PLEASE HELP ME!! My laptop is heavily infected with virus.

lana1016 · #1 December 4th, 2009, 05:14 PM

My laptop was infected few month ago and it was somewhat fixed. I haven't downloaded anything and seriously I don't know what I did wrong. I can't get online or open any application.

lana1016 · #2 December 4th, 2009, 05:14 PM

These are from safe mode.

ComboFix 09-08-27.03 - Default User 12/03/2009 15:11.5.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1732 [GMT -5:00]
Running from: C:\ComboFix.exe
AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx

.
((((((((((((((((((((((((( Files Created from 2009-11-03 to 2009-12-03 )))))))))))))))))))))))))))))))
.

2009-12-03 19:18 . 2009-12-03 19:18 -------- d-----w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\cktnpc
2009-12-03 19:18 . 2009-12-03 19:18 226304 ----a-w- c:\windows\system32\sshnas.dll
2009-11-22 17:09 . 2009-11-22 17:09 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2009-11-12 15:43 . 2009-12-03 19:09 79488 ----a-w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-11 19:10 . 2009-11-11 19:10 1794456 ----a-w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2009-11-07 21:02 . 2009-11-07 21:02 1408800 ----a-w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Application Data\Move Networks\MoveMediaPlayerWin_071505000011.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-12-02 22:52 . 2008-04-20 22:20 90352 ----a-w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-02 22:52 . 2008-05-08 03:36 -------- d-----w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Application Data\Move Networks
2009-12-02 20:37 . 2008-04-26 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-02 20:34 . 2008-04-26 22:34 -------- d-----w- c:\program files\Microsoft Works
2009-11-29 13:31 . 2008-04-20 23:34 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2009-11-11 19:10 . 2009-09-23 13:45 143976 ----a-w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Application Data\Move Networks\uninstall.exe
2009-11-11 19:10 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-11-07 21:02 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Application Data\Move Networks\plugins\npqmp071505000011.dll
2009-10-16 13:29 . 2008-11-16 17:21 -------- d-----w- c:\program files\Coupons
2009-10-15 00:50 . 2009-10-15 00:50 97216 ----a-w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-10-01 22:35 . 2009-10-01 22:35 1407680 ----a-w- c:\documents and settings\Default User.LENOVO-CAB4B98B\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-09-11 14:18 . 2006-04-30 06:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 15:50 . 2009-05-01 16:18 8 ----a-w- C:\settings.dat
2009-09-04 21:03 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-07-02 23:00 . 2009-07-02 23:00 16883056 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-08-11 39408]
"glwpkwiw"="c:\documents and settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\cktnpc\jotxsysguard.exe" [2009-12-03 272640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR .DLL" [2006-05-25 151552]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL " [2006-05-25 208896]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp .Exe" [2006-02-23 237568]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 856064]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKM GR.exe" [2006-07-25 94208]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe " [2006-07-04 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-08-16 69632]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE " [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-07-10 270648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"RavTray"="c:\program files\Rising\Rav\RsTray.exe" [2009-05-06 141936]
"glwpkwiw"="c:\documents and settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\cktnpc\jotxsysguard.exe" [2009-12-03 272640]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2006-03-16 106496]
"TP4EX"="tp4ex.exe" - c:\windows\system32\TP4EX.exe [2005-10-17 65536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Default User.LENOVO-CAB4B98B\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2008-4-29 983040]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 14:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 11:16 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain\0

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"8603:TCP"= 8603:TCP:@xpsp2res.dll,-22009
"10754:TCP"= 10754:TCP:@xpsp2res.dll,-22009
"24612:TCP"= 24612:TCP:@xpsp2res.dll,-22009
"8696:TCP"= 8696:TCP:@xpsp2res.dll,-22009

R0 RsNTGDI;RsNTGDI;c:\windows\system32\drivers\RsNTGd i.sys [5/5/2009 9:07 PM 10832]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shoc kprf.sys [4/20/2008 6:17 PM 88576]
S1 hookcont;hookcont;c:\windows\system32\drivers\Hook Cont.sys [5/5/2009 9:07 PM 15216]
S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\Shoc kMgr.sys [4/20/2008 6:17 PM 4736]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRI F.SYS [4/20/2008 6:16 PM 4442]
S2 RavCCenter;Rav Process Communication Center;c:\program files\Rising\Rav\CCenter.exe [5/5/2009 9:07 PM 113264]
S2 RavTask;Rising RavTask Manager;c:\program files\Rising\Rav\RavTask.exe [5/5/2009 9:07 PM 129648]
S2 RsRavMon;Rising RealTime Monitor;c:\program files\Rising\Rav\RavMonD.exe [8/31/2009 2:50 PM 133744]
S2 RsScanSrv;Rising Scan Service;c:\program files\Rising\Rav\ScanFrm.exe [9/9/2009 10:35 AM 51824]
S2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 5:55 PM 3968]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [4/30/2006 1:56 AM 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
SSHNAS

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-12-03 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-04-20 16:13]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-NeoChronos - c:\docume~1\DEFAUL~1.LEN\LOCALS~1\Temp\c.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://esource.ohiohealth.com/,DanaInfo=DOMINOM11+dwa8W.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-03 15:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{1911415 6-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(288)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
c:\program files\Lenovo\AwayTask\AwayNotify.dll
.
Completion time: 2009-12-03 15:13
ComboFix-quarantined-files.txt 2009-12-03 20:13
ComboFix2.txt 2009-09-10 19:56

