Thanks,
-Rich
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:48 PM, on 2/20/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
C:\Program Files\Lenovo\LenovoCare\LPMLCHK.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\aol\1232082046\ee\aolsoftware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] C:\Program Files\Lenovo\Drag-to-Disc\DrgToDsc.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWlIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1232082046\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DDNIService - Digital Delivery Networks, Inc. - C:\Program Files\DDNI\DIBS\DDNIService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: ThinkPad PM Service for SL Series (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Service of LFKA (LFKAS) - Unknown owner - C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11894 bytes
ComboFix 09-02-19.01 - Rich 2009-02-20 22:03:37.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.2013.913 [GMT -5:00]
Running from: c:\users\Rich\Downloads\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\components\41b29219-ccbb-00c1-88e6-e586c66fba8c.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
Q:\Autorun.inf
S:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://dibs.ddni.net
.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.
2009-02-17 23:38 . 2009-02-17 23:50 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-02-17 23:38 . 2009-02-17 23:50 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-02-17 23:38 . 2009-02-17 23:38 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-02-17 06:48 . 2009-02-17 06:48 <DIR> d-------- c:\program files\MetaStream
2009-02-17 06:28 . 2009-02-17 06:28 <DIR> d-------- c:\users\All Users\Viewpoint
2009-02-17 06:28 . 2009-02-17 06:28 <DIR> d-------- c:\programdata\Viewpoint
2009-02-17 01:16 . 2009-02-17 01:16 <DIR> d-------- c:\program files\Trend Micro
2009-02-16 05:04 . 2009-02-16 00:09 15,688 --a------ c:\windows\System32\lsdelete.exe
2009-02-16 00:09 . 2009-02-16 00:09 64,160 --a------ c:\windows\System32\drivers\Lbd.sys
2009-02-16 00:07 . 2009-02-16 00:09 <DIR> d-------- c:\users\All Users\Lavasoft
2009-02-16 00:07 . 2009-02-16 00:07 <DIR> d--h-c--- c:\users\All Users\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 00:07 . 2009-02-16 00:09 <DIR> d-------- c:\programdata\Lavasoft
2009-02-16 00:07 . 2009-02-16 00:07 <DIR> d--h-c--- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-16 00:07 . 2009-02-16 00:07 <DIR> d-------- c:\program files\Lavasoft
2009-02-15 17:42 . 2009-02-15 17:42 347,019 --a------ c:\windows\xwbsp37588.exe
2009-02-15 17:42 . 2009-02-15 17:42 132,880 --a------ c:\windows\System32\MSINET.OCX
2009-02-15 17:41 . 2009-02-15 17:42 4,623,480 --a------ c:\windows\mwsnu6641.exe
2009-02-15 17:41 . 2009-02-15 17:41 28,672 --a------ c:\windows\lujl83531.exe
2009-02-15 16:46 . 2009-02-16 00:04 <DIR> d-a------ c:\users\All Users\TEMP
2009-02-15 16:46 . 2009-02-16 00:04 <DIR> d-a------ c:\programdata\TEMP
2009-02-14 15:26 . 2009-02-14 15:26 <DIR> d-------- c:\users\Rich\AppData\Roaming\Talkback
2009-02-14 11:57 . 2009-02-14 11:57 <DIR> d-------- c:\program files\Sony Corporation
2009-02-11 11:24 . 2009-02-11 11:24 <DIR> d--hs---- c:\windows\ftpcache
2009-02-11 10:05 . 2009-02-11 10:05 <DIR> d-------- c:\windows\Sun
2009-02-11 06:45 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 06:45 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-06 18:06 . 2009-02-06 18:06 <DIR> d-------- c:\users\ihateaol\AppData\Roaming\AOL
2009-02-06 16:42 . 2009-02-06 16:42 784 --a------ c:\windows\System32\Local Area Connection.xml
2009-02-06 15:54 . 2009-02-06 15:55 <DIR> d-------- c:\users\ihateaol\AppData\Roaming\Lenovo
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Videos
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Searches
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Saved Games
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Pictures
