--
End of file - 17426 bytes