ComboFix 08-06-15.4 - Laizer 2008-06-18 22:28:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1294 [GMT 3:00]
Running from: C:\Documents and Settings\Laizer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laizer\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Laizer\Application Data\uTorrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\[DB]_Bleach_168_[7804D19E].avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\[DB]_Bleach_169_[441E1525].avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\[DB]_Naruto_191_[E7923CB9].avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\[DB]_Naruto_192_[B41EC78F].avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\[DB]_Naruto_193_[8BBD60BF].avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\[DB]_Naruto_194_[05D99A25].avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\[DB]_Naruto_195_[BFFE78CB].avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\[DB]_Naruto_Movie_3_[C688AE50].avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Alcohol 120% 1.9.7.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\AnyDVD&AnyDVD HD 6.4.0.4 FINAL (NEW).torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Bizet - Sinfonia n.1.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Constantine[2005]DvDRip[Eng]-BoBo.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\dht.dat
C:\Documents and Settings\Laizer\Application Data\uTorrent\Eragon[2006]DvDrip[Eng]-aXXo.avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Lady.In.The.Water[2006]DvDrip[Eng]-aXXo.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Melanie C - This Time (2007) - Pop [www.torrentazos.com].rar.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\NightWatch.avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Philharmonic Orc.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\resume.dat
C:\Documents and Settings\Laizer\Application Data\uTorrent\resume.dat.old
C:\Documents and Settings\Laizer\Application Data\uTorrent\Robert Plant & Alison Krauss - Raising Sand (256Kbps).torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Ryan Adams - Follow The Lights EP [2007].torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\settings.dat
C:\Documents and Settings\Laizer\Application Data\uTorrent\settings.dat.old
C:\Documents and Settings\Laizer\Application Data\uTorrent\Simpsons.Season.18.Complete.PDTV-XViD.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\South.Park.S12E03.DSR.XviD-0TV.avi.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\The Simpsons, the complete 19th season.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\The Venture Bros Brothers Season 1,2 extras [Geophage].torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Tom Lehrer - Evening Wasted with Tom Lehrer.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Tom Lehrer - That Was The Year That Was (1965).torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Tom Lehrer - That Was the Year That Was.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\Top 100 Masterpieces of Classical Music 1685-1928.torrent
C:\Documents and Settings\Laizer\Application Data\uTorrent\utorrent.lng
.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.
2008-06-17 22:04 . 2008-06-17 22:05 <DIR> d-------- C:\DotNetNuke_2
2008-06-16 23:13 . 2008-06-16 23:13 <DIR> d-------- C:\Program Files\Java
2008-06-16 23:13 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-16 23:01 . 2008-06-16 23:07 <DIR> d-------- C:\Documents and Settings\Laizer\.SunDownloadManager
2008-06-16 17:33 . 2008-06-16 17:33 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-11 22:15 . 2007-01-18 15:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-06-11 15:38 . 2008-04-14 14:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 15:38 . 2008-04-14 14:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 21:32 . 2008-06-02 21:32 <DIR> d-------- C:\Program Files\A-Ray Scanner
2008-05-27 20:58 . 2008-05-27 21:03 <DIR> d-------- C:\Documents and Settings\Laizer\Application Data\yoclient
2008-05-26 08:11 . 2008-06-12 09:19 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-25 14:16 . 2008-06-18 09:25 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-25 14:16 . 2008-05-25 14:16 <DIR> d-------- C:\Program Files\AVG
2008-05-25 14:16 . 2008-05-26 09:04 <DIR> d-------- C:\Documents and Settings\Laizer\Application Data\AVGTOOLBAR
2008-05-25 14:16 . 2008-05-25 14:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-25 14:16 . 2008-05-25 14:16 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-25 14:16 . 2008-05-25 14:16 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-25 14:16 . 2008-05-25 14:16 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 20:21 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-16 15:05 --------- d-----w C:\Program Files\SlySoft
2008-05-25 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-17 20:52 --------- d-----w C:\Documents and Settings\Laizer\Application Data\.purple
2008-05-14 19:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Lenovo
2008-05-14 19:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-05-14 19:14 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2008-05-11 09:38 --------- d-----w C:\Documents and Settings\Laizer\Application Data\U3
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 19:33 --------- d-----w C:\Program Files\Real Alternative
2008-05-05 14:07 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2008-05-05 13:57 --------- d-----w C:\Program Files\Common Files\ThinkVantage Fingerprint Software
2008-05-05 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\UIB
2008-05-05 13:54 --------- d-----w C:\Program Files\NetWaiting
2008-05-05 13:54 --------- d-----w C:\Program Files\Digital Line Detect
2008-05-05 13:54 --------- d-----w C:\Documents and Settings\Laizer\Application Data\InstallShield
2008-05-05 13:53 --------- d-----w C:\Program Files\PCDR5