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Music
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Links
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Downloads
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Documents
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> dr------- c:\users\ihateaol\Contacts
2009-02-06 15:53 . 2009-02-06 15:53 <DIR> d--h----- c:\users\ihateaol\AppData
2009-02-06 15:53 . 2009-02-15 10:13 <DIR> d-------- c:\users\ihateaol
2009-02-05 20:07 . 2009-02-05 20:07 <DIR> d-------- c:\users\Guest\AppData\Roaming\AOL
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Videos
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Searches
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Saved Games
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Pictures
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Music
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Links
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Downloads
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Documents
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> dr------- c:\users\Guest\Contacts
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> d-------- c:\users\Guest\AppData\Roaming\Lenovo
2009-02-05 20:04 . 2009-02-05 20:04 <DIR> d--h----- c:\users\Guest\AppData
2009-02-05 20:04 . 2009-02-15 10:13 <DIR> d-------- c:\users\Guest
2009-02-02 19:39 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-02 19:39 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-02 19:39 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-02 19:39 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-02 19:39 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-02 19:39 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-02 19:39 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-02 19:39 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-02 19:32 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-02 19:32 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-02 19:32 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-02 19:32 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-02 19:32 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-01-31 19:20 . 2009-02-16 12:54 <DIR> d-------- c:\users\Rich\Shared
2009-01-31 19:20 . 2009-02-16 16:37 <DIR> d-------- c:\users\Rich\Incomplete
2009-01-31 19:18 . 2009-02-16 14:36 <DIR> d-------- c:\users\Rich\AppData\Roaming\LimeWire
2009-01-31 19:18 . 2009-01-31 19:18 <DIR> d-------- c:\program files\LimeWire
2009-01-31 18:28 . 2009-02-16 00:09 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-01-31 18:28 . 2009-01-31 18:28 <DIR> d-------- c:\users\Rich\AppData\Roaming\Apple Computer
2009-01-31 18:28 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll
2009-01-31 18:28 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\program files\iTunes
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\program files\iPod
2009-01-31 18:27 . 2009-01-31 18:27 <DIR> d-------- c:\program files\Bonjour
2009-01-31 18:26 . 2009-01-31 18:27 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-31 18:26 . 2009-01-31 18:27 <DIR> d-------- c:\programdata\Apple Computer
2009-01-31 18:26 . 2009-01-31 18:27 <DIR> d-------- c:\program files\QuickTime
2009-01-31 18:26 . 2009-01-31 18:26 <DIR> d-------- c:\program files\Apple Software Update
2009-01-31 18:25 . 2009-01-31 18:25 <DIR> d-------- c:\users\All Users\Apple
2009-01-31 18:25 . 2009-01-31 18:25 <DIR> d-------- c:\programdata\Apple
2009-01-31 18:25 . 2009-01-31 18:27 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-30 19:57 . 2009-01-30 19:57 <DIR> d-------- c:\program files\dvd43
2009-01-30 19:57 . 2009-01-30 19:57 18,816 --a------ c:\windows\System32\drivers\dvd43llh.sys
2009-01-30 19:54 . 2009-01-30 19:54 <DIR> d-------- c:\program files\EasyDVDShrink
2009-01-30 19:54 . 1999-09-10 12:06 45,056 --a------ c:\windows\System32\WNASPI32.DLL
