| View previous topic :: View next topic |
| Author |
Message |
erichodge
Joined: 12 Nov 2008
Posts: 11
|
 Posted: Wed Nov 12, 2008 9:12 pm Post subject: TDS Rootkit Virus |
 |
|
I've tried everything to get this thing removed... but at this point, it won't even let me install certain software that is being recommended.
here is my hijack this report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:53 PM, on 11/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\sysservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcFnF5.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcFnF5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O2 - BHO: Rmn plugin - {E8FD36B2-A25B-47e3-9477-82557F5F5995} - savec32.dll (file missing)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWS\system32\sysservice.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O10 - Unknown file in Winsock LSP: adtsh.dll
O10 - Unknown file in Winsock LSP: adtsh.dll
O10 - Unknown file in Winsock LSP: adtsh.dll
O10 - Unknown file in Winsock LSP: adtsh.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: iLO Remote Console Applet - https://naviws6lo/dvc.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219945289875
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://qc9.be.tmme.com/qcbin/Spider90.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://idiom.webex.com/client/T23L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.sdl.corp
O17 - HKLM\Software\..\Telephony: DomainName = global.sdl.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = global.sdl.corp
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = global.sdl.corp
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = global.sdl.corp
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: ccnotify - C:\WINDOWS\SYSTEM32\ccnotify.dll
O20 - Winlogon Notify: tqcflj - C:\WINDOWS\SYSTEM32\tqcflj.dll
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Aventail\Connect\as32svc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\WINDOWS\system32\emaudsv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: psyche - Unknown owner - C:\WINDOWS\System32\psyche.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 15560 bytes
any help is MUCH MUCH MUCH appreciated.
thank you and best regards,
eric
|
|
| Back to top |
|
 |
|
|
erichodge
Joined: 12 Nov 2008
Posts: 11
|
| Posted: Wed Nov 12, 2008 10:46 pm Post subject: |
|
|
i had a friend send me the dr web launch.exe... it found the TDS kit and supposedly removed it. i am doing a complete scan now.
i am not convinced i am in the clear, but at least there is progress.
|
|
| Back to top |
|
|
patrik
Site Admin
Joined: 08 Jan 2006
Posts: 1865
|
| Posted: Wed Nov 12, 2008 10:48 pm Post subject: |
|
|
Hello erichodge, welcome to the Myantispyware forum!
| Quote: | | i am not convinced i am in the clear, but at least there is progress. |
Ok, post a fresh HijackThis log, when you finished.
_________________
Free Antispyware: HijackThis, SmitfraudFix, ComboFix, Super Antispyware, Malwarebytes Anti-malware
Instructions: Show hidden files, Reboot in Safe Mode |
|
| Back to top |
|
|
|
|
erichodge
Joined: 12 Nov 2008
Posts: 11
|
| Posted: Wed Nov 12, 2008 10:52 pm Post subject: |
|
|
hi patrik... thank goodness for this site! where is the donate link?
anyway, the scan is taking quite some time, but i will be certain to post a new hijack this log once its done.
cheers and thanks for you help.
|
|
| Back to top |
|
|
patrik
Site Admin
Joined: 08 Jan 2006
Posts: 1865
|
|
| Back to top |
|
|
erichodge
Joined: 12 Nov 2008
Posts: 11
|
| Posted: Thu Nov 13, 2008 5:36 pm Post subject: |
|
|
here is the latest hijack log. things are running much more smoothly now:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:08 PM, on 13-Nov-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Aventail\Connect\as32svc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\locator.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\doubleTwist\doubleTwist.exe
C:\Program Files\doubleTwist\Transcoder.Server.exe
C:\cygwin\usr\X11R6\bin\XWin.exe
C:\Aventail\Connect\as32.exe
C:\cygwin\bin\xterm.exe
C:\cygwin\bin\bash.exe
C:\cygwin\bin\ssh.exe
C:\Program Files\JetBrains\IntelliJ IDEA 6.0\bin\idea.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Temp\eef516eb-69a9-428c-bece-5fbdc8ba3abb\lm.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Temp\afb06f88-80f0-4fa6-b8cd-75ba78526e9c\lm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Temp\4f07bebd-00a6-4c28-b0ec-2070cd060808\lm.exe