Pre-Run: 21,883,068,416 bytes free
Post-Run: 21,848,920,064 bytes free

197 --- E O F --- 2009-12-02 20:37

lana1016 · #3 December 4th, 2009, 05:15 PM

DDS (Ver_09-07-30.01) - NTFSx86 MINIMAL
Run by Default User at 15:07:12.20 on Thu 12/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1757 [GMT -5:00]

AV: Rising Antivirus *On-access scanning disabled* (Outdated) {234E4A88-48FA-4220-A994-5323706FF524}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\s wg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [glwpkwiw] c:\documents and settings\default user.lenovo-cab4b98b\local settings\application data\cktnpc\jotxsysguard.exe
uRun: [NeoChronos] c:\docume~1\defaul~1.len\locals~1\temp\c.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBa ttLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [Samsung Common SM] "c:\windows\samsung\comsmmgr\ssmmgr.exe" /autorun
mRun: [RavTray] "c:\program files\rising\rav\RsTray.exe" -system
mRun: [glwpkwiw] c:\documents and settings\default user.lenovo-cab4b98b\local settings\application data\cktnpc\jotxsysguard.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe " -t
StartupFolder: c:\docume~1\defaul~1.len\startm~1\programs\startup \memoni~1.lnk - c:\program files\sprint music manager\MEMonitor.exe
StartupFolder: c:\docume~1\defaul~1.len\startm~1\programs\startup \onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ado ber~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dig ita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1208730132683
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://esource.ohiohealth.com/,DanaInfo=DOMINOM11+dwa8W.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://esource.ohiohealth.com/dana-cached/setup/JuniperSetupSP1.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 RsNTGDI;RsNTGDI;c:\windows\system32\drivers\RsNTGd i.sys [2009-5-5 10832]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shoc kprf.sys [2008-4-20 88576]
S1 hookcont;hookcont;c:\windows\system32\drivers\Hook Cont.sys [2009-5-5 15216]
S1 ShockMgr;ShockMgr;c:\windows\system32\drivers\Shoc kMgr.sys [2008-4-20 4736]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRI F.SYS [2008-4-20 4442]
S2 RavCCenter;Rav Process Communication Center;c:\program files\rising\rav\CCenter.exe [2009-5-5 113264]
S2 RavTask;Rising RavTask Manager;c:\program files\rising\rav\RavTask.exe [2009-5-5 129648]
S2 RsRavMon;Rising RealTime Monitor;c:\program files\rising\rav\RavMonD.exe [2009-8-31 133744]
S2 RsScanSrv;Rising Scan Service;c:\program files\rising\rav\ScanFrm.exe [2009-9-9 51824]
S2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2006-4-30 14336]

=============== Created Last 30 ================

2009-12-03 14:18 226,304 a------- c:\windows\system32\sshnas.dll

==================== Find3M ====================

2009-11-29 08:31 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2009-10-22 04:19 5,939,712 -------- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 09:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-11 09:18 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-09-09 10:50 8 a------- C:\settings.dat
2009-09-04 16:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-09-04 16:03 58,880 -------- c:\windows\system32\dllcache\msasn1.dll
2009-07-02 18:00 16,883,056 a------- c:\program files\IE8-WindowsXP-x86-ENU.exe

============= FINISH: 15:07:34.45 ===============

lana1016 · #4 December 4th, 2009, 05:15 PM

Malwarebytes' Anti-Malware 1.40
Database version: 2774
Windows 5.1.2600 Service Pack 3 (Safe Mode)

12/3/2009 2:50:38 PM
mbam-log-2009-12-03 (14-50-38).txt

Scan type: Quick Scan
Objects scanned: 101356
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.

lana1016 · #5 December 4th, 2009, 05:16 PM

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/12/03 15:20
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\DEFAUL~1.LEN\LOCALS~1\Temp\catchme.sys
Address: 0xBA410000 Size: 31744 File Visible: No
Status: -

Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xB999A000 Size: 876544 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB94D2000 Size: 45056 File Visible: No
Status: -

Hidden Services
-------------------
Service Name: PEVSystemStart
Image Path: cmd /k start /i "/d%systemdrive%" "C:\ComboFix\HIDEC.exe" "C:\WINDOWS\system32\CF22615.exe" /c RD /S/Q \$RECYCLE.bin \RECYCLER \RECYCLED

lana1016 · #6 December 4th, 2009, 05:17 PM

REGLOOKS logfile - version 0.982
Scan started: Thu 12/03/2009 15:02:58.31

--- INFORMATION ---

Operating System: Microsoft Windows XP Professional - version 5.1.2600 - Service Pack 3
Bootmode: Fail-safe boot
User: Default User (Administrator account)
Total RAM: 2046 MB (free 1770 MB - 86%)
Internet Explorer Version: 8.0.6001.18702
Antivirus Program: Rising Antivirus [Not Enabled - Outdated]