2009-01-30 19:54 . 1999-09-10 12:06 25,244 --a------ c:\windows\System32\drivers\ASPI32.SYS
2009-01-30 19:54 . 1999-09-10 12:06 5,600 --a------ c:\windows\system\WINASPI.DLL
2009-01-30 19:54 . 1999-09-10 12:06 4,672 --a------ c:\windows\system\WOWPOST.EXE
2009-01-30 19:50 . 2009-01-30 19:50 <DIR> d-------- c:\program files\DVD Decrypter
2009-01-28 11:40 . 2009-01-28 11:40 33,536 --a------ c:\windows\System32\drivers\tvtfilter.sys
2009-01-26 00:28 . 2009-01-28 10:34 <DIR> d-------- c:\program files\A123 MOV to AVI WMV DVD MPEG MP4 MOV Converter
2009-01-26 00:28 . 2009-01-26 00:28 34 --ah----- c:\windows\System32\VideoConverter_sysquict.dat
2009-01-26 00:27 . 2009-01-26 00:27 <DIR> d-------- c:\users\Rich\AppData\Roaming\Download Manager
2009-01-26 00:13 . 2009-01-26 00:13 <DIR> d-------- c:\users\Rich\AppData\Roaming\Pegasys Inc
2009-01-26 00:11 . 2009-01-26 00:10 145,504 --a------ c:\windows\System32\bgsvcgen.exe
2009-01-26 00:11 . 2009-01-26 00:10 59,488 --a------ c:\windows\System32\GenSvcInst.exe
2009-01-26 00:11 . 2009-01-26 00:10 13,567 --a------ c:\windows\System32\drivers\CDRBSDRV.SYS
2009-01-22 21:13 . 2009-01-22 21:13 <DIR> d-------- c:\program files\SiteAdvisor
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 14:15 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-16 04:51 --------- d-----w c:\users\Rich\AppData\Roaming\uTorrent
2009-02-15 15:12 --------- d-----w c:\programdata\Lenovo
2009-02-15 15:12 --------- d-----w c:\program files\AOL 9.1
2009-02-11 22:05 --------- d-----w c:\program files\FxPro MetaTrader
2009-02-11 22:05 --------- d-----w c:\program files\FXDD - MetaTrader 4
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-11 15:04 410,984 ----a-w c:\windows\System32\deploytk.dll
2009-02-11 11:46 --------- d-----w c:\programdata\Microsoft Help
2009-02-11 11:46 --------- d-----w c:\program files\Windows Mail
2009-02-10 12:46 --------- d-----w c:\program files\Common Files\aol
2009-02-06 20:55 --------- d-----w c:\programdata\Sonic
2009-02-03 00:45 --------- d-----w c:\program files\Microsoft SQL Server
2009-01-28 16:40 --------- d-----w c:\program files\Lenovo
2009-01-28 16:40 --------- d-----w c:\program files\Common Files\Lenovo
2009-01-26 00:12 --------- d-----w c:\program files\McAfee
2009-01-23 15:00 --------- d-----w c:\programdata\PCDr
2009-01-23 15:00 --------- d-----w c:\program files\PCDR5
2009-01-21 01:22 --------- d-----w c:\programdata\SiteAdvisor
2009-01-21 01:22 --------- d-----w c:\programdata\McAfee
2009-01-20 04:21 --------- d-----w c:\program files\uTorrent
2009-01-20 01:20 --------- d-----w c:\program files\Common Files\McAfee
2009-01-20 01:19 --------- d-----w c:\program files\McAfee.com
2009-01-16 16:24 --------- d-----w c:\users\Rich\AppData\Roaming\AOL
2009-01-16 16:14 --------- d-----w c:\programdata\AOL
2009-01-16 16:01 --------- d-----w c:\programdata\AOL Downloads
2009-01-16 15:00 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 05:02 --------- d-----w c:\program files\Common Files\aolshare
2009-01-16 05:01 --------- d-----w c:\program files\Viewpoint
2009-01-16 05:01 --------- d-----w c:\program files\Common Files\Nullsoft
2009-01-16 05:00 --------- d-----w c:\programdata\AOL OCP
2009-01-15 15:54 --------- d-----w c:\program files\Java
2009-01-15 15:24 --------- d-----w c:\program files\MSXML 4.0
2009-01-15 14:14 --------- d-----w c:\programdata\DietPower4.4
2009-01-15 14:13 --------- d--h--w c:\programdata\{62305769-72A0-4229-BBE0-226CB5F989E1}
2009-01-15 14:13 --------- d-----w c:\program files\DietPower 4.4
2009-01-15 01:47 --------- d-----w c:\users\Rich\AppData\Roaming\Malwarebytes
2009-01-15 01:47 --------- d-----w c:\programdata\Malwarebytes
2009-01-15 00:37 --------- d-----w c:\program files\MSBuild
2009-01-15 00:34 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-01-14 22:20 --------- d--h--w c:\programdata\DDNI
2009-01-14 22:20 --------- d-----w c:\program files\DDNI
2009-01-14 22:17 --------- d-----w c:\programdata\PC-Doctor for Windows