C:\Documents and Settings\hodgee.HODGEEXPT61\Local Settings\Temp\94b86f58-ff1a-4cf3-9f3e-fe7014b57a00\lm.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O2 - BHO: Rmn plugin - {E8FD36B2-A25B-47e3-9477-82557F5F5995} - savec32.dll (file missing)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [AMSG] C:\PROGRA~1\THINKV~1\AMSG\Amsg.exe /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E-MU USB Audio Control Panel] "C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.4.24.0\gears.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O9 - Extra 'Tools' menuitem: Start WebEx One-Click Meeting - {80947ADC-151D-490B-87F1-7C8CE1B46220} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (HKCU)
O10 - Unknown file in Winsock LSP: adtsh.dll
O10 - Unknown file in Winsock LSP: adtsh.dll
O10 - Unknown file in Winsock LSP: adtsh.dll
O10 - Unknown file in Winsock LSP: adtsh.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkpad
O16 - DPF: iLO Remote Console Applet - https://naviws6lo/dvc.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219945289875
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {98C53984-8BF8-4D11-9B1C-C324FCA9CADE} (Loader Class v3) - http://qc9.be.tmme.com/qcbin/Spider90.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://idiom.webex.com/client/T23L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = global.sdl.corp
O17 - HKLM\Software\..\Telephony: DomainName = global.sdl.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = global.sdl.corp
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = global.sdl.corp
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = global.sdl.corp
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: ccnotify - C:\WINDOWS\SYSTEM32\ccnotify.dll
O20 - Winlogon Notify: tqcflj - C:\WINDOWS\
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Aventail Connect (As32Svc) - Aventail Corporation - C:\Aventail\Connect\as32svc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: E-MU Audio Service (emaudsv) - E-MU Systems - C:\WINDOWS\system32\emaudsv.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 17391 bytes
is there anything still there that needs fixing?
|
|
| Back to top |
|
|
|
|
patrik
Site Admin
Joined: 08 Jan 2006
Posts: 1865
|
|
| Back to top |
|
|
erichodge
Joined: 12 Nov 2008
Posts: 11
|
| Posted: Thu Nov 13, 2008 6:37 pm Post subject: |
|
|
here is the combofix report:
ComboFix 08-11-12.01 - hodgee 2008-11-13 12:53:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.814 [GMT -5:00]
Running from: c:\documents and settings\hodgee.HODGEEXPT61\My Documents\Downloads\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
c:\program files\Spyware Doctor\smumhook.dll
c:\program files\Spyware Doctor\klg.dat
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\beep.sys
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\LocalService\Application Data\1178288819.exe
C:\install.exe
c:\windows\dcstds3.dll
c:\windows\system32\1BB70C39C9.dll
c:\windows\system32\alog.txt
c:\windows\system32\av.dat
c:\windows\system32\B.tmp
c:\windows\system32\bb1.dat
c:\windows\system32\CbEvtSvc.exe
c:\windows\system32\cmds.txt
c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\windows\system32\cs.dat
c:\windows\system32\drivers\beep.sys
c:\windows\system32\ps1.dat
c:\windows\system32\rc.dat
c:\windows\system32\rs32net.exe
c:\windows\system32\sysservice.dll
c:\windows\system32\sysservice2.exe
c:\windows\system32\tb.dr
c:\windows\system32\TDSSblat.dat
c:\windows\system32\TDSSkfrm.dll
c:\windows\system32\TDSSoctl.dll
c:\windows\system32\TDSSofxh.log
c:\windows\system32\TDSSoppb.dll
c:\windows\system32\TDSSurev.dll
c:\windows\system32\TDSSxnyq.dll
c:\windows\system32\tqcflj32.dll
----- BITS: Possible infected sites -----
hxxp://bosdc1.global.sdl.corp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_Psyche
-------\Legacy_CBEVTSVC
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_RESTORE
-------\Legacy_TDSSSERV.SYS
-------\Service_CbEvtSvc
-------\Service_ICF
-------\Service_restore
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_RESTORE
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((( Files Created from 2008-10-13 to 2008-11-13 )))))))))))))))))))))))))))))))
.