--- SIGCHECK ---

C:\WINDOWS\explorer.exe -- sigcheck OK

C:\WINDOWS\system32\ctfmon.exe -- sigcheck OK

C:\WINDOWS\system32\lsass.exe -- sigcheck OK

C:\WINDOWS\system32\ntkrnlpa.exe -- sigcheck OK

C:\WINDOWS\system32\ntoskrnl.exe -- sigcheck OK

C:\WINDOWS\system32\services.exe -- sigcheck OK

C:\WINDOWS\system32\sfcfiles.dll -- sigcheck OK

C:\WINDOWS\system32\spoolsv.exe -- sigcheck OK

C:\WINDOWS\system32\svchost.exe -- sigcheck OK

C:\WINDOWS\system32\termsrv.dll -- sigcheck OK

C:\WINDOWS\system32\user32.dll -- sigcheck OK

C:\WINDOWS\system32\userinit.exe -- sigcheck OK

C:\WINDOWS\system32\wininet.dll -- sigcheck OK

C:\WINDOWS\system32\winlogon.exe -- sigcheck OK

C:\WINDOWS\system32\ws2_32.dll -- sigcheck OK

C:\WINDOWS\system32\wuauclt.exe -- sigcheck OK

C:\WINDOWS\system32\drivers\ip6fw.sys -- sigcheck OK

C:\WINDOWS\system32\drivers\ndis.sys -- sigcheck OK

C:\WINDOWS\system32\drivers\tcpip.sys -- sigcheck OK

--- SSODL regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" -- File: %SystemRoot%\system32\SHELL32.dll -- [?]
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -- File: C:\WINDOWS\system32\webcheck.dll -- [236544] -- [03/08/2009 03:34 AM]
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" -- File: %systemroot%\system32\stobject.dll -- [?]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -- File: C:\WINDOWS\system32\WPDShServiceObj.dll -- [133632] -- [10/18/2006 08:47 PM]

--- STS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" -- File: %SystemRoot%\system32\browseui.dll -- [?]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" -- File: %SystemRoot%\system32\browseui.dll -- [?]

--- USERINIT regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.ex e,"
File: C:\WINDOWS\system32\userinit.exe -- [26112] -- [04/13/2008 07:12 PM]

--- SHELL regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
File: C:\WINDOWS\Explorer.exe -- [1033728] -- [04/13/2008 07:12 PM]

--- SYSTEM regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

--- APPINIT_DLLS regkey ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no AppInit_DLLs regkey found

--- NOTIFY regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
-- File: C:\WINDOWS\system32\Ati2evxx.dll -- [86016] -- [09/12/2006 06:44 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
-- File: C:\WINDOWS\system32\crypt32.dll -- [599040] -- [04/13/2008 07:11 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
-- File: C:\WINDOWS\system32\cryptnet.dll -- [64512] -- [04/13/2008 07:11 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
-- File: C:\WINDOWS\system32\cscdll.dll -- [101888] -- [04/13/2008 07:11 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
-- File: %SystemRoot%\System32\dimsntfy.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [04/13/2008 07:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [04/13/2008 07:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
-- File: C:\WINDOWS\system32\sclgntfy.dll -- [20480] -- [04/13/2008 07:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
-- File: C:\WINDOWS\system32\WlNotify.dll -- [92672] -- [04/13/2008 07:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [04/13/2008 07:12 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
-- File: C:\WINDOWS\system32\notifyf2.dll -- [28672] -- [07/05/2005 09:45 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
-- File: C:\WINDOWS\system32\tphklock.dll -- [24576] -- [11/30/2005 06:16 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
-- File: C:\WINDOWS\system32\WgaLogon.dll -- [239496] -- [03/10/2009 09:18 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
-- File: C:\WINDOWS\system32\wlnotify.dll -- [92672] -- [04/13/2008 07:12 PM]

--- RUN / LOAD regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
no run / load keys found

--- SHELLEXECUTEHOOKS regkey ---

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" -- File: shell32.dll -- [?]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" -- File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -- [2217848] -- [02/12/2009 03:19 PM]

--- HKLM AUTORUN regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor]
no AutoRun regkey found

--- HKCU AUTORUN regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Command Processor]
no AutoRun regkey found

--- HKLM\RUN regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PWRMGRTR" -- File: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrB kGndMonitor -- [?]
"BLOG" -- File: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBa ttLog -- [?]
"SynTPLpr" -- File C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -- [110592] -- [02/14/2006 12:17 AM]
"SynTPEnh" -- File C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -- [512000] -- [02/14/2006 12:16 AM]
"EZEJMNAP" -- File C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe -- [237568] -- [02/23/2006 12:22 PM]
"TPKMAPHELPER" -- File: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper -- [?]
"TpShocks" -- File: TpShocks.exe -- [?]
"TPHOTKEY" -- File C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe -- [94208] -- [07/24/2006 08:19 PM]
"TP4EX" -- File: tp4ex.exe -- [?]
"SoundMAXPnP" -- File C:\Program Files\Analog Devices\Core\smax4pnp.exe -- [925696] -- [05/19/2005 07:11 PM]
"ATICCC" -- File "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" -- [90112] -- [05/10/2006 01:12 PM]
"LPManager" -- File C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe -- [110592] -- [07/04/2006 11:11 AM]
"DLA" -- File C:\WINDOWS\System32\DLA\DLACTRLW.EXE -- [122940] -- [02/02/2006 07:20 AM]
"ISUSScheduler" -- File: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start -- [?]
"AwaySch" -- File C:\Program Files\Lenovo\AwayTask\AwaySch.EXE -- [69632] -- [08/16/2006 12:07 PM]
"TVT Scheduler Proxy" -- File C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe -- [503808] -- [07/14/2006 08:05 PM]
"cssauth" -- File -- "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent -- [X]
"IMJPMIG8.1" -- File: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 -- [?]
"IMEKRMIG6.1" -- File C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE -- [44032] -- [08/04/2004 07:00 AM]
"MSPY2002" -- File: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC -- [?]
"PHIME2002ASync" -- File: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC -- [?]
"PHIME2002A" -- File: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName -- [?]
"QuickTime Task" -- File: "C:\Program Files\QuickTime\qttask.exe" -atboottime -- [?]
"iTunesHelper" -- File "C:\Program Files\iTunes\iTunesHelper.exe" -- [270648] -- [07/10/2007 11:18 AM]
"GrooveMonitor" -- File "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" -- [31072] -- [10/25/2008 11:44 AM]
"OM_Monitor" -- File C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe -- [40960] -- [11/29/2005 06:19 PM]
"Samsung Common SM" -- File: "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun -- [?]
"RavTray" -- File: "C:\Program Files\Rising\Rav\RsTray.exe" -system -- [?]
"glwpkwiw" -- File: C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\cktnpc\jotxsysguard.exe -- [?]