2008-05-05 13:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC-Doctor
2008-05-05 13:51 21,361 ------w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-05 13:51 21,361 ------w C:\WINDOWS\AegisP.sys
2008-05-05 13:51 --------- d-----w C:\Program Files\Lenovo
2008-05-05 13:51 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-05-05 13:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-05-05 13:51 --------- d-----w C:\Documents and Settings\Laizer\Application Data\Intel
2008-05-05 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-05-05 13:38 534,920 ------w C:\WINDOWS\qfe149.tmp
2008-05-05 13:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 13:34 539,448 ------w C:\WINDOWS\qfeBB.tmp
2008-05-05 13:09 --------- d-----w C:\Program Files\ThinkPad
2008-05-03 22:47 --------- d-----w C:\Program Files\Trend Micro
2008-05-01 11:11 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Media Player Classic
2007-08-03 14:47 32,768 --sh--w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007080320070804\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Documents and Settings\All Users\Application Data\UIB ----
2007-08-14 17:02 9322496 --------- C:\Documents and Settings\All Users\Application Data\UIB\{A2289997-10A3-48F2-AA03-99180D761661}\pshome.msi
---- Directory of C:\Documents and Settings\Laizer\Application Data\.purple ----
2008-05-17 23:52 767 --a------ C:\Documents and Settings\Laizer\Application Data\.purple\status.xml
2008-05-17 23:52 4207 --a------ C:\Documents and Settings\Laizer\Application Data\.purple\accounts.xml
2008-05-17 23:52 16377 --a------ C:\Documents and Settings\Laizer\Application Data\.purple\prefs.xml
2008-05-17 23:52 11873 --a------ C:\Documents and Settings\Laizer\Application Data\.purple\blist.xml
2008-03-31 01:30 1346 --------- C:\Documents and Settings\Laizer\Application Data\.purple\icons\434a4ebdec51e2b10ef097197d9ea16a22e1ef09.jpg
2008-03-31 01:27 8355 --------- C:\Documents and Settings\Laizer\Application Data\.purple\icons\b3fde5d1b04b432359df0316a2c627a77585c06e.png
2007-09-24 15:55 5232 --------- C:\Documents and Settings\Laizer\Application Data\.purple\accels
2007-09-11 16:00 2776 --------- C:\Documents and Settings\Laizer\Application Data\.purple\icons\799a252c2f2e13537f601050642b3bc53f4fe107.jpg
2007-09-11 15:59 3479 --------- C:\Documents and Settings\Laizer\Application Data\.purple\icons\9ef3241166c6d8b0507f3f2a5bb6b4bd3b7f943d.jpg
2007-09-06 11:46 8187 --------- C:\Documents and Settings\Laizer\Application Data\.purple\icons\6b7eeae5dc6ad4b44f0e24c1fa3de2f2d11f62f7.jpg
2007-09-06 11:46 4724 --------- C:\Documents and Settings\Laizer\Application Data\.purple\icons\5822bddd73107ed7f804b77499012fcf0a3e0057.gif
2007-09-06 11:46 2820 --------- C:\Documents and Settings\Laizer\Application Data\.purple\icons\55847dfa5db3e2aa52884f110b44e7c7d188a133.jpg
2007-09-06 11:46 1145 --------- C:\Documents and Settings\Laizer\Application Data\.purple\icons\8457407f46366fbb80d0ce2cdc492f07129f7323.jpg
((((((((((((((((((((((((((((( snapshot@2008-06-16_23.28.36.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 20:24:20 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-18 19:31:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 18:19:54 7,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\App_Code.eb6civ2v.dll
+ 2008-06-17 18:19:55 6,144 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\App_global.asax.xdvcnhrr.dll
+ 2008-06-17 18:19:50 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\17795215\
00e5f383_9269c801\SharpZipLib.DLL
+ 2008-06-17 18:19:49 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\1a5bc144\
003ed307_2584c801\DotNetNuke.Provider.AspNetProvider.DLL
+ 2008-06-17 18:19:48 45,056 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\1b7bae3e\
006b0409_2584c801\DotNetNuke.DNNScheduler.DLL
+ 2008-06-17 18:19:49 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\1c781da1\
006b0409_2584c801\DotNetNuke.Search.DataStore.DLL
+ 2008-06-17 18:19:49 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\21a31b27\
003f5686_9269c801\DotNetNuke.FckHtmlEditorProvider.DLL
+ 2008-06-17 18:19:47 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\37707ce6\
0098350a_2584c801\DotNetNuke.Caching.BroadcastPollingCachingProvider.DLL
+ 2008-06-17 18:19:49 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\455feb4c\
0011a206_2584c801\DotNetNuke.HttpModules.DLL
+ 2008-06-17 18:19:47 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\457b5720\
0098350a_2584c801\DotNetNuke.ASP2MenuNavigationProvider.DLL
+ 2008-06-17 18:19:50 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\50cdd2b5\
006b0409_2584c801\DotNetNuke.SolpartMenuNavigationProvider.DLL
+ 2008-06-17 18:19:50 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\596dcc9b\
00a918fd_2484c801\DotNetNuke.WebUtility.DLL
+ 2008-06-17 18:19:49 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\647b9c42\
003ed307_2584c801\DotNetNuke.Provider.DNNProvider.DLL
+ 2008-06-17 18:19:50 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\673df61c\
0098350a_2584c801\DotNetNuke.XMLLoggingProvider.DLL
+ 2008-06-17 18:19:48 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\74a8b3ce\
0098350a_2584c801\DotNetNuke.DNNMenuNavigationProvider.DLL
+ 2008-06-17 18:19:49 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\74d47147\
0098350a_2584c801\DotNetNuke.Provider.DBLoggingProvider.DLL
+ 2008-06-17 18:19:50 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\8175ad38\
006b0409_2584c801\DotNetNuke.Search.Index.DLL
+ 2008-06-17 18:19:48 1,024,000 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\8d64f14f\
008a0e03_2584c801\DotNetNuke.DLL
+ 2008-06-17 18:19:49 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\95d46f1c\
008a0e03_2584c801\DotNetNuke.Membership.Dataprovider.DLL
+ 2008-06-17 18:19:50 229,376 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\974d967a\
00204c8c_9269c801\SolpartWebControls.DLL