2009-01-14 22:15 --------- d-----w c:\users\Rich\AppData\Roaming\Downloaded Installations
2009-01-14 15:33 --------- d-----w c:\users\Rich\AppData\Roaming\Lenovo
2009-01-14 15:31 --------- d-----w c:\program files\Windows Live Toolbar
2009-01-14 15:30 100 ----a-w c:\windows\system32\drivers\Lenovo_2746_CTO.MRK
2009-01-10 08:19 --------- d-----w c:\program files\Microsoft Office Suite Activation Assistant
2009-01-10 08:11 --------- d-----w c:\program files\Microsoft Small Business
2009-01-10 08:10 --------- d-----w c:\program files\Microsoft.NET
2009-01-10 08:08 --------- d-----w c:\program files\Microsoft Works
2009-01-10 08:04 --------- d-----w c:\programdata\PC-Doctor
2009-01-10 08:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-10 08:03 --------- d-----w c:\program files\Intel
2009-01-10 08:00 --------- d-----w c:\program files\ThinkPad
2009-01-10 07:59 --------- d-----w c:\programdata\Roxio
2009-01-10 07:55 30,144 ----a-w c:\windows\system32\drivers\psadd.sys
2009-01-10 07:55 129,784 ------w c:\windows\System32\pxafs.dll
2009-01-10 07:55 118,520 ------w c:\windows\System32\pxinsi64.exe
2009-01-10 07:55 116,472 ------w c:\windows\System32\pxcpyi64.exe
2009-01-10 07:55 --------- d-----w c:\program files\Verizon Wireless
2009-01-10 07:51 --------- d-----w c:\program files\Common Files\Java
2009-01-10 07:50 --------- d-----w c:\program files\InterVideo
2009-01-10 07:49 --------- d-----w c:\program files\Common Files\InterVideo
2009-01-10 07:48 --------- d-----w c:\programdata\Uninstall
2009-01-10 07:48 --------- d-----w c:\programdata\InstallShield
2009-01-10 07:48 --------- d-----w c:\program files\ThinkVantage
2009-01-10 07:48 --------- d-----w c:\program files\Sonic Icons for Lenovo
2009-01-10 07:48 --------- d-----w c:\program files\Roxio
2009-01-10 07:48 --------- d-----w c:\program files\Lenovo Registration
2009-01-10 07:48 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-10 07:47 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-01-10 07:47 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-10 07:46 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-10 07:46 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-10 07:41 --------- d-----w c:\program files\Lenovo Group Limited
2009-01-10 07:38 --------- d-----w c:\program files\Realtek
2009-01-10 07:38 --------- d-----w c:\program files\CONEXANT
2009-01-10 07:36 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-10 07:36 --------- d-----w c:\program files\Synaptics
2009-01-10 07:35 --------- d-----w c:\program files\DIFX
2009-01-10 07:35 --------- d-----w c:\program files\Cisco
2009-01-10 07:27 3,601,976 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-10 07:27 3,549,752 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-10 07:25 625,152 ----a-w c:\windows\system32\drivers\dxgkrnl.sys
2009-01-10 07:25 565,248 ----a-w c:\windows\System32\emdmgmt.dll
2009-01-10 07:25 45,056 ----a-w c:\windows\System32\dataclen.dll
2009-01-10 07:25 428,544 ----a-w c:\windows\System32\EncDec.dll
2009-01-10 07:25 36,864 ----a-w c:\windows\System32\cdd.dll
2009-01-10 07:25 293,376 ----a-w c:\windows\System32\psisdecd.dll
2009-01-10 07:25 148,480 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-01-10 07:24 801,280 ----a-w c:\windows\System32\NaturalLanguage6.dll
2009-01-10 07:24 2,644,480 ----a-w c:\windows\System32\NlsLexicons0009.dll
2009-01-10 07:24 12,240,896 ----a-w c:\windows\System32\NlsLexicons0007.dll
2009-01-10 07:22 885,248 ----a-w c:\windows\System32\RacEngn.dll
2009-01-10 07:22 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-10 07:22 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-10 07:22 2,032,640 ----a-w c:\windows\System32\win32k.sys
