Personal Guard 2009 - Need assistance to remove it [Solved], MBAM & AV software don't remove Personal Guard 2009 |
Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
|
|
|
  |
 Nov 7 2009, 04:57 PM
Post
#1
|
|
|
New Member  Posts: 9 OS: XP Pro, w SP3  |
I'm running XP Pro, SP3, on a Lenovo laptop and it has been infected by Personal Guard 2009 (PG2009).
I'm alerted by Windows Security Center that my PG2009 is disabled and that PG2009 is not "registered". I've tried uninstalling the PG2009, deleting the program folders, and I've followed the manual deletion suggestions for removing PG2009 registry entries. All without success. Both MBAM & Sunbelt Software's Vipre AV software recognize the threat. They identify it, and appear to remove it, but on re-boot Personal Guard 2009 comes right back. Windows will not boot to SAFE MODE (if any Safe Mode option is selected the system only reboots). System Restore also fails; you can select a Restore Point, the system restarts, but then it comes up with a failure message. I've gone through the steps in the Malware and Spyware Cleaning Guide and am ready to post my logs from MBAM, RootRepeal, and OTL. Thank you in advance for any assistance that you can provide in helping me to remove this malware. Here are the logs: --------------------: --------------------: MBAM LOG --------------------: --------------------: Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 3 11/7/2009 4:05:39 PM mbam-log-2009-11-07 (16-05-39).txt Scan type: Full Scan (C:\|) Objects scanned: 224203 Time elapsed: 55 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 3 Registry Values Infected: 3 Registry Data Items Infected: 4 Folders Infected: 4 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: c:\WINDOWS\system32\hakurevi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\lowofoza.dll (Trojan.Vundo) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{ddf3e8b9-4849-4427-aab8-ac1b3aab9a86} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\personal guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losodijag (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ddf3e8b9-4849-4427-aab8-ac1b3aab9a86} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\zuhuwamir (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\hakurevi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\hakurevi.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\q (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\smith\Start Menu\Programs\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\smith.BBS\Start Menu\Programs\Personal Guard 2009 (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\hakurevi.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Program Files\Personal Guard 2009\config.scf (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\mmbase.sdb (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\q.sdb (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\uninstalls.exe (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Program Files\Personal Guard 2009\vvbase.sdb (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\smith\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\smith\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\smith.BBS\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\Documents and Settings\smith.BBS\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk (Rogue.PersonalGuard2009) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bedinuni.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\lowofoza.dll (Trojan.Vundo) -> Delete on reboot. --------------------: --------------------: ROOTREPEAL LOG --------------------: --------------------: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/07 16:37 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_iaStor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iaStor.sys Address: 0x98BF9000 Size: 778240 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0x9D65A000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\system32\drivers\sbaphd.sys" at address 0xa3c344d0 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\drivers\sbaphd.sys" at address 0xa3c34520 ==EOF== --------------------: --------------------: OTL LOG: --------------------: --------------------: OTL logfile created on: 11/7/2009 4:48:38 PM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\_bin\Malware fighting tools\GeeksToGo\Utilities Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.99 Gb Total Space | 107.01 Gb Free Space | 74.84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BBS Current User Name: smith Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/07 14:19:38 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\_bin\Malware fighting tools\GeeksToGo\Utilities\OTL.exe PRC - [2009/11/05 17:55:43 | 00,380,416 | ---- | M] () -- C:\WINDOWS\system32\winsc.exe PRC - [2009/09/07 13:02:36 | 01,012,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/06/04 16:41:22 | 00,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/08/03 18:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007/07/05 17:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2007/07/05 17:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2007/07/05 17:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe PRC - [2007/03/16 07:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe PRC - [2007/02/08 15:19:36 | 01,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2007/02/08 15:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2007/02/08 15:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2007/02/08 15:00:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe PRC - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006/11/02 22:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE PRC - [2006/10/12 02:28:48 | 01,134,592 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE PRC - [2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004/08/04 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe ========== Modules (SafeList) ========== MOD - [2009/11/07 14:19:38 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\_bin\Malware fighting tools\GeeksToGo\Utilities\OTL.exe MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (FingerprintServer) SRV - [2009/09/07 13:02:36 | 01,012,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc) SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/06/04 16:41:22 | 00,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2008/07/29 23:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 21:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 21:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 13:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 13:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2007/08/03 18:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007/07/05 17:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007/07/05 17:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC) SRV - [2007/03/16 07:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH) SRV - [2007/02/08 15:19:36 | 01,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007/02/08 15:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2007/02/08 15:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2006/11/02 22:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc) SRV - [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/10/06 20:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf) ========== Driver Services (SafeList) ========== DRV - [2009/08/10 19:06:28 | 00,069,936 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs) DRV - [2009/08/05 14:58:40 | 00,093,872 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE) DRV - [2009/07/15 08:17:58 | 00,203,056 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis) DRV - [2009/05/13 16:30:46 | 00,013,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd) DRV - [2008/09/01 01:19:50 | 00,033,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2008/09/01 01:18:55 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/11/29 13:04:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2007/08/10 00:52:44 | 04,603,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007/06/16 23:29:08 | 00,146,824 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007/05/22 17:59:38 | 00,030,336 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2007/05/22 02:59:34 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2007/04/02 13:24:08 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2007/02/25 22:59:10 | 05,700,096 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/02/24 16:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/02/16 17:46:42 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007/02/08 14:30:28 | 00,017,664 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2007/02/02 06:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2007/01/23 19:03:28 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/01/23 18:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/06 03:23:24 | 00,012,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006/10/12 02:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/08/30 00:53:00 | 01,161,152 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/05/24 13:48:14 | 00,010,240 | ---- | M] (Lenovo ) -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler) DRV - [2006/05/19 00:24:20 | 00,193,088 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/11/08 11:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/03 17:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) DRV - [2001/08/17 07:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aesoponline.com/login2.asp IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4 FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/22 04:07:58 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/22 01:33:35 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/29 16:08:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 16:08:59 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/10/25 19:32:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/08/23 12:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BOOK\Application Data\Mozilla\Extensions [2009/08/23 12:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BOOK\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/07 14:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BOOK\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\extensions [2009/08/23 12:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BOOK\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/10/25 17:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BOOK\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2009/11/07 14:03:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/10/29 16:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/25 21:25:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/11/05 19:53:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262} [2009/10/29 16:08:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/10/29 16:08:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/10/29 16:08:51 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/10/23 01:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/10/29 16:08:54 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/10/29 16:08:54 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/10/29 16:08:54 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/10/29 16:08:54 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/10/29 16:08:54 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/10/29 16:08:54 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/10/29 16:08:54 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\littlebopeep\littlebopeep.