2008-11-13 11:33 . 2008-11-13 11:33 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Windows Search
2008-11-12 21:09 . 2008-11-12 21:09 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Windows Desktop Search
2008-11-12 21:08 . 2008-11-12 21:08 <DIR> d-------- c:\program files\Windows Desktop Search
2008-11-12 21:07 . 2008-03-07 12:02 192,000 --------- c:\windows\system32\dllcache\offfilt.dll
2008-11-12 21:07 . 2008-03-07 12:02 98,304 --------- c:\windows\system32\dllcache\nlhtml.dll
2008-11-12 21:07 . 2008-03-07 12:02 29,696 --------- c:\windows\system32\dllcache\mimefilt.dll
2008-11-12 19:22 . 2008-11-12 19:22 250 --a------ c:\windows\gmer.ini
2008-11-12 19:16 . 2008-11-12 19:16 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Malwarebytes
2008-11-12 19:16 . 2008-11-12 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-12 19:14 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 19:13 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 19:13 . 2008-11-12 21:08 1,393 --a------ c:\windows\imsins.BAK
2008-11-12 16:46 . 2008-11-12 17:12 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\DoctorWeb
2008-11-12 15:48 . 2008-11-12 15:48 <DIR> d-------- c:\program files\Sophos
2008-11-12 14:26 . 2008-11-12 14:26 10,752 --a------ c:\windows\system32\adtsh.dll
2008-11-12 14:25 . 2008-11-12 19:55 4,194,322 --a------ c:\windows\pfirewall.log.old
2008-11-12 05:44 . 2008-11-12 05:44 49,152 --a------ c:\windows\system32\savec32.dll
2008-11-12 04:23 . 2008-11-12 20:41 <DIR> d-------- c:\program files\TDS3
2008-11-12 04:06 . 2008-11-12 04:06 0 --a------ c:\windows\system32\GS
2008-11-12 03:05 . 2008-11-12 18:57 5,760 --a------ c:\windows\system32\drivers\restore.sys
2008-11-12 02:03 . 2008-11-13 13:00 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-12 02:03 . 2008-11-12 02:03 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\PC Tools
2008-11-12 02:03 . 2008-11-12 02:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2008-11-12 02:03 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2008-11-12 02:03 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2008-11-12 02:03 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2008-11-12 02:03 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2008-11-12 00:43 . 2008-11-12 02:03 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-11-12 00:43 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2008-11-11 23:02 . 2008-11-11 23:02 133,120 --a------ C:\ubspwss.exe
2008-11-11 23:02 . 2008-11-11 23:02 20,480 --a------ C:\kagy.exe
2008-11-11 23:02 . 2008-11-11 23:02 7,680 --a------ C:\myswfvrf.exe
2008-11-11 22:18 . 2008-11-11 22:18 133,120 --a------ C:\uegfjva.exe
2008-11-11 22:18 . 2008-11-11 23:02 77,950 --a------ C:\jdgqvv.exe
2008-11-11 22:18 . 2008-11-11 22:18 77,950 --a------ C:\beasa.exe
2008-11-11 22:18 . 2008-11-12 19:02 32,512 --a------ c:\windows\system32\drivers\ati6ahxx.sys
2008-11-11 22:18 . 2008-11-11 22:18 20,480 --a------ C:\xvywri.exe
2008-11-11 22:18 . 2008-11-11 23:02 10,000 --a------ c:\windows\system32\jsne87fidgf.dll
2008-11-11 22:18 . 2008-11-11 22:18 9,216 --a------ c:\documents and settings\hodgee.HODGEEXPT61\lsb.exe
2008-11-11 22:18 . 2008-11-11 22:18 7,680 --a------ C:\tbqsbyy.exe
2008-11-11 22:18 . 2008-11-11 22:18 2 --a------ C:\-2134341266
2008-11-11 22:18 . 2008-11-11 23:36 0 --a------ c:\windows\system32\drivers\21f7a270.sys
2008-11-10 17:33 . 2008-11-10 17:33 <DIR> d-------- c:\program files\Pro Imaging Powertoys
2008-11-10 17:04 . 2008-11-10 17:04 <DIR> d-------- c:\program files\Haali
2008-11-10 17:04 . 2008-11-10 17:04 <DIR> d-------- c:\program files\ffdshow
2008-11-10 17:04 . 2007-11-29 12:52 60,273 --a------ c:\windows\system32\pthreadGC2.dll
2008-11-10 17:04 . 2007-12-03 16:34 7,680 --a------ c:\windows\system32\ff_vfw.dll
2008-11-10 17:04 . 2007-11-29 12:52 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2008-11-10 17:03 . 2008-11-10 17:04 <DIR> d-------- c:\program files\doubleTwist
2008-11-10 17:03 . 2008-11-10 17:03 563,712 --a------ c:\windows\system32\Redemption.dll
2008-11-10 16:45 . 2008-11-10 16:45 <DIR> d-------- c:\program files\XSLTool
2008-11-10 15:23 . 2008-11-10 15:23 <DIR> d-------- c:\windows\system32\(null)