2009-01-10 07:21 90,112 ----a-w c:\windows\System32\wshext.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-23 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-05 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-05 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-05 154136]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-24 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"RoxioDragToDisc"="c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe" [2007-03-13 1116920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2008-11-20 640288]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-10-27 431392]
"ACWlIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWlIcon.exe" [2008-10-27 148768]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-25 3077432]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2008-07-30 33304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992]
"HostManager"="c:\program files\Common Files\AOL\1232082046\ee\AOLSoftware.exe" [2008-06-24 41824]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-16 509784]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\System32\TpShocks.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ACGina
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--------- 2006-11-20 12:33 214576 c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DietPower 4.4 Update Setup for All Users]
--a------ 2008-07-07 11:46 2395976 c:\programdata\{62305769-72A0-4229-BBE0-226CB5F989E1}\DietPowerSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2008-11-17 18:50 827904 c:\program files\dvd43\DVD43_Tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hrlhssvc]
--a------ 2009-02-15 17:42 851968 c:\users\Rich\AppData\Local\hrlhssvc\hrlhssvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-01-06 13:06 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-11 10:04 148888 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1737692862-350434438-2812127596-1003]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D74B93C5-027D-42F8-A63E-9A91FA50D583}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{35BC7809-4DEA-404E-9AC8-C44A020799D6}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9F599504-48E3-4F91-901B-F99FC5A38D7B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E6A48022-8679-42E2-A8F1-E291E6AE6548}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD85FDEA-AA8C-44E9-A1E3-49C0917ED557}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B97A33E7-3547-4E28-901A-EAAFC1C1A4CF}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{96389246-21EB-4A20-BEC7-ADA6218C1BE2}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{FF8D981B-CCCE-44A0-A930-0B74774F4D2D}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{BB20F5D6-A155-4DCB-AA75-37A55F1E645F}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{859AC31B-2AD6-4C0F-A026-5152AC14579E}"= UDP:c:\program files\Common Files\aol\1232082046\ee\aolsoftware.exe:AOL Shared Components
"{E6AF2992-676C-45C0-9679-91C27B7CC267}"= TCP:c:\program files\Common Files\aol\1232082046\ee\aolsoftware.exe:AOL Shared Components
"{FF23B675-5A69-45D8-8A87-B52C38E35189}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{5AF5090B-0138-4BFF-8B93-B0D944FB40AD}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"{27646B96-D89D-458D-AB47-83F9080A55A1}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{F13854B1-4749-45EB-A42E-1FE2FB256E13}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{8A36A9D3-763C-486B-A5F1-5564FE55D821}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{D0CEBB71-A5C1-4146-8B15-324269D8B789}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{A0C1B893-AB39-4B10-BE8E-80643CEA7419}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{D1B2F512-23C7-40AC-856D-A6AABDC5171E}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{4F585607-F9E1-4956-BE65-8B5B2B94F4E7}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{0F1F5A7C-02C9-4FA6-B584-BE2111C79477}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{96A54E30-7470-45AD-89C7-E0E246E29111}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1D61DF3F-ABFD-4EDF-B5A4-DD40CB0763B1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4FF15F32-D38C-48C4-A97C-1E2A4656F762}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{E67D0CBE-D8FC-45FD-AA3E-F17191FE8968}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{FE57109D-482D-4029-AB37-4D8B8AC605FD}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{395E85E5-8742-4074-86AC-B3EE08F6726A}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{D635A394-3E32-4897-A69F-612EE7B7B81C}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{1DA87496-DA24-4793-A55A-7B6B9F9C1AC6}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{0CC0971B-35AB-492A-994F-3CE6BC80CA3B}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2009-01-10 