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gbs.conval.edu O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (lowofoza.dll) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll () O21 - SSODL: SysNet - {A0326928-1B7B-488B-B43A-E623B4F79A27} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll () O24 - Desktop Components:0 (My Current Home Page) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{915658c3-c3c6-11de-a8a5-001eec98f19d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{915658c3-c3c6-11de-a8a5-001eec98f19d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/01 00:40:05 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2009/11/07 16:31:51 | 00,000,000 | ---D | C] -- C:\Program Files\Personal Guard 2009 [2009/11/07 14:54:03 | 00,000,000 | ---D | C] -- C:\littlebopeep [2009/11/07 14:43:36 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/07 14:43:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/07 14:43:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/07 14:41:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/07 14:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/11/07 14:12:11 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\smith.BOOK\Desktop\TFC.exe [2009/11/07 13:43:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/06 08:53:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Application Data\Malwarebytes [2009/11/06 08:21:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/11/05 19:53:55 | 00,110,592 | ---- | C] (TechSmith Corporation) -- C:\WINDOWS\System32\tsccvid.dll [2009/11/05 19:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\SMART Technologies [2009/11/05 19:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies [2009/11/05 19:52:44 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2009/11/05 19:52:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Local Settings\Application Data\Downloaded Installations [2009/11/05 17:55:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft AData [2009/10/30 13:29:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2009/10/30 13:29:00 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2009/10/28 20:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Application Data\XnView [2009/10/28 20:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\XnView [2009/10/28 15:49:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime [2009/10/28 15:49:38 | 00,000,000 | ---D | C] -- C:\Program Files\3ivx [2009/10/28 15:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\Flip Video [2009/10/28 15:49:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video [2009/10/28 08:12:12 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL [2009/10/28 08:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft [2009/10/28 07:58:51 | 02,641,973 | ---- | C] (CISRA) -- C:\WINDOWS\System32\opapi11.dll [2009/10/28 07:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Canon [2009/10/28 07:56:17 | 00,097,280 | ---- | C] (Caere Corporation) -- C:\WINDOWS\System32\opshel32.dll [2009/10/28 07:56:16 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\Uninsop9.exe [2009/10/28 07:56:16 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\OP9Deins.exe [2009/10/28 07:56:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Pixtran [2009/10/28 07:56:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Caere [2009/10/28 07:56:00 | 00,000,000 | ---D | C] -- C:\Program Files\Caere [2009/10/28 07:55:19 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe [2009/10/28 07:52:54 | 00,327,740 | R--- | C] (Canon) -- C:\WINDOWS\System32\UCS32P.DLL [2009/10/28 07:52:52 | 00,729,088 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\D125UAG.DLL [2009/10/28 07:52:51 | 00,487,424 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\D125UFW.dll [2009/10/28 07:52:50 | 00,102,400 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\D125UUD.DLL [2009/10/28 07:52:50 | 00,028,720 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\SG63CPL.DLL [2009/10/28 07:52:46 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys [2009/10/28 07:52:46 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2009/10/27 07:30:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2009/10/26 20:50:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Application Data\gtk-2.0 [2009/10/26 20:50:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\.thumbnails [2009/10/26 20:48:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\.gimp-2.6 [2009/10/26 20:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\gegl-0.0 [2009/10/26 18:18:51 | 00,000,000 | ---D | C] -- C:\Program Files\Pencil [2009/10/26 18:12:00 | 00,000,000 | ---D | C] -- C:\Program Files\Kompozer [2009/10/26 12:53:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009/10/26 12:09:54 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys [2009/10/26 12:09:54 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2009/10/26 11:32:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Application Data\Xerox [2009/10/26 06:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2009/10/26 06:03:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Application Data\KompoZer [2009/10/26 06:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity [2009/10/26 06:01:43 | 00,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Plus [2009/10/26 06:01:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\smith.BOOK\Recent [2009/10/26 05:59:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Desktop\Software waiting for install [2009/10/25 20:16:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\smith.BOOK\Desktop\GBS Staff [2009/10/25 20:15:27 | 00,000,000 | R--D | C] -- C:\Documents and Settings\smith.BOOK\Desktop\Students Folders [2009/10/25 20:10:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\SMART Notebook [2009/10/25 20:10:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\Password Corral Data [2009/10/25 20:09:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\My Videos [2009/10/25 20:00:09 | 00,000,000 | --SD | C] -- C:\Documents and Settings\smith.BOOK\My Documents\My Data Sources [2009/10/25 20:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\My Media [2009/10/25 20:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\Inspiration Data [2009/10/25 20:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\Cyberlink [2009/10/25 19:47:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\_DATA [2009/10/25 19:32:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Local Settings\Application Data\Thunderbird [2009/10/25 19:32:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Application Data\Thunderbird [2009/10/25 19:32:45 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2009/10/25 19:28:33 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS [2009/10/25 19:28:33 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys [2009/10/25 19:26:10 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys [2009/10/25 19:26:10 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys [2009/10/25 19:23:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Application Data\Sunbelt [2009/10/25 19:23:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt [2009/10/25 19:22:01 | 00,203,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys [2009/10/25 19:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software [2009/10/25 18:11:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\Downloads [2009/10/21 19:54:38 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll [2009/10/21 19:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\My Documents\Updater5 [2009/10/21 19:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BOOK\Local Settings\Application Data\Identities [2008/09/01 01:01:23 | 00,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [2008/09/01 01:01:23 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2009/11/07 16:50:43 | 00,051,197 | ---- | M] () -- C:\WINDOWS\spoov.exe [2009/11/07 16:50:43 | 00,047,872 | ---- | M] () -- C:\WINDOWS\certsystem.exe [2009/11/07 16:50:43 | 00,038,352 | ---- | M] () -- C:\WINDOWS\regred.exe [2009/11/07 16:50:43 | 00,033,149 | ---- | M] () -- C:\WINDOWS\usexplorer.exe [2009/11/07 16:50:43 | 00,028,320 | ---- | M] () -- C:\WINDOWS\securits.com [2009/11/07 16:50:43 | 00,018,941 | ---- | M] () -- C:\WINDOWS\microsoftdef.dll [2009/11/07 16:45:52 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rowoyugo [2009/11/07 16:35:21 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\smith.BOOK\NTUSER.DAT [2009/11/07 16:34:54 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/07 16:34:54 | 00,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/07 16:34:54 | 00,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/07 16:31:04 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/07 16:30:51 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2009/11/07 16:30:46 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2009/11/07 16:30:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/07 16:30:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/07 16:30:43 | 32,111,86176 | -HS- | M] () -- C:\hiberfil.sys [2009/11/07 16:29:38 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\smith.BOOK\ntuser.ini [2009/11/07 16:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\hcefgbqd.job [2009/11/07 14:54:07 | 00,000,501 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/07 14:41:03 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\NTREGOPT.lnk [2009/11/07 14:41:03 | 00,000,599 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\ERUNT.lnk [2009/11/07 14:12:20 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\smith.BOOK\Desktop\TFC.exe [2009/11/06 15:40:50 | 00,000,600 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/06 15:40:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/06 15:40:50 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2009/11/05 17:55:43 | 00,380,416 | ---- | M] () -- C:\WINDOWS\System32\winsc.exe [2009/11/04 09:34:47 | 00,001,790 | -H-- | M] () -- C:\Documents and Settings\smith.BOOK\My Documents\Default.rdp [2009/11/03 19:24:50 | 00,026,041 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\GBSStudent_Logins.csv [2009/11/02 13:50:05 | 00,000,022 | ---- | M] () -- C:\WINDOWS\OP70.INI [2009/10/30 14:11:59 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/29 14:16:26 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\Windows Media Player.lnk [2009/10/28 20:31:29 | 00,000,613 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\XnView.lnk [2009/10/28 16:44:56 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2009/10/28 15:49:36 | 00,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk [2009/10/28 08:12:27 | 00,000,021 | ---- | M] () -- C:\WINDOWS\phbase.ini [2009/10/28 08:01:56 | 03,643,228 | -H-- | M] () -- C:\Documents and Settings\smith.BOOK\Local Settings\Application Data\IconCache.db [2009/10/28 07:59:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\OPPRIN~1.INI [2009/10/28 07:57:59 | 00,000,572 | ---- | M] () -- C:\WINDOWS\maxlink.ini [2009/10/27 19:08:15 | 00,009,619 