+ 2008-06-17 18:19:50 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\b8434cc6\
00f6d676_9269c801\Microsoft.ApplicationBlocks.Data.DLL
+ 2008-06-17 18:19:50 701,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\bfe736e3\
00204c8c_9269c801\System.Web.Extensions.DLL
+ 2008-06-17 18:19:49 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\c24cc206\
006b0409_2584c801\DotNetNuke.DNNTreeNavigationProvider.DLL
+ 2008-06-17 18:19:47 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\cbea4cfa\
0098350a_2584c801\DotNetNuke.Caching.FileBasedCachingProvider.DLL
+ 2008-06-17 18:19:50 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\ce8e9975\
007ce7fb_2484c801\DotNetNuke.Services.Syndication.DLL
+ 2008-06-17 18:19:47 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\d7d56dab\
00f553f8_2484c801\CountryListBox.DLL
+ 2008-06-17 18:19:48 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\e0d15911\
0098350a_2584c801\DotNetNuke.DNNDropDownNavigationProvider.DLL
+ 2008-06-17 18:19:50 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\e3fd0f59\
0011a206_2584c801\DotNetNuke.SqlDataProvider.DLL
+ 2008-06-17 18:19:50 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\dotnetnuke website1\f960bb13\324461b8\assembly\dl3\e4d10466\
00204c8c_9269c801\DotNetNuke.WebControls.DLL
- 2008-06-16 20:25:30 234,361 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-18 19:32:22 243,703 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-06-18 19:31:32 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-11-06 16:27 487424]
"TpShocks"="TpShocks.exe" [2007-11-22 15:09 181536 C:\WINDOWS\system32\TpShocks.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 08:00 856064]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-01-24 10:21 66928]
"TP4EX"="tp4ex.exe" [2005-10-17 11:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 19:30 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 19:30 512000]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-11 01:30 294912]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-03-16 02:07 421888]
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-14 02:38 41472]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [2008-01-11 03:21 144728]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 02:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 02:50 221184]
"IBM Warranty Notification"="C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe" [2004-03-12 19:24 106496]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 03:33 243248]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2006-02-02 15:20 122940]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 02:24 196696]
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 04:13 2341632]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-11 01:30 208896]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 20:07 69632]
"AMSG"="C:\Program Files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 09:23 487424]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-02-20 02:02 110592]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-02-20 02:10 409600]
"LPMailChecker"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2008-01-11 03:21 124248]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-03-26 03:06 59680]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-25 14:16 1177368]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
C:\Documents and Settings\Laizer\Start Menu\Programs\Startup\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-07-17 12:13:34 49152]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2007-11-26 15:58:10 576104]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-05-05 16:54:51 50688]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 23:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-02-20 02:03 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-08-16 20:07 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-08-14 15:54 89600 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 17:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2007-12-14 16:36 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 18:33]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 18:32]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 19:27]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-25 14:16]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2006-01-13 10:33]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2008-01-11 01:30]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-25 14:16]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 14:16]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-25 14:16]
R2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 04:45]
R2 PrivateDisk;PrivateDisk;C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-14 02:05]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-15 01:55]
R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 15:46]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-08-14 15:25]
S3 ReportServer;SQL Server Reporting Services (MSSQLSERVER);"C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe" [2005-10-14 04:44]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{117d8906-033c-11dd-908a-00197ef9d08d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1acb4bc-d7d6-11dc-a96e-001b7795abb3}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 19:22:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-18 19:34:13 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-18 22:33:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msftesql]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
-> C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\ZOOM\TpScrex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2008-06-18 22:37:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-18 19:37:02
ComboFix2.txt 2008-06-16 20:28:55
Pre-Run: 24,424,046,592 bytes free
Post-Run: 24,410,210,304 bytes free
321 --- E O F --- 2008-06-11 16:49:58