2008-11-10 14:53 . 2008-11-10 14:53 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-09 01:35 . 2008-11-09 01:35 <DIR> d-------- c:\program files\AIM Productions
2008-11-09 01:18 . 2008-11-09 01:24 <DIR> d-------- C:\DOOMS
2008-11-08 16:37 . 2008-11-08 16:40 <DIR> d-------- c:\program files\Winamp
2008-11-08 16:37 . 2008-11-08 16:51 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Winamp
2008-11-08 15:34 . 2008-11-08 15:35 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\BonkEnc
2008-11-08 15:25 . 2008-11-08 15:25 <DIR> d-------- c:\program files\BonkEnc
2008-11-07 16:00 . 2008-11-07 16:00 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Sprite Software
2008-11-07 15:59 . 2008-11-07 15:59 <DIR> d-------- c:\program files\Sprite Software
2008-11-04 19:28 . 2008-04-14 04:41 81,920 --a------ c:\windows\system32\ieencode.dll
2008-11-03 15:59 . 2008-11-03 15:59 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\eMusic
2008-11-03 15:05 . 2008-11-03 15:05 <DIR> d-------- c:\program files\LSoft Technologies
2008-11-03 13:38 . 2008-11-03 14:30 26 --a------ c:\windows\ATICIM.MIF
2008-11-03 13:23 . 2008-11-03 13:23 <DIR> d-------- C:\ATI
2008-11-03 12:45 . 2008-11-03 12:47 <DIR> d-------- C:\CPM
2008-11-03 12:36 . 2008-11-03 12:39 <DIR> d-------- c:\temp\util
2008-11-03 11:51 . 2008-11-03 11:51 <DIR> d-------- c:\program files\Windows Mobile Feb. 2008 DST Updates
2008-11-03 11:36 . 2008-11-03 11:36 <DIR> d-------- c:\program files\PTDD Group
2008-11-03 09:57 . 2008-11-04 23:37 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-03 09:33 . 2008-11-03 09:33 258 --a------ c:\documents and settings\hodgee.HODGEEXPT61\test.bat
2008-10-31 10:36 . 2008-11-01 19:55 <DIR> d-------- C:\TempKai
2008-10-30 15:44 . 2008-10-30 15:44 <DIR> d-------- C:\VundoFix Backups
2008-10-30 15:41 . 2008-10-30 15:41 <DIR> d-------- c:\program files\Trend Micro
2008-10-29 13:18 . 2008-10-29 14:00 <DIR> d-------- C:\logs
2008-10-28 22:12 . 2008-10-28 22:12 <DIR> d-------- C:\dtd
2008-10-28 15:43 . 2008-10-29 09:20 <DIR> d-------- c:\windows\SxsCaPendDel
2008-10-28 15:43 . 2008-10-28 15:43 <DIR> d-------- c:\program files\TortoiseSVN
2008-10-28 15:43 . 2008-10-28 15:43 <DIR> d-------- c:\program files\Common Files\TortoiseOverlays
2008-10-26 00:41 . 2006-11-30 14:49 368,640 --a------ c:\windows\system32\ReWire.dll
2008-10-25 18:54 . 2008-11-11 06:40 233,472 --a------ c:\windows\system32\REX Shared Library.dll
2008-10-24 10:13 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-24 10:13 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-24 10:13 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-24 10:13 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-24 10:13 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-24 10:13 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-24 10:13 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-23 22:32 . 2008-11-12 21:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\WholeSecurity
2008-10-23 14:32 . 2008-10-23 14:32 <DIR> d-------- c:\program files\PayPal
2008-10-22 17:26 . 2008-10-22 17:26 <DIR> d-------- C:\data
2008-10-22 12:43 . 2008-10-22 12:45 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\TortoiseSVN
2008-10-22 12:42 . 2008-10-22 12:42 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Subversion
2008-10-21 16:22 . 2008-10-21 16:22 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-10-17 12:22 . 2008-10-17 12:22 <DIR> d-------- c:\program files\SDL International
2008-10-16 19:23 . 2008-10-16 19:23 <DIR> d-------- c:\program files\Digidesign
2008-10-16 19:23 . 2008-10-16 19:23 <DIR> d-------- c:\program files\Arturia
2008-10-16 19:23 . 2004-03-17 18:54 163,840 --a------ c:\windows\system32\ArtFfct.dll
2008-10-16 18:47 . 2008-10-16 18:47 <DIR> d-------- c:\program files\MainConcept
2008-10-16 13:04 . 2008-10-16 13:04 <DIR> d-------- c:\program files\CoreCodec
2008-10-16 09:50 . 2008-10-16 09:50 <DIR> d-------- c:\documents and settings\hodgee.HODGEEXPT61\Application Data\VidaOne
2008-10-16 09:49 . 2008-10-16 09:49 <DIR> d-------- c:\program files\VidaOne
2008-10-15 20:57 . 2008-10-15 20:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-14 11:43 . 2008-10-14 12:34 <DIR> d-------- c:\program files\DNA
2008-10-13 15:17 . 2008-10-13 15:17 <DIR> d-------- c:\program files\iTunes