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\draft_TechWeek.odt [2009/10/26 20:52:42 | 00,001,646 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\.recently-used.xbel [2009/10/26 18:19:17 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\Shortcut to LICENSE.lnk [2009/10/26 18:19:17 | 00,000,661 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\Pencil.lnk [2009/10/26 18:13:07 | 00,000,689 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\Kompozer.lnk [2009/10/26 11:32:57 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xerox Support Centre.lnk [2009/10/26 09:04:55 | 00,000,993 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\ComputerLabs.lnk [2009/10/26 08:44:49 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\smith - Wireless MAC address [2009/10/26 06:05:25 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.6.lnk [2009/10/26 06:02:12 | 00,000,637 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\Audacity.lnk [2009/10/26 06:01:46 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\ScreenHunter 5.1 Plus.lnk [2009/10/25 20:16:06 | 00,000,461 | ---- | M] () -- C:\Documents and Settings\smith.BOOK\Desktop\All Staff SCHEDULES.lnk [2009/10/25 19:32:47 | 00,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2009/10/25 19:21:58 | 00,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk [2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll ========== Files Created - No Company Name ========== [2009/11/07 14:43:39 | 00,000,501 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/07 14:41:03 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\NTREGOPT.lnk [2009/11/07 14:41:03 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\ERUNT.lnk [2009/11/07 14:07:35 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\hcefgbqd.job [2009/11/05 17:55:43 | 00,380,416 | ---- | C] () -- C:\WINDOWS\System32\winsc.exe [2009/11/05 17:55:42 | 00,051,197 | ---- | C] () -- C:\WINDOWS\spoov.exe [2009/11/05 17:55:42 | 00,047,872 | ---- | C] () -- C:\WINDOWS\certsystem.exe [2009/11/05 17:55:42 | 00,038,352 | ---- | C] () -- C:\WINDOWS\regred.exe [2009/11/05 17:55:42 | 00,033,149 | ---- | C] () -- C:\WINDOWS\usexplorer.exe [2009/11/05 17:55:42 | 00,028,320 | ---- | C] () -- C:\WINDOWS\securits.com [2009/11/05 17:55:42 | 00,018,941 | ---- | C] () -- C:\WINDOWS\microsoftdef.dll [2009/11/03 19:24:50 | 00,026,041 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\GBSStudent_Logins.csv [2009/10/28 20:31:04 | 00,000,613 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\XnView.lnk [2009/10/28 16:44:56 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2009/10/28 15:49:36 | 00,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk [2009/10/28 08:12:27 | 00,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini [2009/10/28 08:12:14 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini [2009/10/28 08:01:48 | 00,000,623 | R--- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\Scanner Registration.URL [2009/10/28 07:59:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI [2009/10/28 07:58:52 | 00,074,665 | ---- | C] () -- C:\WINDOWS\System32\openpage.msg [2009/10/28 07:57:59 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009/10/28 07:56:38 | 00,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI [2009/10/28 07:52:53 | 00,393,225 | R--- | C] () -- C:\WINDOWS\System32\D125UFWF.PLG [2009/10/28 07:52:53 | 00,393,225 | R--- | C] () -- C:\WINDOWS\System32\D125UFW1.PLG [2009/10/28 07:52:52 | 00,393,225 | R--- | C] () -- C:\WINDOWS\System32\D125UFWB.PLG [2009/10/28 07:52:52 | 00,008,575 | R--- | C] () -- C:\WINDOWS\System32\D125UFW.INI [2009/10/27 19:08:15 | 00,009,619 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\draft_TechWeek.odt [2009/10/27 07:30:59 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe [2009/10/26 20:52:42 | 00,001,646 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\.recently-used.xbel [2009/10/26 20:41:29 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/26 18:19:17 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\Shortcut to LICENSE.lnk [2009/10/26 18:19:17 | 00,000,661 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\Pencil.lnk [2009/10/26 18:13:07 | 00,000,689 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\Kompozer.lnk [2009/10/26 11:32:57 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xerox Support Centre.lnk [2009/10/26 09:04:55 | 00,000,993 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\ComputerLabs.lnk [2009/10/26 08:44:49 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\smith - Wireless MAC address [2009/10/26 06:05:25 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.6.lnk [2009/10/26 06:02:12 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\Audacity.lnk [2009/10/26 06:01:46 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\ScreenHunter 5.1 Plus.lnk [2009/10/25 20:16:06 | 00,000,461 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Desktop\All Staff SCHEDULES.lnk [2009/10/25 20:10:07 | 00,048,724 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\MAP_Results_9-17.pdf [2009/10/25 20:10:07 | 00,022,868 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\AUP update.odt [2009/10/25 20:10:07 | 00,018,878 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\2015_Portfolio Matrix.odt [2009/10/25 20:10:07 | 00,018,421 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\2014_Portfolio Matrix.odt [2009/10/25 20:10:07 | 00,018,396 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\2016_Portfolio Matrix.odt [2009/10/25 20:10:07 | 00,016,594 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\2017_Portfolio Matrix.odt [2009/10/25 20:10:07 | 00,014,789 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\MAP_Results_9-17.ods [2009/10/25 20:10:07 | 00,001,790 | -H-- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\Default.rdp [2009/10/25 20:10:07 | 00,001,399 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\09-10 Daily Sheets Data0.odb [2009/10/25 20:10:07 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\09-10_AUP Checklist_Graph0.odb [2009/10/25 20:10:07 | 00,001,393 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\StudentList_09-100.odb [2009/10/25 20:10:07 | 00,001,384 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\My Documents\Days_Dates0.odb [2009/10/25 19:32:47 | 00,001,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2009/10/25 19:21:58 | 00,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk [2009/09/07 13:38:44 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/08/23 12:17:15 | 03,643,228 | -H-- | C] () -- C:\Documents and Settings\smith.BOOK\Local Settings\Application Data\IconCache.db [2009/08/23 12:17:15 | 00,077,864 | ---- | C] () -- C:\Documents and Settings\smith.BOOK\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/08/23 12:17:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\smith.BOOK\Application Data\desktop.ini [2009/08/07 14:08:08 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\pinafadi.dll [2009/08/07 14:08:08 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\bulopazo.dll [2009/08/07 14:07:33 | 00,060,928 | -HS- | C] () -- C:\WINDOWS\System32\basukavu.dll [2009/08/07 14:07:33 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\sejutedi.dll [2009/08/05 17:59:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\porevujo.dll [2008/09/01 01:35:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/09/01 01:18:26 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2008/09/01 01:13:52 | 01,398,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe [2008/09/01 01:09:10 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/09/01 01:09:10 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/09/01 01:09:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/09/01 01:09:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/09/01 01:09:10 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/09/01 01:09:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/09/01 01:04:16 | 00,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2008/09/01 01:04:16 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll [2008/09/01 01:04:04 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008/09/01 01:04:04 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2008/09/01 01:03:07 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008/09/01 01:02:07 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2008/09/01 01:01:24 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2008/09/01 01:01:23 | 09,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2008/03/14 00:53:22 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll [2008/02/19 01:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2007/08/16 05:28:38 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2007/08/16 05:28:27 | 00,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI [2007/03/15 12:47:48 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll [2007/02/09 14:54:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/06/29 16:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 16:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/04/30 01:56:08 | 00,000,600 | ---- | C] () -- C:\WINDOWS\win.ini [2006/04/30 01:56:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2006/04/29 19:04:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2006/04/18 17:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 17:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont ========== Custom Scans ========== < > < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > [2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys [2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys [2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2004/08/04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < End of report > --------------------: --------------------: OTL Extras logfile --------------------: --------------------: OTL Extras logfile created on: 11/7/2009 4:48:38 PM - Run 1 OTL by OldTimer - Version 3.1.4.0 Folder = C:\_bin\Malware fighting tools\GeeksToGo\Utilities Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.99 Gb Total Space | 107.01 Gb Free Space | 74.84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BBS Current User Name: smith Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Documents and Settings\smith.BOOK\Local Settings\Temp\RarSFX0\Windows Utilities\Installer32\InstallationManager.exe" = C:\Documents and Settings\smith.BOOK\Local Settings\Temp\RarSFX0\Windows Utilities\Installer32\InstallationManager.exe:*:Enabled:Xerox Windows Common Installer -- File not found "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation) "C:\Program Files\SMART Technologies\SMART Notebook\TSCC.exe" = C:\Program Files\SMART Technologies\SMART Notebook\TSCC.exe:*:Enabled:tscc -- () "C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe" = C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe:*:Enabled:tvtsched -- (Lenovo Group Limited) "C:\WINDOWS\system32\wbem\wmiadap.exe" = C:\WINDOWS\system32\wbem\wmiadap.exe:*:Enabled:WMIADAP -- (Microsoft Corporation) "C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe" = C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe:*:Enabled:SvcGuiHlpr -- (Lenovo ) "C:\Program Files\Personal Guard 2009\personalguard.exe" = C:\Program Files\Personal Guard 2009\personalguard.exe:*:Enabled:personalguard -- File not found "C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe" = C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe:*:Enabled:AcSvc -- (Lenovo ) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{0D3F9802-689F-9B6D-8E44-B55971F0CCBB}" = FlipShare "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32 "{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{72373D02-7E80-4261-91B7-E6F38541D629}" = VIPRE Antivirus + Antispyware "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{97E38F11-0FBE-4BC2-9EE1-5B1421C76F27}" = Adobe GoLive 6.0 "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2 "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements "Adobe SVG Viewer" = Adobe SVG Viewer "Agere Systems Soft Modem" = Agere Systems HDA Modem "ArcSoft PhotoBase" = ArcSoft PhotoBase "Audacity_is1" = Audacity 1.2.6 "AwayTask" = Maintenance Manager "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter "Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1 "CCleaner" = CCleaner (remove only) "Digital Media LE" = Roxio Digital Media LE "ERUNT_is1" = ERUNT 1.1j "HDMI" = Intel® Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4) "Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0 "OnScreenDisplay" = On Screen Display "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "PCMCIAPW" = ThinkPad PC Card Power Policy "Personal Guard 2009" = Personal Guard 2009 "PhotoRecord" = Canon PhotoRecord "Picasa2" = Picasa 2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.7 "Wisdom-soft Set up ScreenHunter 5.1 Plus" = Wisdom-soft Set up ScreenHunter 5.1 Plus "WMCSetup" = Windows Media Connect "Xerox_Support_Centre" = Xerox Support Centre "XnView_is1" = XnView 1.96.