--- HKLM\RUNONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
no runonce values found

--- HKLM\RUNONCEEX regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx]
no runonceex values found

--- HKLM\RUNSERVICES regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServices]
no runservices values found

--- HKLM\RUNSERVICESONCE regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunServicesOnce]
no runservicesonce values found

--- HKCU\RUN regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"OM_Monitor" -- File C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -- [57344] -- [11/29/2005 06:19 PM]
"MSMSGS" -- File: "C:\Program Files\Messenger\msmsgs.exe" /background -- [?]
"Messenger (Yahoo!)" -- File: "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet -- [?]
"WMPNSCFG" -- File C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [204288] -- [10/18/2006 07:05 PM]
"swg" -- File "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" -- [39408] -- [08/11/2009 10:09 AM]
"ctfmon.exe" -- File C:\WINDOWS\system32\ctfmon.exe -- [15360] -- [04/13/2008 07:12 PM]
"glwpkwiw" -- File: C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\cktnpc\jotxsysguard.exe -- [?]
"NeoChronos" -- File C:\DOCUME~1\DEFAUL~1.LEN\LOCALS~1\Temp\c.exe -- [179712] -- [12/03/2009 02:18 PM]

--- HKCU\RUNONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
no runonce values found

--- HKCU\RUNONCEEX regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnceEx]
no runonceex values found

--- HKCU\RUNSERVICES regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServices]
no runservices values found

--- HKCU\RUNSERVICESONCE regkey ---

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunServicesOnce]
no runservicesonce values found

--- HKU\.DEFAULT\Run regkeys - Default user ---

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run]
"DWQueuedReporting" -- File: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t -- [?]

--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting" -- File: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t -- [?]

--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found

--- HKU\S-1-5-20\Run regkeys - User Lokale service ---

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
key not found

--- HKLM\Explorer\Run regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\Explorer\Run]
no run values found

--- HKCU\Explorer\Run regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer\Run]
no run values found

--- Image File Execution regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
no debuggers found

--- BROWSER HELPER OBJECTS regkeys ---

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
-- File: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll -- [882416] -- [07/28/2008 05:47 AM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
-- File: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll -- [63136] -- [12/14/2004 12:56 AM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}]
-- File: C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL -- [1865544] -- [05/23/2008 11:40 AM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
-- File: C:\Program Files\Yahoo!\Common\yiesrvc.dll -- [222448] -- [12/12/2007 05:09 PM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
-- File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll -- [2217848] -- [02/12/2009 03:19 PM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
-- File: C:\Program Files\Java\jre6\bin\ssv.dll -- [320920] -- [02/17/2009 11:14 PM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
-- File: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll -- [259696] -- [08/11/2009 10:09 AM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
-- File: C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll -- [764912] -- [11/29/2009 09:18 PM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
-- File: C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll -- [470512] -- [08/11/2009 10:09 AM]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
-- File: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll -- [73728] -- [02/17/2009 11:14 PM]

--- TOOLBAR regkeys ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll -- [882416] -- [07/28/2008 05:47 AM]
{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} -- File: C:\PROGRA~1\ATTTOO~1\ATTTOO~1.DLL -- [1865544] -- [05/23/2008 11:40 AM]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -- File: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll -- [259696] -- [08/11/2009 10:09 AM]

--- HKLM\URLSEARCHHOOKS regkeys ---

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
no urlsearchhooks found

lana1016 · #7 December 4th, 2009, 05:17 PM

--- HKCU\URLSEARCHHOOKS regkeys ---

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -- File: C:\WINDOWS\system32\ieframe.dll -- [11069440] -- [08/29/2009 03:08 AM]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -- File: C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll -- [882416] -- [07/28/2008 05:47 AM]

--- SRCEENSAVER regkey ---

[HKEY_CURRENT_USER\Control Panel\Desktop]
scrnsave.exe value not found

--- ALTERNATESHELL regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot]
File: C:\WINDOWS\system32\cmd.exe -- [389120] -- [04/13/2008 07:12 PM]