225304]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-02-16 64160]
R0 Shockprf;Shockprf;c:\windows\System32\drivers\ApsX86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\System32\drivers\ApsHM86.sys [2008-05-14 19496]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\System32\drivers\smiif32.sys [2008-05-19 13480]
R1 TPPWRIF;TPPWRIF;c:\windows\System32\drivers\TPPWR32V.SYS [2009-01-10 11552]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [2009-01-10 112128]
S1 tvtumon;tvtumon;c:\windows\System32\drivers\tvtumon.sys [2008-05-24 48192]
--- Other Services/Drivers In Memory ---
*Deregistered* - volsnap
*Deregistered* - Wanarpv6
*Deregistered* - wanatw
*Deregistered* - Wdf01000
*Deregistered* - XAudio
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e3e12c9-dee8-11dd-a3bd-806e6f6e6963}]
\shell\AutoRun\command - Q:\LenovoQDrive.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6fd1f57-dee2-11dd-8193-00248c0597e0}]
\shell\AutoRun\command - S:\LenovoSDrive.exe
.
Contents of the 'Scheduled Tasks' folder
2009-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-16 00:09]
2009-02-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
2009-02-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-01-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PCDR5\pcdr5cuiw32.exe [2008-10-31 13:14]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-DietPower 4 - c:\users\Rich\AppData\Local\{62305769-72A0-4229-BBE0-226CB5F989E1}\DietPowerSetup.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - c:\program files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
FF - ProfilePath - c:\users\Rich\AppData\Roaming\Mozilla\Firefox\Profiles\oi0ex9cm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
1 file(s) moved.
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-20 22:08:31
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(4464)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\ibmpmsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Lenovo\ATK Hotkey\ASLDRSrv.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\Lavasoft\Ad-Aware\AAWService.exe
c:\program files\Lenovo\ATK Hotkey\LFKAS.exe
c:\windows\System32\wlanext.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\DDNI\DIBS\DDNIService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\McAfee\SiteAdvisor\McSACore.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\windows\System32\rundll32.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\ThinkPad\Utilities\PWMDBSVC.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\HOTKEY\TPHKSVC.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lenovo\ATK Hotkey\LControl.exe
c:\program files\Lenovo\ATK Hotkey\LFKA.exe
c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe
c:\program files\ThinkPad\Utilities\EZEJMNAP.EXE
c:\windows\System32\igfxsrvc.exe
c:\program files\Lenovo\LenovoCare\LPMGR.EXE
c:\program files\Lenovo\LenovoCare\LPMLCHK.EXE
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\McAfee\MSC\mcmscsvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\ThinkPad\Utilities\PWMUIAux.EXE
c:\program files\AOL 9.1\shellmon.exe
c:\program files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-02-20 22:15:57 - machine was rebooted [Rich]
ComboFix-quarantined-files.txt 2009-02-21 03:15:32
Pre-Run: 117,185,617,920 bytes free
Post-Run: 116,742,467,584 bytes free
458 --- E O F --- 2009-02-11 11:49:35