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/3/2009 12:13:45 PM | Computer Name = BBS | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (A socket operation was attempted to an unreachable host. ). Group Policy processing aborted. Error - 11/3/2009 8:13:56 PM | Computer Name = BBS | Source = Application Hang | ID = 1002 Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/3/2009 8:13:57 PM | Computer Name = BBS | Source = Application Hang | ID = 1002 Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/3/2009 11:13:23 PM | Computer Name = BBS | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 11/3/2009 11:13:24 PM | Computer Name = BBS | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error - 11/3/2009 11:13:33 PM | Computer Name = BBS | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 11/4/2009 7:27:16 AM | Computer Name = BBS | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 11/4/2009 7:27:17 AM | Computer Name = BBS | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error - 11/4/2009 7:39:42 AM | Computer Name = BBS | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 11/4/2009 8:41:08 AM | Computer Name = BBS | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. [ System Events ] Error - 11/4/2009 7:42:38 AM | Computer Name = BBS | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Error - 11/4/2009 8:41:08 AM | Computer Name = BBS | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain BOOK due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Error - 11/4/2009 9:34:38 AM | Computer Name = BBS | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 11/4/2009 1:29:40 PM | Computer Name = BBS | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain BOOK due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Error - 11/5/2009 9:35:54 AM | Computer Name = BBS | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain BOOK due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Error - 11/5/2009 11:09:53 AM | Computer Name = BBS | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error - 11/5/2009 11:09:53 AM | Computer Name = BBS | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 11/5/2009 11:09:53 AM | Computer Name = BBS | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error - 11/5/2009 11:56:23 AM | Computer Name = BBS | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain BOOK due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Error - 11/5/2009 1:46:25 PM | Computer Name = BBS | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. < End of report > |
 |
 
|
|
Nov 7 2009, 05:17 PM
Post
#2
|
|
 Trusted Helper  Posts: 9,275 OS: Windows XP |
OTL Fix step
Open OTL then do below.. Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button. CODE :processes explorer.exe :OTL PRC - [2009/11/05 17:55:43 | 00,380,416 | ---- | M] () -- C:\WINDOWS\system32\winsc.exe O20 - AppInit_DLLs: (lowofoza.dll) - File not found O21 - SSODL: SysNet - {A0326928-1B7B-488B-B43A-E623B4F79A27} - C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll () [2009/11/07 16:31:51 | 00,000,000 | ---D | C] -- C:\Program Files\Personal Guard 2009 [2009/11/07 14:54:03 | 00,000,000 | ---D | C] -- C:\littlebopeep [2009/11/07 16:50:43 | 00,051,197 | ---- | M] () -- C:\WINDOWS\spoov.exe [2009/11/07 16:50:43 | 00,047,872 | ---- | M] () -- C:\WINDOWS\certsystem.exe [2009/11/07 16:50:43 | 00,038,352 | ---- | M] () -- C:\WINDOWS\regred.exe [2009/11/07 16:50:43 | 00,033,149 | ---- | M] () -- C:\WINDOWS\usexplorer.exe [2009/11/07 16:50:43 | 00,028,320 | ---- | M] () -- C:\WINDOWS\securits.com [2009/11/07 16:50:43 | 00,018,941 | ---- | M] () -- C:\WINDOWS\microsoftdef.dll [2009/11/07 16:45:52 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\rowoyugo [2009/11/07 16:00:01 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\hcefgbqd.job [2009/11/05 17:55:43 | 00,380,416 | ---- | M] () -- C:\WINDOWS\System32\winsc.exe [2009/11/07 14:07:35 | 00,000,296 | ---- | C] () -- C:\WINDOWS\tasks\hcefgbqd.job [2009/11/05 17:55:43 | 00,380,416 | ---- | C] () -- C:\WINDOWS\System32\winsc.exe [2009/11/05 17:55:42 | 00,051,197 | ---- | C] () -- C:\WINDOWS\spoov.exe [2009/11/05 17:55:42 | 00,047,872 | ---- | C] () -- C:\WINDOWS\certsystem.exe [2009/11/05 17:55:42 | 00,038,352 | ---- | C] () -- C:\WINDOWS\regred.exe [2009/11/05 17:55:42 | 00,033,149 | ---- | C] () -- C:\WINDOWS\usexplorer.exe [2009/11/05 17:55:42 | 00,028,320 | ---- | C] () -- C:\WINDOWS\securits.com [2009/11/05 17:55:42 | 00,018,941 | ---- | C] () -- C:\WINDOWS\microsoftdef.dll [2009/08/07 14:08:08 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\pinafadi.dll [2009/08/07 14:08:08 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\bulopazo.dll [2009/08/07 14:07:33 | 00,060,928 | -HS- | C] () -- C:\WINDOWS\System32\basukavu.dll [2009/08/07 14:07:33 | 00,051,712 | -HS- | C] () -- C:\WINDOWS\System32\sejutedi.dll [2009/08/05 17:59:14 | 00,039,424 | -HS- | C] () -- C:\WINDOWS\System32\porevujo.dll :commands [purity] [emptytemp] [start explorer] [reboot] Let it run the fix. A log will then pop-up to your screen after the fix finish.. If it needs a reboot, just let it.. Post that log in your next reply... Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given.. Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop. Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed. If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest.. When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply.. Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job.. |
|
|
|
|
Nov 7 2009, 08:55 PM
Post
#3
|
|
|
New Member Posts: 9 OS: XP Pro, w SP3 |
fenzodahl512,
Thank you for the quick response! I ran OTL, but I have not run Combofix, yet. I wasn't sure from your post if you wanted to see the OTL Log before I ran Combofix. After running OTL, and then rebooting, I received a Malwarebytes' Anti-Malware error: Error code: 707(3,0) And, then the OTL log came up: OTL log: All processes killed ========== PROCESSES ========== Process explorer.exe killed successfully! ========== OTL ========== No active process named winsc.exe was found! Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:lowofoza.dll deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysNet deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0326928-1B7B-488B-B43A-E623B4F79A27}\ deleted successfully. C:\Documents and Settings\All Users\Microsoft AData\sysnet.dll moved successfully. File move failed. C:\Program Files\Personal Guard 2009\ scheduled to be moved on reboot. File move failed. C:\littlebopeep\ scheduled to be moved on reboot. C:\WINDOWS\spoov.exe moved successfully. C:\WINDOWS\certsystem.exe moved successfully. C:\WINDOWS\regred.exe moved successfully. C:\WINDOWS\usexplorer.exe moved successfully. C:\WINDOWS\securits.com moved successfully. C:\WINDOWS\microsoftdef.dll moved successfully. C:\WINDOWS\system32\rowoyugo moved successfully. C:\WINDOWS\tasks\hcefgbqd.job moved successfully. C:\WINDOWS\system32\winsc.exe moved successfully. File C:\WINDOWS\tasks\hcefgbqd.job not found. File C:\WINDOWS\System32\winsc.exe not found. File C:\WINDOWS\spoov.exe not found. File C:\WINDOWS\certsystem.exe not found. File C:\WINDOWS\regred.exe not found. File C:\WINDOWS\usexplorer.exe not found. File C:\WINDOWS\securits.com not found. File C:\WINDOWS\microsoftdef.dll not found. C:\WINDOWS\system32\pinafadi.dll moved successfully. C:\WINDOWS\system32\bulopazo.dll moved successfully. C:\WINDOWS\system32\basukavu.dll moved successfully. C:\WINDOWS\system32\sejutedi.dll moved successfully. C:\WINDOWS\system32\porevujo.dll moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: halem ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: halem.BBS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: smith ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: smith.BBS ->Temp folder emptied: 622592 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 29433194 bytes User: smith~1~GRE User: knightl ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 7020 bytes RecycleBin emptied: 72111 bytes Total Files Cleaned = 28.83 mb OTL by OldTimer - Version 3.1.4.0 log created on 11072009_213814 Files\Folders moved on Reboot... C:\Program Files\Personal Guard 2009\\q folder moved successfully. Folder move failed. C:\Program Files\Personal Guard 2009\ scheduled to be moved on reboot. C:\littlebopeep\\Languages folder moved successfully. Folder move failed. C:\littlebopeep\ scheduled to be moved on reboot. Registry entries deleted on Reboot... |
|
|
|
|
Nov 7 2009, 08:57 PM
Post
#4
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
Its okay, just run ComboFix
|
|
|
|
|
Nov 7 2009, 09:40 PM
Post
#5
|
|
|
New Member Posts: 9 OS: XP Pro, w SP3 |
Fenzodahl512,
OK, I ran Combofix. The only quirk I encountered was after a re-boot, near the end of the Combofix process, as it was supposed to be creating a log file, a BSOD-looking error filled the left half of the screen & then the system rebooted a second time. Not sure if that is worth mentioning, but I'm passing it along. Here's the Combofix log: ComboFix 09-11-07.02 - smith 11/07/2009 22:14:34.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2681 [GMT -5:00] Running from: C:\Documents and Settings\smith.BBS\Desktop\ComboFix.exe . The following files were disabled during the run: c:\windows\system32\wesokaru.dll |
|
|
|
|
Nov 7 2009, 09:49 PM
Post
#6
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
Is that all the ComboFix log? Can you find the log at C:\combofix.txt and post the log here? If the log is that short, please run ComboFix once again and post the log here
|
|
|
|
|
Nov 7 2009, 10:21 PM
Post
#7
|
|
|
New Member Posts: 9 OS: XP Pro, w SP3 |
Thank you for your speedy replies!!