2008-10-13 15:17 . 2008-10-13 15:17 <DIR> d-------- c:\program files\iPod
2008-10-13 15:17 . 2008-10-13 15:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-13 14:30 . 2008-10-22 16:57 <DIR> d-------- c:\program files\NOS
2008-10-13 14:30 . 2008-10-22 16:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-13 18:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-13 18:01 --------- d-----w c:\program files\Symantec AntiVirus
2008-11-13 17:57 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\.purple
2008-11-13 15:40 --------- d-----w c:\program files\Radmin Viewer 3.0
2008-11-12 19:03 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Auslogics
2008-11-12 07:07 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-12 07:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-12 05:27 --------- d-----w c:\program files\Norton Security Scan
2008-11-12 05:27 --------- d-----w c:\program files\Google
2008-11-11 11:40 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\FXpansion
2008-11-10 20:09 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Lenovo
2008-11-10 20:04 --------- d-----w c:\program files\Lenovo
2008-11-10 20:04 --------- d-----w c:\program files\Common Files\Lenovo
2008-11-10 20:04 --------- d-----w c:\documents and settings\hodgee\Application Data\Lenovo
2008-11-10 20:04 --------- d-----w c:\documents and settings\ehodge\Application Data\Lenovo
2008-11-10 20:04 --------- d-----w c:\documents and settings\clearcase\Application Data\Lenovo
2008-11-10 20:04 --------- d-----w c:\documents and settings\Administrator\Application Data\Lenovo
2008-11-10 20:04 --------- d-----w c:\documents and settings\admin002\Application Data\Lenovo
2008-11-10 20:03 23,552 ----a-w c:\windows\system32\drivers\psasrv.exe
2008-11-10 20:03 17,536 ----a-w c:\windows\system32\drivers\psadd.sys
2008-11-10 20:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lenovo
2008-11-07 20:59 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 20:59 --------- d-----w c:\program files\eMusic Download Manager
2008-11-03 16:48 --------- d-----w c:\program files\MSECache
2008-11-03 01:03 --------- d-----w c:\program files\Microsoft ActiveSync
2008-10-31 17:54 --------- d-----w c:\program files\Binaryfish
2008-10-26 22:26 --------- d-----w c:\program files\Common Files\Adobe
2008-10-26 05:59 --------- d-----w c:\program files\Cakewalk
2008-10-26 05:59 --------- d-----w c:\documents and settings\All Users\Application Data\Cakewalk
2008-10-24 17:51 --------- d-----w c:\program files\Resco
2008-10-24 15:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 15:15 --------- d-----w c:\program files\Microsoft SQL Server
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 19:49 --------- d-----w c:\program files\Native Instruments
2008-10-23 19:49 --------- d-----w c:\program files\Common Files\Native Instruments
2008-10-13 15:29 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\webex
2008-10-10 22:48 --------- d-----w c:\program files\Chartcross
2008-10-09 23:55 --------- d-----w c:\program files\Microsoft.NET
2008-10-09 04:09 --------- d-----w c:\program files\Palm Digital Media
2008-10-08 20:56 --------- d-----w c:\program files\Sun Microsystems
2008-10-08 17:45 --------- d-----w c:\program files\Logic Foundry
2008-10-06 14:22 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-10-04 02:00 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Cakewalk
2008-10-03 01:42 --------- d-----w c:\program files\UltraISO
2008-10-02 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-10-02 15:06 --------- d-----w c:\program files\The Weather Channel FW
2008-10-01 17:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys
2008-09-30 21:24 --------- d-----w c:\program files\MASPware
2008-09-28 22:43 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Audacity
2008-09-27 01:55 --------- d-----w c:\program files\GNU Solfege
2008-09-27 01:41 --------- d-----w c:\program files\Audacity 1.3 Beta (Unicode)
2008-09-27 01:28 --------- d-----w c:\program files\Creative Professional
2008-09-27 00:08 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\GNU Solfege
2008-09-26 19:26 --------- d-----w c:\program files\Sonic Icons for Lenovo
2008-09-26 19:26 --------- d-----w c:\program files\Sonic