--- SECURITYPROVIDERS regkey ---

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
File: C:\WINDOWS\system32\msapsspc.dll -- [86016] -- [04/13/2008 07:11 PM]
File: C:\WINDOWS\system32\schannel.dll -- [147456] -- [06/25/2009 03:25 AM]
File: C:\WINDOWS\system32\digest.dll -- [68608] -- [04/13/2008 07:11 PM]
File: C:\WINDOWS\system32\msnsspc.dll -- [290816] -- [04/13/2008 07:12 PM]

--- Active Setup\Installed Components regkey ---

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
-- File: C:\WINDOWS\system32\ieudinit.exe -- [36864] -- [03/08/2009 03:32 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
-- File: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
-- File: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
-- File: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0291E591-EA41-4c82-8106-3DC6CE7F7664}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
-- File: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
-- File: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser .NT -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
-- File: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
-- File: regsvr32.exe /s /n /i:U shell32.dll -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
-- File: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
-- File: c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -- [?]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A17E30C4-A9BA-11D4-8673-60DB54C10000}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AA218328-0EA8-4D70-8972-E987A9190FF4}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
-- filepath not found

--- Services regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\abp480n5]
-- File: \SystemRoot\system32\DRIVERS\ABP480N5.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ac97intc]
-- File: system32\drivers\ac97intc.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\adpu160m]
-- File: \SystemRoot\system32\DRIVERS\adpu160m.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\AEAudioService]
-- File: system32\drivers\AEAudio.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aec]
-- File: system32\drivers\aec.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\agp440]
-- File: \SystemRoot\system32\DRIVERS\agp440.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aic78u2]
-- File: \SystemRoot\system32\DRIVERS\aic78u2.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aic78xx]
-- File: \SystemRoot\system32\DRIVERS\aic78xx.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\alim1541]
-- File: \SystemRoot\system32\DRIVERS\alim1541.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\amdagp]
-- File: \SystemRoot\system32\DRIVERS\amdagp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\amsint]
-- File: \SystemRoot\system32\DRIVERS\amsint.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc]
-- File: \SystemRoot\system32\DRIVERS\asc.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc3350p]
-- File: \SystemRoot\system32\DRIVERS\asc3350p.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\asc3550]
-- File: \SystemRoot\system32\DRIVERS\asc3550.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aspnet_state]
-- File: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\as pnet_state.exe -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\aswTdi]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\atapi]
-- File: system32\DRIVERS\atapi.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ati2mtag]
-- File: system32\DRIVERS\ati2mtag.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Atierecord]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\atmeltpm]
-- File: system32\DRIVERS\atmeltpm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\audstub]
-- File: system32\DRIVERS\audstub.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\cdrbsdrv]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DgiVecp]
-- File: System32\Drivers\DgiVecp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DLABOIOM]
-- File: System32\DLA\DLABOIOM.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DLACDBHM]
-- File: System32\Drivers\DLACDBHM.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DLADResN]
-- File: System32\DLA\DLADResN.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DLAIFS_M]
-- File: System32\DLA\DLAIFS_M.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DLAOPIOM]
-- File: System32\DLA\DLAOPIOM.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DLAPoolM]
-- File: System32\DLA\DLAPoolM.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DLARTL_N]
-- File: System32\Drivers\DLARTL_N.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DLAUDFAM]
-- File: System32\DLA\DLAUDFAM.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DLAUDF_M]
-- File: System32\DLA\DLAUDF_M.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DRVMCDB]
-- File: System32\Drivers\DRVMCDB.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DRVNDDM]
-- File: System32\Drivers\DRVNDDM.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\e1express]
-- File: system32\DRIVERS\e1e5132.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\EGATHDRV]
-- File: \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\hookcont]
-- File: system32\drivers\HookCont.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i2omgmt]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i2omp]
-- File: \SystemRoot\system32\DRIVERS\i2omp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\i8042prt]
-- File: system32\DRIVERS\i8042prt.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\iaStor]
-- File: system32\DRIVERS\iaStor.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IBMPMDRV]
-- File: system32\DRIVERS\ibmpmdrv.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IBMPMSVC]
-- File: %SystemRoot%\system32\ibmpmsvc.exe -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\idsvc]
-- File: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windo ws Communication Foundation\infocard.exe" -- [881664] -- [07/29/2008 07:24 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\inetaccs]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ini910u]
-- File: \SystemRoot\system32\DRIVERS\ini910u.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\intelppm]
-- File: system32\DRIVERS\intelppm.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\iPod Service]
-- File: "C:\Program Files\iPod\bin\iPodService.exe" -- [501048] -- [07/10/2007 11:18 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IPSSVC]
-- File: %SystemRoot%\system32\IPSSVC.EXE -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\irda]
-- File: system32\DRIVERS\irda.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\isapnp]
-- File: system32\DRIVERS\isapnp.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\JavaQuickStarterService]
-- File: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\McciCMService]
-- File: "C:\Program Files\Common Files\Motive\McciCMService.exe" -- [303104] -- [09/19/2008 10:28 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MREMP50]
-- File: \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MREMP50a64]
-- File: \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MREMPR5]
-- File: \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MRESP50]
-- File: \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MRESP50a64]
-- File: \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NetTcpPortSharing]
-- File: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windo ws Communication Foundation\SMSvcHost.exe" -- [132096] -- [07/29/2008 07:16 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\NETw3x32]
-- File: system32\DRIVERS\NETw3x32.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\odserv]
-- File: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" -- [441712] -- [11/04/2008 01:06 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ose]
-- File: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" -- [145184] -- [10/26/2006 04:03 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\pmem]
-- File: \??\C:\WINDOWS\System32\drivers\pmemnt.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\PROCDD]
-- File: system32\DRIVERS\PROCDD.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\psadd]
-- File: \??\C:\WINDOWS\system32\Drivers\psadd.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RavCCenter]
-- File: C:\Program Files\Rising\Rav\CCENTER.EXE -- [113264] -- [05/05/2009 09:02 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RavTask]
-- File: "C:\Program Files\Rising\Rav\RavTask.exe" RavTask -- [X]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\RsNTGDI]
-- File: system32\Drivers\RsNTGdi.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ShockMgr]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Shockprf]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Smapint]
-- File: System32\drivers\Smapint.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\smi2]
-- File: \??\C:\Program Files\SMI2\smi2.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SSHNAS]
-- File: %SystemRoot%\system32\svchost.exe -k netsvcs -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SUService]
-- File: c:\program files\lenovo\system update\suservice.exe -- [15872] -- [11/17/2006 03:07 AM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\swwd]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TDSMAPI]
-- File: System32\drivers\TDSMAPI.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TPHDEXLGSVC]
-- File: System32\TPHDEXLG.EXE -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TPHKDRV]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TpKmpSVC]
-- File: C:\WINDOWS\system32\TpKmpSVC.exe -- [32768] -- [06/06/2005 11:26 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TPPWRIF]
-- File: System32\drivers\Tppwrif.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TSMAPIP]
-- File: System32\drivers\TSMAPIP.SYS -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TSSCoreService]
-- File: "C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe" -- [723712] -- [07/14/2006 07:42 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TVT Backup Service]
-- File: "C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe" -- [1974272] -- [07/14/2006 08:01 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tvtfilter]
-- File: \??\C:\WINDOWS\system32\drivers\tvtfilter.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\tvtnetwk]
-- File: C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- [45056] -- [07/14/2006 05:52 PM]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\TVTPktFilter]
-- File: system32\DRIVERS\tvtpktfilter.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\ultra]
-- File: \SystemRoot\system32\DRIVERS\ultra.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\upnphost]
-- File: %SystemRoot%\system32\svchost.exe -k LocalService -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usb]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbehci]
-- File: system32\DRIVERS\usbehci.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbhub]
-- File: system32\DRIVERS\usbhub.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbprint]
-- File: system32\DRIVERS\usbprint.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\usbuhci]
-- File: system32\DRIVERS\usbuhci.sys -- [?]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\vxd]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{A7A6CAD0-ABFF-4986-A053-F683C497C51C}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{C27949A9-0107-4BBC-A7A4-D7EB98BFCA22}]
-- filepath not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\{C905D492-6277-4405-8ED4-1B2035B6FEF2}]
-- filepath not found