Each time I ran Combofix it came with a "Parasites Found" dialog box when first starting (sorry I didn't mention it in my last message). The message was: Parasites found: Trying to attach to combofix: C:\windows\system32\wesokaru.dll Combofix ran through this time without any blue-screen type of error. Here's the log from the second running of combofix: ComboFix 09-11-07.02 - smith 11/07/2009 23:00.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2580 [GMT -5:00] Running from: c:\documents and settings\smith.BBS\Desktop\ComboFix.exe . The following files were disabled during the run: c:\windows\system32\wesokaru.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Microsoft AData\t.sid c:\documents and settings\smith.BBS\Desktop\Personal Guard 2009-crapware.txt c:\documents and settings\smith.BBS\Start Menu\Programs\Personal Guard 2009\Personal Guard 2009.lnk c:\documents and settings\smith.BBS\Start Menu\Programs\Personal Guard 2009\Uninstall.lnk c:\program files\Personal Guard 2009\config.scf c:\program files\Personal Guard 2009\mmbase.sdb c:\program files\Personal Guard 2009\q.sdb c:\program files\Personal Guard 2009\uninstalls.exe c:\program files\Personal Guard 2009\vvbase.sdb c:\windows\system32\dugiwise.dll c:\windows\system32\gafilumu.dll c:\windows\system32\soveveje.dll . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-08 02:38 . 2009-11-08 02:38 -------- d-----w- C:\_OTL 2009-11-07 19:54 . 2009-11-08 02:42 -------- d-----w- C:\littlebopeep 2009-11-07 19:43 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-07 19:43 . 2009-11-07 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-07 19:43 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-07 19:41 . 2009-11-07 19:41 -------- d-----w- c:\program files\ERUNT 2009-11-07 18:43 . 2009-11-07 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-06 13:53 . 2009-11-06 13:53 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\Malwarebytes 2009-11-06 00:53 . 2003-02-15 00:14 110592 ----a-w- c:\windows\system32\tsccvid.dll 2009-11-06 00:52 . 2009-11-06 00:53 -------- d-----w- c:\program files\Common Files\SMART Technologies 2009-11-06 00:52 . 2009-11-06 00:52 -------- d-----w- c:\program files\SMART Technologies 2009-11-06 00:52 . 2009-11-06 00:52 -------- d-----w- c:\documents and settings\smith.BBS\Local Settings\Application Data\Downloaded Installations 2009-10-30 18:29 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-10-30 18:29 . 2008-04-13 21:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-10-29 01:31 . 2009-10-29 01:31 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\XnView 2009-10-29 01:30 . 2009-10-29 01:31 -------- d-----w- c:\program files\XnView 2009-10-28 20:49 . 2009-10-28 20:49 -------- d-----w- c:\windows\system32\QuickTime 2009-10-28 20:49 . 2009-10-28 20:49 -------- d-----w- c:\program files\3ivx 2009-10-28 20:49 . 2009-10-28 20:49 -------- d-----w- c:\program files\Flip Video 2009-10-28 20:49 . 2009-10-28 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video 2009-10-28 13:12 . 2009-10-28 13:12 -------- d-----w- c:\program files\ArcSoft 2009-10-28 13:12 . 1995-07-31 17:44 212480 ----a-w- c:\windows\PCDLIB32.DLL 2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\documents and settings\smith~1~GRE\LOCALS~1 2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\documents and settings\smith~1~GRE 2009-10-28 12:58 . 2001-08-08 15:45 2641973 ----a-w- c:\windows\system32\opapi11.dll 2009-10-28 12:58 . 2009-10-28 13:00 -------- d-----w- c:\program files\Canon 2009-10-28 12:56 . 1998-10-12 22:13 97280 ----a-w- c:\windows\system32\opshel32.dll 2009-10-28 12:56 . 1998-10-16 13:45 44032 ----a-w- c:\windows\OP9Deins.exe 2009-10-28 12:56 . 1998-10-12 22:08 299520 ----a-w- c:\windows\Uninsop9.exe 2009-10-28 12:56 . 2009-10-28 12:57 -------- d-----w- c:\program files\Common Files\Caere 2009-10-28 12:56 . 2009-10-28 12:56 -------- d-----w- c:\windows\Pixtran 2009-10-28 12:56 . 2009-10-28 12:56 -------- d-----w- c:\program files\Caere 2009-10-28 12:55 . 1997-04-09 00:08 299520 ----a-w- c:\windows\uninst.exe 2009-10-28 12:52 . 2001-04-11 11:10 327740 ----a-r- c:\windows\system32\UCS32P.DLL 2009-10-28 12:52 . 2001-09-28 00:31 729088 ----a-r- c:\windows\system32\D125UAG.DLL 2009-10-28 12:52 . 2001-12-26 01:13 487424 ----a-r- c:\windows\system32\D125UFW.dll 2009-10-28 12:52 . 2001-12-01 00:56 28720 ----a-r- c:\windows\system32\SG63CPL.DLL 2009-10-28 12:52 . 2001-12-01 00:55 102400 ----a-r- c:\windows\system32\D125UUD.DLL 2009-10-28 12:52 . 2008-04-13 15:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-10-28 12:52 . 2008-04-13 15:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2009-10-27 12:30 . 2009-10-28 13:34 -------- d-----w- c:\windows\system32\Adobe 2009-10-27 12:30 . 2001-10-26 21:16 16384 ----a-w- c:\windows\system32\FileOps.exe 2009-10-27 01:50 . 2009-10-28 13:41 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\gtk-2.0 2009-10-27 01:50 . 2009-10-27 01:50 -------- d-----w- c:\documents and settings\smith.BBS\.thumbnails 2009-10-27 01:48 . 2009-10-29 11:52 -------- d-----w- c:\documents and settings\smith.BBS\.gimp-2.6 2009-10-26 23:18 . 2009-10-26 23:19 -------- d-----w- c:\program files\Pencil 2009-10-26 23:12 . 2009-10-26 23:12 -------- d-----w- c:\program files\Kompozer 2009-10-26 17:53 . 2009-10-26 17:53 -------- d-----w- c:\windows\Sun 2009-10-26 17:09 . 2008-04-13 15:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-10-26 17:09 . 2008-04-13 15:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-10-26 16:32 . 2009-10-26 16:32 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\Xerox 2009-10-26 11:04 . 2009-10-26 11:04 -------- d-----w- c:\program files\GIMP-2.0 2009-10-26 11:03 . 2009-10-26 11:03 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\KompoZer 2009-10-26 11:02 . 2009-10-26 11:02 -------- d-----w- c:\program files\Audacity 2009-10-26 11:01 . 2009-10-26 11:01 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Plus 2009-10-26 00:32 . 2009-10-26 00:33 -------- d-----w- c:\documents and settings\smith.BBS\Local Settings\Application Data\Thunderbird 2009-10-26 00:32 . 2009-10-26 00:32 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\Thunderbird 2009-10-26 00:32 . 2009-11-06 00:33 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-10-26 00:28 . 2008-04-13 15:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys 2009-10-26 00:26 . 2009-08-11 00:06 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2009-10-26 00:26 . 2009-05-13 21:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2009-10-26 00:23 . 2009-10-26 00:23 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\Sunbelt 2009-10-26 00:23 . 2009-10-26 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2009-10-26 00:22 . 2009-07-15 13:17 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys 2009-10-26 00:21 . 2009-10-26 00:21 -------- d-----w- c:\program files\Sunbelt Software 2009-10-25 22:44 . 2008-12-04 05:25 120832 ----a-w- c:\documents and settings\smith.BBS\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-10-22 00:54 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-10-22 00:48 . 2009-10-22 00:48 -------- d-----w- c:\documents and settings\smith.BBS\Local Settings\Application Data\Identities . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 02:39 . 2009-11-08 02:39 0 ---ha-w- c:\windows\system32\BIT6.tmp 2009-11-07 21:41 . 2009-08-23 17:28 1 ----a-w- c:\documents and settings\smith.BBS\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-10-28 21:42 . 2008-09-01 06:11 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-27 12:28 . 2008-09-01 06:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-26 00:18 . 2009-08-23 16:34 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-26 00:18 . 2009-08-23 16:34 -------- d-----w- c:\program files\Symantec 2009-10-26 00:18 . 2009-08-23 16:34 -------- d-----w- c:\program files\Symantec AntiVirus 2009-10-26 00:18 . 2009-08-23 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-17 16:01 . 2009-09-17 16:01 1245184 ----a-w- c:\windows\system32\SmartDocCameraIM.dll 2009-09-11 14:18 . 2006-04-30 06:55 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-07 18:02 . 2009-09-07 18:02 27944 ----a-w- c:\windows\system32\sbbd.exe 2009-09-04 21:03 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2006-04-30 06:56 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2006-04-30 06:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-26 02:24 . 2009-08-26 02:24 152576 ----a-w- c:\documents and settings\smith.BBS\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-23 16:31 . 2009-08-23 16:31 1 ----a-w- c:\documents and settings\halem.BBS\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-22 08:39 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-22 06:43 . 2009-08-22 06:43 0 ----a-w- c:\windows\nsreg.dat 2009-08-21 19:15 . 2008-09-01 06:31 71392 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"="c:\littlebopeep\littlebopeep.exe" [2009-09-10 1312080] c:\documents and settings\halem.BBS\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceStartMenuLogOff"= 1 (0x1) "NoSimpleStartMenu"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2007-07-05 21:52 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SMART Technologies\\SMART Notebook\\TSCC.exe"= "c:\\Program Files\\Common Files\\Lenovo\\Scheduler\\tvtsched.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiadap.exe"= "c:\\Program Files\\ThinkPad\\ConnectUtilities\\SvcGuiHlpr.exe"= "c:\\Program Files\\ThinkPad\\ConnectUtilities\\AcSvc.exe"= R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [5/24/2006 1:48 PM 10240] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/25/2009 7:26 PM 13360] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/5/2009 2:58 PM 93872] R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [10/25/2009 7:22 PM 203056] R2 FlipShare Service;FlipShare Service;c:\program files\Flip Video\FlipShare\FlipShareService.exe [6/4/2009 4:41 PM 451904] R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [5/10/2007 9:22 PM 54832] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/25/2009 7:26 PM 69936] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 5:59 PM 30336] S2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [9/7/2009 1:02 PM 1012040] S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe --> c:\windows\system32\FpLogonServ.exe [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBR *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aesoponline.com/login2.asp FF - ProfilePath - c:\documents and settings\smith.BBS\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - HKLM-Run-losodijag - c:\windows\system32\wesokaru.dll SharedTaskScheduler-{fdece796-611a-4bdc-823f-7a6bbef1d9f8} - c:\windows\system32\wesokaru.dll SSODL-sosagamin-{fdece796-611a-4bdc-823f-7a6bbef1d9f8} - c:\windows\system32\wesokaru.dll Notify-NavLogon - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 23:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1356) c:\windows\system32\wesokaru.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\Lenovo\HOTKEY\tphklock.dll - - - - - - - > 'lsass.exe'(1424) c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll - - - - - - - > 'explorer.exe'(2512) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . Completion time: 2009-11-08 23:08 ComboFix-quarantined-files.txt 2009-11-08 04:08 Pre-Run: 114,541,600,768 bytes free Post-Run: 114,301,726,720 bytes free - - End Of File - - 2F9E7D158B54C18839B0C31A281BAE4F Here's the log file from a second run through with Combofix: |