2008-09-26 19:26 --------- d-----w c:\program files\Multimedia Center for Think Offerings
2008-09-26 19:26 --------- d-----w c:\program files\Common Files\SureThing Shared
2008-09-26 19:26 --------- d-----w c:\program files\Common Files\Installshield
2008-09-26 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-09-25 18:50 --------- d-----w c:\program files\Digital Guitar Tuner 2.3
2008-09-25 05:47 4,442 ------w c:\windows\system32\drivers\TPPWRIF.SYS
2008-09-25 05:47 16,384 ------w c:\windows\PWMBTHLP.EXE
2008-09-24 21:30 --------- d-----w c:\program files\Picasa2
2008-09-21 23:50 720,088 ----a-w c:\windows\qfe1D.tmp
2008-09-17 23:30 --------- d-----w c:\documents and settings\All Users\Application Data\AT&T
2008-09-17 00:19 --------- d-----w c:\documents and settings\All Users\Application Data\Protexis
2008-09-16 21:22 --------- d-----w c:\documents and settings\NetworkService\Application Data\Bytemobile
2008-09-16 20:28 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\AT&T
2008-09-16 20:19 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\DBUpdater
2008-09-16 20:19 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Bytemobile
2008-09-16 20:16 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\Sierra Wireless
2008-09-16 20:15 --------- d-----w c:\program files\Sierra Wireless Inc
2008-09-16 20:15 --------- d-----w c:\program files\Option
2008-09-16 20:14 --------- d-----w c:\program files\Common Files\Motorola Shared
2008-09-16 18:46 --------- d-----w c:\program files\SDCC
2008-09-16 18:04 --------- d-----w c:\documents and settings\hodgee.HODGEEXPT61\Application Data\gtk-2.0
2008-09-16 16:33 --------- d-----w c:\program files\JetBrains
2008-09-16 02:42 --------- d-----w c:\program files\Access Music
2008-09-14 22:51 --------- d-----w c:\program files\NCH Swift Sound
2008-06-17 15:28 88 --sha-r c:\documents and settings\All Users\Application Data\0F64C351AE.sys
2008-06-17 15:28 2,828 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-02-27 13:04 27,976 ----a-w c:\program files\mozilla firefox\plugins\atgpcdec.dll
2008-03-13 15:01 125,848 ----a-w c:\program files\mozilla firefox\plugins\atgpcext.dll
2008-10-17 15:06 46,408 ----a-w c:\program files\mozilla firefox\plugins\atmccli.dll
2008-02-27 13:05 98,712 ----a-w c:\program files\mozilla firefox\plugins\ieatgpc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 16:52 80384 --a------ c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"E-MU USB Audio Control Panel"="c:\program files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe" [2007-11-26 274432]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-09-25 208896]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-05 242976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-09-25 331776]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-09 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-09 124248]
"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2007-02-02 419376]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\system32\TpShocks.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-20 443968]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2006-05-31 622653]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 12:07 49152 c:\program files\Lenovo\AwayTask\AwayNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-08-14 15:54 89600 c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 15:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 15:02 34080 c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2008-03-14 17:54 32768 c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ccnotify]
2007-03-30 15:09 15412 c:\windows\system32\ccnotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ psqlpwd ACGina scecli
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4019555616-2998813108-3601721884-1223\Scripts\Logon\0\0]
"Script"=firefox_login.vbs
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6ahxx.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART-ER.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART-ER.lnk
backup=c:\windows\pss\SMART-ER.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^hodgee.HODGEEXPT61^Start Menu^Programs^Startup^GBE My Turns Notifier.lnk]
path=c:\documents and settings\hodgee.HODGEEXPT61\Start Menu\Programs\Startup\GBE My Turns Notifier.lnk