--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal
{533C5B84-EC70-11D2-9505-00C04F79DEAF}

--- SAFEBOOT Network SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Network
DnsCache

--- BOOTEXECUTE regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager]
"BootExecute"= autocheck autochk *\0 bsmain\0\0\0

--- PENDINGFILERENAMEOPERATIONS regkey ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Session Manager]
PendingFileRenameOperations key not found

--- WOW-CMDLINE regkeys ---

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\WOW]
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"cmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386

--- NETSVCS regkey ---

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] -- NETSVCS
0WmdmPmSN
0SSHNAS

--- DNS SERVER regkeys ---

no "NameServer" values found

--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)

--- STARTUP FOLDERS ---

C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Start Menu\Programs\Startup\desktop.ini -- [84] -- [04/30/2006 02:13 AM]
C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Start Menu\Programs\Startup\MEMonitor.lnk -- [748] -- [05/14/2008 09:43 AM]
C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -- [954] -- [04/30/2009 07:19 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -- [1764] -- [03/14/2009 01:34 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini -- [84] -- [04/30/2006 02:13 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -- [493] -- [04/20/2008 06:19 PM]
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini -- [84] -- [04/30/2006 02:13 AM]
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini -- [84] -- [04/30/2006 02:13 AM]

--- TASK SCHEDULER JOBS ---

C:\WINDOWS\tasks\PMTask.job -- [316] -- [12/03/2009 03:00 PM]
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job -- [254] -- [12/03/2009 02:59 PM]
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job -- [306] -- [12/03/2009 02:59 PM]

Scan completed: Thu 12/03/2009 15:03:26.03
FINISHED

schrauber · #8 December 7th, 2009, 08:44 PM

Hello, lana1016
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

Sorry for the delay

.

Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror
This version will download a randomly named file (Recommended)
Zipped Mirror
This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Exit GMER and re-enable all active protection when done.

lana1016 · #9 December 7th, 2009, 09:52 PM

Hello Tom. It's been a rough week w/o my laptop. Thanks for trying to help me. Now, I need you to know

1. I can not get online at all. Something is blocking all the websites I try to go to by saying the website is infected. So I'm using my good old desktop and a flash drive to download GMER into my laptop.

2. I'm doing everything under Safe mode. I can not do anything under normal setting with my laptop.

3. Did you want me to check the boxes for "Hide file extensions for known file types" and "Hide protected operating system files (recommended) option"? or keep it as unchecked until further notice?