|
|
|
|
Nov 7 2009, 10:32 PM
Post
#8
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
1. Please open Notepad
2. Now copy/paste the entire content of the codebox below into the Notepad window: CODE http://www.geekstogo.com/forum/Personal-Guard-2009-Need-assistance-to-remove-t257844.html&view=findpost&p=1679752#entry1679752 KillAll:: Collect:: c:\windows\system32\wesokaru.dll 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.  5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
**Note** When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
Note:: If Combofix fails to upload the file, please find C:\Qoobox\Quarantined Files\Submit(Time and date here).zip and upload it at this site |
|
|
|
|
Nov 7 2009, 10:57 PM
Post
#9
|
|
|
New Member Posts: 9 OS: XP Pro, w SP3 |
Fenzodahl512,
Below is the log file from the 3rd running of Combofix, using the script commands from your last message. I'll submit this log file & will run OTL again & submit that log in a few minutes. Thanks. ComboFix 09-11-07.02 - smith 11/07/2009 23:40.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2623 [GMT -5:00] Running from: c:\documents and settings\smith.BBS\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\smith.BBS\Desktop\CFScript.txt file zipped: c:\windows\system32\wesokaru.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\wesokaru.dll . ((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 ))))))))))))))))))))))))))))))) . 2009-11-08 02:38 . 2009-11-08 02:38 -------- d-----w- C:\_OTL 2009-11-07 19:54 . 2009-11-08 02:42 -------- d-----w- C:\littlebopeep 2009-11-07 19:43 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-07 19:43 . 2009-11-07 19:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-07 19:43 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-07 19:41 . 2009-11-07 19:41 -------- d-----w- c:\program files\ERUNT 2009-11-07 18:43 . 2009-11-07 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-06 13:53 . 2009-11-06 13:53 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\Malwarebytes 2009-11-06 00:53 . 2003-02-15 00:14 110592 ----a-w- c:\windows\system32\tsccvid.dll 2009-11-06 00:52 . 2009-11-06 00:53 -------- d-----w- c:\program files\Common Files\SMART Technologies 2009-11-06 00:52 . 2009-11-06 00:52 -------- d-----w- c:\program files\SMART Technologies 2009-11-06 00:52 . 2009-11-06 00:52 -------- d-----w- c:\documents and settings\smith.BBS\Local Settings\Application Data\Downloaded Installations 2009-10-30 18:29 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-10-30 18:29 . 2008-04-13 21:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-10-29 01:31 . 2009-10-29 01:31 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\XnView 2009-10-29 01:30 . 2009-10-29 01:31 -------- d-----w- c:\program files\XnView 2009-10-28 20:49 . 2009-10-28 20:49 -------- d-----w- c:\windows\system32\QuickTime 2009-10-28 20:49 . 2009-10-28 20:49 -------- d-----w- c:\program files\3ivx 2009-10-28 20:49 . 2009-10-28 20:49 -------- d-----w- c:\program files\Flip Video 2009-10-28 20:49 . 2009-10-28 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Flip Video 2009-10-28 13:12 . 2009-10-28 13:12 -------- d-----w- c:\program files\ArcSoft 2009-10-28 13:12 . 1995-07-31 17:44 212480 ----a-w- c:\windows\PCDLIB32.DLL 2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\documents and settings\smith~1~GRE\LOCALS~1 2009-10-28 13:01 . 2009-10-28 13:01 -------- d-----w- c:\documents and settings\smith~1~GRE 2009-10-28 12:58 . 2001-08-08 15:45 2641973 ----a-w- c:\windows\system32\opapi11.dll 2009-10-28 12:58 . 2009-10-28 13:00 -------- d-----w- c:\program files\Canon 2009-10-28 12:56 . 1998-10-12 22:13 97280 ----a-w- c:\windows\system32\opshel32.dll 2009-10-28 12:56 . 1998-10-16 13:45 44032 ----a-w- c:\windows\OP9Deins.exe 2009-10-28 12:56 . 1998-10-12 22:08 299520 ----a-w- c:\windows\Uninsop9.exe 2009-10-28 12:56 . 2009-10-28 12:57 -------- d-----w- c:\program files\Common Files\Caere 2009-10-28 12:56 . 2009-10-28 12:56 -------- d-----w- c:\windows\Pixtran 2009-10-28 12:56 . 2009-10-28 12:56 -------- d-----w- c:\program files\Caere 2009-10-28 12:55 . 1997-04-09 00:08 299520 ----a-w- c:\windows\uninst.exe 2009-10-28 12:52 . 2001-04-11 11:10 327740 ----a-r- c:\windows\system32\UCS32P.DLL 2009-10-28 12:52 . 2001-09-28 00:31 729088 ----a-r- c:\windows\system32\D125UAG.DLL 2009-10-28 12:52 . 2001-12-26 01:13 487424 ----a-r- c:\windows\system32\D125UFW.dll 2009-10-28 12:52 . 2001-12-01 00:56 28720 ----a-r- c:\windows\system32\SG63CPL.DLL 2009-10-28 12:52 . 2001-12-01 00:55 102400 ----a-r- c:\windows\system32\D125UUD.DLL 2009-10-28 12:52 . 2008-04-13 15:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-10-28 12:52 . 2008-04-13 15:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys 2009-10-27 12:30 . 2009-10-28 13:34 -------- d-----w- c:\windows\system32\Adobe 2009-10-27 12:30 . 2001-10-26 21:16 16384 ----a-w- c:\windows\system32\FileOps.exe 2009-10-27 01:50 . 2009-10-28 13:41 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\gtk-2.0 2009-10-27 01:50 . 2009-10-27 01:50 -------- d-----w- c:\documents and settings\smith.BBS\.thumbnails 2009-10-27 01:48 . 2009-10-29 11:52 -------- d-----w- c:\documents and settings\smith.BBS\.gimp-2.6 2009-10-26 23:18 . 2009-10-26 23:19 -------- d-----w- c:\program files\Pencil 2009-10-26 23:12 . 2009-10-26 23:12 -------- d-----w- c:\program files\Kompozer 2009-10-26 17:53 . 2009-10-26 17:53 -------- d-----w- c:\windows\Sun 2009-10-26 17:09 . 2008-04-13 15:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-10-26 17:09 . 2008-04-13 15:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-10-26 16:32 . 2009-10-26 16:32 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\Xerox 2009-10-26 11:04 . 2009-10-26 11:04 -------- d-----w- c:\program files\GIMP-2.0 2009-10-26 11:03 . 2009-10-26 11:03 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\KompoZer 2009-10-26 11:02 . 2009-10-26 11:02 -------- d-----w- c:\program files\Audacity 2009-10-26 11:01 . 2009-10-26 11:01 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Plus 2009-10-26 00:32 . 2009-10-26 00:33 -------- d-----w- c:\documents and settings\smith.BBS\Local Settings\Application Data\Thunderbird 2009-10-26 00:32 . 2009-10-26 00:32 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\Thunderbird 2009-10-26 00:32 . 2009-11-06 00:33 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-10-26 00:28 . 2008-04-13 15:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys 2009-10-26 00:26 . 2009-08-11 00:06 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2009-10-26 00:26 . 2009-05-13 21:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2009-10-26 00:23 . 2009-10-26 00:23 -------- d-----w- c:\documents and settings\smith.BBS\Application Data\Sunbelt 2009-10-26 00:23 . 2009-10-26 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt 2009-10-26 00:22 . 2009-07-15 13:17 203056 ----a-w- c:\windows\system32\drivers\sbtis.sys 2009-10-26 00:21 . 2009-10-26 00:21 -------- d-----w- c:\program files\Sunbelt Software 2009-10-25 22:44 . 2008-12-04 05:25 120832 ----a-w- c:\documents and settings\smith.BBS\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-10-22 00:54 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-10-22 00:48 . 2009-10-22 00:48 -------- d-----w- c:\documents and settings\smith.BBS\Local Settings\Application Data\Identities . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-08 02:39 . 2009-11-08 02:39 0 ---ha-w- c:\windows\system32\BIT6.tmp 2009-11-07 21:41 . 2009-08-23 17:28 1 ----a-w- c:\documents and settings\smith.BBS\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-10-28 21:42 . 2008-09-01 06:11 -------- d-----w- c:\program files\Common Files\Adobe 2009-10-27 12:28 . 2008-09-01 06:01 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-26 00:18 . 2009-08-23 16:34 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-26 00:18 . 2009-08-23 16:34 -------- d-----w- c:\program files\Symantec 2009-10-26 00:18 . 2009-08-23 16:34 -------- d-----w- c:\program files\Symantec AntiVirus 2009-10-26 00:18 . 2009-08-23 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-17 16:01 . 2009-09-17 16:01 1245184 ----a-w- c:\windows\system32\SmartDocCameraIM.dll 2009-09-11 14:18 . 2006-04-30 06:55 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-07 18:02 . 2009-09-07 18:02 27944 ----a-w- c:\windows\system32\sbbd.exe 2009-09-04 21:03 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36 . 2006-04-30 06:56 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2006-04-30 06:55 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll 2009-08-26 08:00 . 2006-04-30 06:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-26 02:24 . 2009-08-26 02:24 152576 ----a-w- c:\documents and settings\smith.BBS\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-08-23 16:31 . 2009-08-23 16:31 1 ----a-w- c:\documents and settings\halem.BBS\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-08-22 08:39 . 2006-04-30 07:12 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-08-22 06:43 . 2009-08-22 06:43 0 ----a-w- c:\windows\nsreg.dat 2009-08-21 19:15 . 2008-09-01 06:31 71392 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . ((((((((((((((((((((((((((((( SnapShot@2009-11-08_04.05.09 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-08 04:44 . 2009-11-08 04:44 16384 c:\windows\temp\Perflib_Perfdata_520.