backup=c:\windows\pss\GBE My Turns Notifier.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--------- 2008-09-25 00:47 208896 c:\progra~1\ThinkPad\UTILIT~1\BATLOGEX.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--------- 2006-03-07 16:02 53408 c:\program files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCDoctorLogonTesting]
--a------ 2007-05-16 22:04 126976 c:\program files\Rational\ClearCase\bin\ccdoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 04:42 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
--a------ 2008-09-26 09:41 789616 c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-MU USB Audio Control Panel]
--------- 2007-11-26 14:03 274432 c:\program files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-09-24 16:29 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-02 15:43 133104 c:\documents and settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
--a------ 2004-08-04 07:00 44032 c:\windows\ime\imkr6_1\imekrmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a------ 2008-04-13 21:13 208952 c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 15:50 221184 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
--a------ 2008-04-13 21:13 59392 c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2008-04-13 21:13 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2008-04-13 21:13 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
--------- 2008-09-25 00:47 331776 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-05-06 14:06 716800 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2008-07-03 15:17 118784 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
--------- 2008-07-31 04:01 60192 c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
--a------ 2008-03-24 09:15 68464 c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2008-03-04 09:34 487424 c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--------- 2006-03-17 09:34 124656 c:\progra~1\SYMANT~2\VPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 05:42 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--------- 2005-10-17 04:11 65536 c:\windows\system32\TP4EX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2008-06-06 17:21 181536 c:\windows\system32\TpShocks.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"VMware NAT Service"=2 (0x2)
"vmount2"=2 (0x2)
"VMnetDHCP"=2 (0x2)
"VMAuthdService"=2 (0x2)
"TSSCoreService"=2 (0x2)
"TpKmpSVC"=2 (0x2)
"TPHDEXLGSVC"=2 (0x2)
"SQLWriter"=2 (0x2)
"SQLSERVERAGENT"=3 (0x3)
"SMART-ERService"=2 (0x2)
"SavRoam"=2 (0x2)
"PSI_SVC_2"=2 (0x2)
"ose"=3 (0x3)
"MSSQLSERVER"=3 (0x3)
"msftesql"=2 (0x2)
"MailService"=3 (0x3)
"LtcyCfgSvc"=2 (0x2)
"LockMgr"=3 (0x3)
"LiveUpdate"=3 (0x3)
"IviRegMgr"=2 (0x2)
"IPSSVC"=2 (0x2)
"idsvc"=3 (0x3)
"IdiomRun"=3 (0x3)
"cccredmgr"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Albd"=3 (0x3)
"AcSvc"=3 (0x3)
"AcrSch2Svc"=2 (0x2)
"AcPrfMgrSvc"=3 (0x3)
"6to4"=2 (0x2)
"mnmsrvc"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=3 (0x3)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"ImapiService"=3 (0x3)
"gupdate1c928c94350f94c"=2 (0x2)
"GoogleDesktopManager-061008-081103"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"CiSvc"=3 (0x3)
"<NO NAME>"=Firefox
"<NO NAME>"=Firefox
"<NO NAME>"=Firefox
"<NO NAME>"=Firefox
"<NO NAME>"=Firefox
"<NO NAME>"=Firefox
"<NO NAME>"=Firefox
"<NO NAME>"=Firefox
"<NO NAME>"=Firefox
"<NO NAME>"=Firefox
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AcronisTimounterMonitor"=c:\program files\Apricorn\EZ Gig II\TimounterMonitor.exe
"AwaySch"=c:\program files\Lenovo\AwayTask\AwaySch.EXE
"Apricorn Scheduler Service"="c:\program files\Common Files\Apricorn\Schedule2\schedhlp.exe"
"EZGigMonitor.exe"=c:\program files\Apricorn\EZ Gig II\EZGigMonitor.exe
"SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"ACTray"=c:\program files\ThinkPad\ConnectUtilities\ACTray.exe
"ACWLIcon"=c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" silent
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
"EZEJMNAP"=c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
"TVT Scheduler Proxy"=c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Aventail\\Connect\\as32.exe"=
"c:\\Aventail\\Connect\\as32svc.exe"=
"c:\\Aventail\\Connect\\aslog.exe"=