4. GMER is causing error after few minutes of scanning. My monitor turned into blue screen w/ error message and now rebooting. hmm what now?

schrauber · #10 December 7th, 2009, 10:04 PM

Note:

Please press the shift-button when you plug in your flash drive and also download this one and let it run:

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

RootRepeal - Rootkit Detector

Download RootRepeal.zip and unzip it to your Desktop.

Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Clickthe Scan button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

lana1016 · #11 December 7th, 2009, 10:41 PM

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/12/07 16:28
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys
Address: 0xBA326000 Size: 876544 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9A38000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

schrauber · #12 December 8th, 2009, 07:02 PM

Hi,

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
Push the Quick Scan button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized

lana1016 · #13 December 8th, 2009, 11:05 PM

OTL logfile created on: 12/8/2009 4:55:56 PM - Run 4
OTL by OldTimer - Version 3.1.11.9 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 75.11% Memory free
3.85 Gb Paging File | 3.47 Gb Available in Paging File | 90.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.62 Gb Total Space | 15.45 Gb Free Space | 17.43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.42% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-CAB4B98B
Current User Name: Default User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/08 16:40:50 | 00,536,576 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2009/08/11 10:09:33 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
PRC - [2009/04/17 02:35:18 | 00,408,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/02/20 14:22:34 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/02/17 23:14:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/09/19 10:28:49 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/10 11:18:20 | 00,270,648 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/07/10 11:18:14 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/07/09 20:46:50 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/11/17 03:07:00 | 00,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/09/12 18:43:10 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006/08/16 12:07:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/08/16 12:07:00 | 00,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/08/02 02:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 02:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 02:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/07/24 20:19:40 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/07/14 20:13:14 | 02,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006/07/14 20:05:32 | 00,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006/07/14 20:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006/07/14 20:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/07/14 19:42:22 | 00,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/07/14 19:36:00 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/14 19:24:52 | 00,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/14 17:52:48 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/07/04 11:11:00 | 00,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2006/05/30 01:05:42 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2006/03/15 21:04:48 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2006/02/23 12:22:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/02/14 00:17:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/14 00:16:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/02/02 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006/01/02 19:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/11/29 18:19:00 | 00,057,344 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
PRC - [2005/11/10 11:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/07/05 00:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/07/03 02:20:48 | 00,372,736 | ---- | M] (Samsung Electronics.) -- C:\WINDOWS\Samsung\ComSMMgr\SSMMgr.exe
PRC - [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/06/06 23:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2005/05/19 19:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
PRC - [2003/10/29 05:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2009/12/08 16:40:50 | 00,536,576 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2006/08/16 12:07:00 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\PROCHLP.DLL
MOD - [2006/02/14 00:17:12 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (WMPNetworkSvc)
SRV - File not found -- -- (RavTask)
SRV - File not found -- -- (RavCCenter)
SRV - [2009/12/03 14:18:33 | 00,226,304 | ---- | M] () -- C:\WINDOWS\system32\sshnas.dll -- (SSHNAS)
SRV - [2009/08/11 10:09:33 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/06/30 03:14:23 | 00,051,824 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\ScanFrm.exe -- (RsScanSrv)
SRV - [2009/05/12 03:39:10 | 00,133,744 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files\Rising\Rav\RavMonD.exe -- (RsRavMon)
SRV - [2009/02/17 23:14:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/19 10:28:49 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)
SRV - [2007/07/10 11:18:14 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/07/09 20:46:50 | 00,106,496 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006/11/17 03:07:00 | 00,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/11/16 18:14:14 | 00,023,552 | ---- | M] () -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/12 18:43:10 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006/08/16 12:07:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/08/02 02:39:20 | 00,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2006/08/02 02:31:22 | 00,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2006/08/02 02:24:22 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2006/07/14 20:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006/07/14 20:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006/07/14 19:42:22 | 00,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006/07/14 19:24:52 | 00,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 17:52:48 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/11/10 11:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2005/06/06 23:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 1

O1 HOSTS File: (698 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\s wg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [glwpkwiw] C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\cktnpc\jotxsysguard.exe (PAlOxMZ)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RavTray] C:\Program Files\Rising\Rav\RsTray.exe File not found
O4 - HKLM..\Run: [Samsung Common SM] C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe (Samsung Electronics.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [glwpkwiw] C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\cktnpc\jotxsysguard.exe (PAlOxMZ)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Start Menu\Programs\Startup\MEMonitor.lnk = C:\Program Files\Sprint music manager\MEMonitor.exe (Smith Micro Software, Inc.)
O4 - Startup: C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0