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes Anti-Malware (reboot)"="c:\littlebopeep\littlebopeep.exe" [2009-09-10 1312080] c:\documents and settings\halem.BBS\Start Menu\Programs\Startup\ OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceStartMenuLogOff"= 1 (0x1) "NoSimpleStartMenu"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] 2007-07-05 21:52 32768 ----a-w- c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ACGina [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\SMART Technologies\\SMART Notebook\\TSCC.exe"= "c:\\Program Files\\Common Files\\Lenovo\\Scheduler\\tvtsched.exe"= "c:\\WINDOWS\\system32\\wbem\\wmiadap.exe"= "c:\\Program Files\\ThinkPad\\ConnectUtilities\\SvcGuiHlpr.exe"= "c:\\Program Files\\ThinkPad\\ConnectUtilities\\AcSvc.exe"= R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [5/24/2006 1:48 PM 10240] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [10/25/2009 7:26 PM 13360] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/5/2009 2:58 PM 93872] R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [10/25/2009 7:22 PM 203056] R2 FlipShare Service;FlipShare Service;c:\program files\Flip Video\FlipShare\FlipShareService.exe [6/4/2009 4:41 PM 451904] R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [5/10/2007 9:22 PM 54832] R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [9/7/2009 1:02 PM 1012040] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [10/25/2009 7:26 PM 69936] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 5:59 PM 30336] S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe --> c:\windows\system32\FpLogonServ.exe [?] --- Other Services/Drivers In Memory --- *Deregistered* - mbr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.aesoponline.com/login2.asp FF - ProfilePath - c:\documents and settings\smith.BBS\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-07 23:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1360) c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\Lenovo\HOTKEY\tphklock.dll - - - - - - - > 'lsass.exe'(1416) c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll - - - - - - - > 'explorer.exe'(2196) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Lenovo\PM Driver\PMSveH.exe c:\windows\system32\PSIService.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\windows\system32\wdfmgr.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\imapi.exe . ************************************************************************** . Completion time: 2009-11-08 23:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-08 04:51 ComboFix2.txt 2009-11-08 04:08 Pre-Run: 114,312,507,392 bytes free Post-Run: 114,265,944,064 bytes free - - End Of File - - 809328808A1B0DE88913950D8F274181 |
|
|
|
|
Nov 7 2009, 11:13 PM
Post
#10
|
|
|
New Member Posts: 9 OS: XP Pro, w SP3 |
Here's the OTL log:
OTL logfile created on: 11/7/2009 11:59:09 PM - Run 2 OTL by OldTimer - Version 3.1.4.0 Folder = C:\_bin\Malware fighting tools\GeeksToGo\Utilities Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 142.99 Gb Total Space | 106.45 Gb Free Space | 74.44% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BBS Current User Name: smith Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/07 14:19:38 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\_bin\Malware fighting tools\GeeksToGo\Utilities\OTL.exe PRC - [2009/09/07 13:02:36 | 01,012,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe PRC - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/06/04 16:41:22 | 00,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/08/03 18:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007/07/05 17:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2007/07/05 17:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2007/07/05 17:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe PRC - [2007/03/16 07:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe PRC - [2007/02/08 15:19:36 | 01,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2007/02/08 15:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2007/02/08 15:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2007/02/08 15:00:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe PRC - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006/11/02 22:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE PRC - [2006/10/12 02:28:48 | 01,134,592 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE PRC - [2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe PRC - [2004/08/04 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe ========== Modules (SafeList) ========== MOD - [2009/11/07 14:19:38 | 00,528,896 | ---- | M] (OldTimer Tools) -- C:\_bin\Malware fighting tools\GeeksToGo\Utilities\OTL.exe MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll ========== Win32 Services (SafeList) ========== SRV - File not found -- -- (FingerprintServer) SRV - [2009/09/07 13:02:36 | 01,012,040 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe -- (SBAMSvc) SRV - [2009/07/25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/06/04 16:41:22 | 00,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2008/07/29 23:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 21:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 21:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 13:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 13:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc) SRV - [2007/08/03 18:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007/07/05 17:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007/07/05 17:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC) SRV - [2007/03/16 07:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH) SRV - [2007/02/08 15:19:36 | 01,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007/02/08 15:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2007/02/08 15:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2006/11/08 15:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2006/11/08 15:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2006/11/02 22:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc) SRV - [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/10/06 20:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS) SRV - [2005/01/28 15:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf) ========== Driver Services (SafeList) ========== DRV - File not found -- -- (catchme) DRV - [2009/08/10 19:06:28 | 00,069,936 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs) DRV - [2009/08/05 14:58:40 | 00,093,872 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE) DRV - [2009/07/15 08:17:58 | 00,203,056 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis) DRV - [2009/05/13 16:30:46 | 00,013,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd) DRV - [2008/09/01 01:19:50 | 00,033,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2008/09/01 01:18:55 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/11/29 13:04:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2007/08/10 00:52:44 | 04,603,904 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007/06/16 23:29:08 | 00,146,824 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007/05/22 17:59:38 | 00,030,336 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2007/05/22 02:59:34 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2007/04/02 13:24:08 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2007/02/25 22:59:10 | 05,700,096 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/02/24 16:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/02/16 17:46:42 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007/02/08 14:30:28 | 00,017,664 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2007/02/02 06:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2007/01/23 19:03:28 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/01/23 18:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/06 03:23:24 | 00,012,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006/10/12 02:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/08/30 00:53:00 | 01,161,152 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/05/24 13:48:14 | 00,010,240 | ---- | M] (Lenovo ) -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler) DRV - [2006/05/19 00:24:20 | 00,193,088 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/11/08 11:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/03 17:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) DRV - [2001/08/17 07:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aesoponline.com/login2.asp IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/22 04:07:58 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/22 01:33:35 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 21:14:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 21:14:49 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/10/25 19:32:55 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/08/23 12:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BBS\Application Data\Mozilla\Extensions [2009/08/23 12:18:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BBS\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/11/07 14:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BBS\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\extensions [2009/08/23 12:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BBS\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/10/25 17:44:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\smith.BBS\Application Data\Mozilla\Firefox\Profiles\w9f19xhv.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2009/11/07 14:03:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009/11/07 21:14:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/25 21:25:31 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009/11/05 19:53:23 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262} [2009/11/07 21:14:42 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2009/11/07 21:14:42 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2009/11/07 21:14:46 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2006/10/23 01:24:32 | 00,091,768 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2009/10/29 16:08:54 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/10/29 16:08:54 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2009/10/29 16:08:54 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/10/29 16:08:54 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/10/29 16:08:54 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/10/29 16:08:54 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/10/29 16:08:54 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\littlebopeep\littlebopeep.