"c:\\Aventail\\Connect\\asupdate.exe"=
"c:\\Aventail\\Connect\\nspview.exe"=
"c:\\Aventail\\Connect\\softupd.exe"=
"c:\\Program Files\\JetBrains\\IntelliJ IDEA 6.0\\bin\\idea.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_14\\bin\\java.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Shockprf;Shockprf;c:\windows\system32\DRIVERS\Apsx86.sys [2008-05-14 114728]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\DRIVERS\ApsHM86.sys [2008-05-14 19496]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2008-01-21 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\Drivers\IBMBLDID.sys [2008-01-21 4224]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-07-28 160792]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\Tppwrif.sys [2008-09-25 4442]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2007-11-26 20992]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2008-09-25 94208]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 10896]
R3 Astdi;Astdi;c:\aventail\Connect\asnttdi.sys [2005-08-19 126917]
R3 echondgo;Indigo Service;c:\windows\system32\drivers\echondgo.sys [2007-10-05 133760]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\DRIVERS\LtcyCfgWDM.sys [2005-12-25 6656]
R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2007-05-14 57216]
S0 ati6ahxx;ati6ahxx;c:\windows\system32\Drivers\ati6ahxx.sys [2008-11-12 32512]
S1 21f7a270;21f7a270;c:\windows\system32\drivers\21f7a270.sys [2008-11-11 0]
S3 Ascrypto;Ascrypto;c:\aventail\Connect\ascrypto.sys [2005-08-19 219299]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [2007-11-26 163352]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [ ]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\1F.tmp [ ]
S3 Mvfs;Atria Multi-Version FS;c:\windows\system32\DRIVERS\mvfs50.sys [2007-05-24 330544]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;c:\windows\system32\NSNDIS5.SYS [ ]
S3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2008-03-06 27072]
S3 swmsflt;swmsflt;c:\windows\system32\drivers\swmsflt.sys [2008-01-03 26504]
S3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\DRIVERS\swmx01.sys [2005-11-18 58624]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\DRIVERS\SWNC5E01.sys [2005-08-05 73600]
S3 VIRUSUSB;USB ASIO driver for Access Virus TI;c:\windows\system32\Drivers\VirusUSB.sys [2008-08-20 357208]
S3 VTIAUDIO;Virus TI Audio;c:\windows\system32\drivers\vtiaudio.sys [2008-08-20 39776]
S3 VTIMIDEV01;Virus TI MIDI Driver;c:\windows\system32\drivers\vtimidi.sys [2008-08-20 56136]
S4 AHIEICBUHQT;AHIEICBUHQT;c:\docume~1\HODGEE~1.HOD\LOCALS~1\Temp\AHIEICBUHQT.exe [ ]
S4 Albd;Atria Location Broker;c:\program files\Rational\ClearCase\bin\albd_server.exe [2007-03-30 176186]
S4 ELHIT;ELHIT;c:\docume~1\HODGEE~1.HOD\LOCALS~1\Temp\ELHIT.exe [ ]
S4 Enterprise Translation Server;Enterprise Translation Server;c:\progra~1\SDLINT~1\ETS\Bin\Ets.exe [2008-04-03 1204224]
S4 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744]
S4 gupdate1c928c94350f94c;Google Update Service (gupdate1c928c94350f94c);c:\program files\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
S4 IAVXDY;IAVXDY;c:\docume~1\HODGEE~1.HOD\LOCALS~1\Temp\IAVXDY.exe [ ]
S4 IdiomRun;Idiom Process Monitor;c:\program files\Idiom\WorldServer\svc\IdiomRun.exe [2008-09-25 36864]
S4 LtcyCfgSvc;PCI Latency Tool Service;c:\program files\PCI Latency Tool 3\LtcyCfgSvc.exe [2005-12-25 5120]
S4 MailService;IBM Rational ClearQuest Mail Service;c:\program files\Rational\ClearQuest\mailservice.exe [2007-05-15 73795]
S4 MMYJKBJ;MMYJKBJ;c:\docume~1\HODGEE~1.HOD\LOCALS~1\Temp\MMYJKBJ.exe [ ]
S4 SMART-ERService;SMART-ER Service;c:\program files\Apricorn\SMART-ER\SMART-ER Service.exe [2007-06-04 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2008-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-02 15:43]
2008-11-13 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\hodgee.HODGEEXPT61\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 15:43]
2008-11-07 c:\windows\Tasks\Norton Security Scan for hodgee.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 03:18]
2008-11-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-09-25 00:47]
2008-11-13 c:\windows\Tasks\User_Feed_Synchro | | |
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
My help is free.