lana1016 · #14 December 8th, 2009, 11:08 PM

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1208730132683 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} https://esource.ohiohealth.com/,Dana...OM11+dwa8W.cab (Domino Web Access 8 Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://esource.ohiohealth.com/dana-...erSetupSP1.cab (JuniperSetupSP1 Control)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/07 16:18:20 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bsmain) - C:\WINDOWS\System32\bsmain.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/04/29 19:12:49 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17173422438088704)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/03 16:54:19 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/03 15:12:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/12/03 15:11:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/03 15:11:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/03 15:11:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/03 15:11:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/03 15:11:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/03 14:18:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\cktnpc
[2009/07/02 18:00:16 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/08 16:41:32 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/08 16:41:26 | 00,009,970 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2009/12/08 16:41:24 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009/12/08 16:41:22 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/08 16:41:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/08 16:41:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/08 16:41:11 | 21,458,32960 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/07 19:53:46 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\NTUSER.DAT
[2009/12/07 19:53:46 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\ntuser.ini
[2009/12/07 19:53:44 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\IconCache.db
[2009/12/04 10:22:54 | 00,525,770 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/04 10:22:54 | 00,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/04 10:22:54 | 00,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/04 10:18:24 | 00,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/03 15:12:10 | 00,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/03 15:05:07 | 00,001,645 | ---- | M] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Desktop\HijackThis.lnk
[2009/12/03 14:34:23 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Desktop\CCleaner.lnk
[2009/12/03 14:18:33 | 00,226,304 | ---- | M] () -- C:\WINDOWS\System32\sshnas.dll
[2009/12/03 14:08:18 | 00,000,160 | ---- | M] () -- C:\WINDOWS\System32\BsMain.ini
[2009/12/03 14:08:15 | 00,000,504 | ---- | M] () -- C:\WINDOWS\Rav.inf
[2009/12/02 17:52:06 | 00,090,352 | ---- | M] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/02 15:32:33 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/29 08:35:16 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\My Documents\Account Info.docx
[2009/11/25 15:49:17 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[45 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/08 16:41:11 | 21,458,32960 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/03 15:11:28 | 00,229,376 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/03 15:11:28 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/03 15:11:28 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/03 15:11:28 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/03 14:34:23 | 00,001,555 | ---- | C] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Desktop\CCleaner.lnk
[2009/12/03 14:18:33 | 00,226,304 | ---- | C] () -- C:\WINDOWS\System32\sshnas.dll
[2009/05/05 21:07:34 | 00,000,160 | ---- | C] () -- C:\WINDOWS\System32\BsMain.ini
[2009/05/05 21:07:01 | 00,000,025 | ---- | C] () -- C:\WINDOWS\Rav.ini
[2009/04/28 13:59:26 | 00,003,972 | ---- | C] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\B03F2E28-F161-492E-88C5-95D351A88705.txt
[2008/12/13 00:31:56 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\$_hpcst$.hpc
[2008/10/23 13:57:31 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/04/23 22:35:30 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/04/23 22:35:28 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/04/23 22:35:28 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/23 22:35:27 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/04/23 22:35:27 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/23 17:46:02 | 00,100,864 | ---- | C] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/21 22:01:34 | 00,000,335 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2008/04/20 18:47:17 | 00,000,151 | ---- | C] () -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Local Settings\Application Data\fusioncache.dat
[2008/04/20 18:40:30 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/04/20 18:27:11 | 00,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/20 18:25:39 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/04/20 18:25:39 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/04/20 18:25:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/04/20 18:25:39 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/04/20 18:25:39 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/04/20 18:25:38 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/04/20 18:18:22 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2008/04/20 18:17:59 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/04/20 18:16:43 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/04/20 18:16:28 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/04/20 18:16:14 | 00,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/08/17 03:00:13 | 00,009,970 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/08/17 03:00:09 | 00,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI
[2006/08/02 20:27:54 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/08/02 20:27:52 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/06/14 11:26:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini

========== LOP Check ==========

[2009/12/04 10:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/05/05 21:07:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2009/02/17 22:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/02/17 22:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/12/03 20:45:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\ATTToolbar
[2009/04/18 09:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\CiscoCAA
[2009/12/04 09:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\gtk-2.0
[2009/12/04 04:18:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\InterVideo
[2009/08/11 14:04:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\Juniper Networks
[2008/05/02 03:15:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\Leadertech
[2009/12/04 10:17:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\Lenovo
[2009/12/04 10:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\LimeWire
[2008/04/29 23:28:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\OLYMPUS
[2009/12/04 04:27:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\ShoppingReport
[2009/12/04 04:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\Smith Micro
[2009/12/04 04:27:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\Snapfish
[2009/12/04 04:29:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\ThinkVantage
[2009/12/04 09:45:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User.LENOVO-CAB4B98B\Application Data\uTorrent
[2009/12/08 16:41:24 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

lana1016 · #15 December 8th, 2009, 11:08 PM

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2009/05/05 19:04:44 | 00,050,688 | ---- | M] (Atribune.org) -- C:\ATF-Cleaner.exe
[2009/08/28 01:04:32 | 03,185,522 | R--- | M] () -- C:\ComboFix.exe
[2009/05/04 19:42:10 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\mbam-setup.exe
[2009/05/05 21:02:29 | 64,540,044 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\RavINTFree.exe
[2008/12/20 17:00:32 | 00,446,464 | ---- | M] ( ) -- C:\RootRepeal.exe

< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/11 22:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\drivers\other\iastor.sys
[2005/10/11 22:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2005/10/11 19:07:12 | 00,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: LOGEVENT.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\logevent.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
Heavily Infected	Wyvern0013	Malware Removal	31	May 26th, 2009 08:34 PM
Heavily Infected With Virus!! Spyware, Adware, Trojan, Etc.	lana1016	Malware Removal	29	May 6th, 2009 02:17 AM
Heavily infected with malware + spyware. PLEASE HELP	blueray	Malware Removal	15	September 21st, 2008 03:49 PM
my laptop was infected by virus	jayson051120	Malware Removal	1	April 8th, 2008 04:35 AM
laptop infected by Brontok Virus!!	Xiah23	Windows XP	2	July 4th, 2007 02:45 PM