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gbs.conval.edu O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll () O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/07 23:42:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp [2009/11/07 22:22:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009/11/07 22:12:41 | 00,000,000 | RHSD | C] -- C:\cmdcons [2009/11/07 22:11:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/11/07 22:11:21 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/11/07 22:11:21 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/11/07 22:11:21 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/11/07 22:08:42 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/11/07 21:38:14 | 00,000,000 | ---D | C] -- C:\_OTL [2009/11/07 14:54:03 | 00,000,000 | ---D | C] -- C:\littlebopeep [2009/11/07 14:43:36 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/07 14:43:34 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/11/07 14:43:34 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/11/07 14:41:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/11/07 14:41:02 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/11/07 14:12:11 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\smith.BBS\Desktop\TFC.exe [2009/11/07 13:43:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/11/06 08:53:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Application Data\Malwarebytes [2009/11/06 08:21:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2009/11/05 19:53:55 | 00,110,592 | ---- | C] (TechSmith Corporation) -- C:\WINDOWS\System32\tsccvid.dll [2009/11/05 19:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\SMART Technologies [2009/11/05 19:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies [2009/11/05 19:52:44 | 00,000,000 | ---D | C] -- C:\Config.Msi [2009/11/05 19:52:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Local Settings\Application Data\Downloaded Installations [2009/10/30 13:29:01 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2009/10/30 13:29:00 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2009/10/28 20:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Application Data\XnView [2009/10/28 20:30:56 | 00,000,000 | ---D | C] -- C:\Program Files\XnView [2009/10/28 15:49:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime [2009/10/28 15:49:38 | 00,000,000 | ---D | C] -- C:\Program Files\3ivx [2009/10/28 15:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\Flip Video [2009/10/28 15:49:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Flip Video [2009/10/28 08:12:12 | 00,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\PCDLIB32.DLL [2009/10/28 08:12:12 | 00,000,000 | ---D | C] -- C:\Program Files\ArcSoft [2009/10/28 07:58:51 | 02,641,973 | ---- | C] (CISRA) -- C:\WINDOWS\System32\opapi11.dll [2009/10/28 07:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Canon [2009/10/28 07:56:17 | 00,097,280 | ---- | C] (Caere Corporation) -- C:\WINDOWS\System32\opshel32.dll [2009/10/28 07:56:16 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\Uninsop9.exe [2009/10/28 07:56:16 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\OP9Deins.exe [2009/10/28 07:56:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\Pixtran [2009/10/28 07:56:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Caere [2009/10/28 07:56:00 | 00,000,000 | ---D | C] -- C:\Program Files\Caere [2009/10/28 07:55:19 | 00,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe [2009/10/28 07:52:54 | 00,327,740 | R--- | C] (Canon) -- C:\WINDOWS\System32\UCS32P.DLL [2009/10/28 07:52:52 | 00,729,088 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\D125UAG.DLL [2009/10/28 07:52:51 | 00,487,424 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\D125UFW.dll [2009/10/28 07:52:50 | 00,102,400 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\D125UUD.DLL [2009/10/28 07:52:50 | 00,028,720 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\SG63CPL.DLL [2009/10/28 07:52:46 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys [2009/10/28 07:52:46 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2009/10/27 07:30:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2009/10/26 20:50:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Application Data\gtk-2.0 [2009/10/26 20:50:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\.thumbnails [2009/10/26 20:48:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\.gimp-2.6 [2009/10/26 20:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\My Documents\gegl-0.0 [2009/10/26 18:18:51 | 00,000,000 | ---D | C] -- C:\Program Files\Pencil [2009/10/26 18:12:00 | 00,000,000 | ---D | C] -- C:\Program Files\Kompozer [2009/10/26 12:53:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun [2009/10/26 12:09:54 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kbdhid.sys [2009/10/26 12:09:54 | 00,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys [2009/10/26 11:32:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Application Data\Xerox [2009/10/26 06:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0 [2009/10/26 06:03:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Application Data\KompoZer [2009/10/26 06:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity [2009/10/26 06:01:43 | 00,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter 5 Plus [2009/10/26 06:01:21 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\smith.BBS\Recent [2009/10/26 05:59:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Desktop\Software waiting for install [2009/10/25 20:16:50 | 00,000,000 | R--D | C] -- C:\Documents and Settings\smith.BBS\Desktop\GBS Staff [2009/10/25 20:15:27 | 00,000,000 | R--D | C] -- C:\Documents and Settings\smith.BBS\Desktop\Students Folders [2009/10/25 20:10:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\My Documents\SMART Notebook [2009/10/25 20:10:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\My Documents\Password Corral Data [2009/10/25 20:09:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\smith.BBS\My Documents\My Videos [2009/10/25 20:00:09 | 00,000,000 | --SD | C] -- C:\Documents and Settings\smith.BBS\My Documents\My Data Sources [2009/10/25 20:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\My Documents\My Media [2009/10/25 20:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\My Documents\Inspiration Data [2009/10/25 20:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\My Documents\Cyberlink [2009/10/25 19:47:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\My Documents\_DATA [2009/10/25 19:32:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Local Settings\Application Data\Thunderbird [2009/10/25 19:32:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Application Data\Thunderbird [2009/10/25 19:32:45 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2009/10/25 19:28:33 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS [2009/10/25 19:28:33 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys [2009/10/25 19:26:10 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys [2009/10/25 19:26:10 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys [2009/10/25 19:23:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Application Data\Sunbelt [2009/10/25 19:23:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt [2009/10/25 19:22:01 | 00,203,056 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbtis.sys [2009/10/25 19:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software [2009/10/25 18:11:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\My Documents\Downloads [2009/10/21 19:54:38 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll [2009/10/21 19:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\My Documents\Updater5 [2009/10/21 19:48:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\smith.BBS\Local Settings\Application Data\Identities [2008/09/01 01:01:23 | 00,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [2008/09/01 01:01:23 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/07 23:49:16 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/11/07 23:49:16 | 00,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/11/07 23:49:16 | 00,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/11/07 23:46:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/11/07 23:46:00 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/11/07 23:45:03 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/07 23:44:36 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2009/11/07 23:44:23 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2009/11/07 23:44:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/07 23:44:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/11/07 23:44:12 | 32,111,86176 | -HS- | M] () -- C:\hiberfil.sys [2009/11/07 23:43:29 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\smith.BBS\NTUSER.DAT [2009/11/07 23:43:07 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\smith.BBS\ntuser.ini [2009/11/07 22:12:47 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2009/11/07 22:06:11 | 03,562,645 | R--- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\ComboFix.exe [2009/11/07 21:38:58 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\rowoyugo [2009/11/07 14:54:07 | 00,000,501 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/07 14:41:03 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\NTREGOPT.lnk [2009/11/07 14:41:03 | 00,000,599 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\ERUNT.lnk [2009/11/07 14:12:20 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\smith.BBS\Desktop\TFC.exe [2009/11/06 15:40:50 | 00,000,600 | ---- | M] () -- C:\WINDOWS\win.ini [2009/11/06 15:40:50 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/11/04 09:34:47 | 00,001,790 | -H-- | M] () -- C:\Documents and Settings\smith.BBS\My Documents\Default.rdp [2009/11/03 19:24:50 | 00,026,041 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\GBSStudent_Logins.csv [2009/11/02 13:50:05 | 00,000,022 | ---- | M] () -- C:\WINDOWS\OP70.INI [2009/10/30 14:11:59 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/29 14:16:26 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\Windows Media Player.lnk [2009/10/28 20:31:29 | 00,000,613 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\XnView.lnk [2009/10/28 16:44:56 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2009/10/28 15:49:36 | 00,000,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk [2009/10/28 08:12:27 | 00,000,021 | ---- | M] () -- C:\WINDOWS\phbase.ini [2009/10/28 08:01:56 | 03,643,228 | -H-- | M] () -- C:\Documents and Settings\smith.BBS\Local Settings\Application Data\IconCache.db [2009/10/28 07:59:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\OPPRIN~1.INI [2009/10/28 07:57:59 | 00,000,572 | ---- | M] () -- C:\WINDOWS\maxlink.ini [2009/10/27 19:08:15 | 00,009,619 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\draft_TechWeek.odt [2009/10/26 20:52:42 | 00,001,646 | ---- | M] () -- C:\Documents and Settings\smith.BBS\.recently-used.xbel [2009/10/26 18:19:17 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\Shortcut to LICENSE.lnk [2009/10/26 18:19:17 | 00,000,661 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\Pencil.lnk [2009/10/26 18:13:07 | 00,000,689 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\Kompozer.lnk [2009/10/26 11:32:57 | 00,000,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Xerox Support Centre.lnk [2009/10/26 09:04:55 | 00,000,993 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\ComputerLabs.lnk [2009/10/26 08:44:49 | 00,000,136 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\smith - Wireless MAC address [2009/10/26 06:05:25 | 00,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.6.lnk [2009/10/26 06:02:12 | 00,000,637 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\Audacity.lnk [2009/10/26 06:01:46 | 00,001,678 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\ScreenHunter 5.1 Plus.lnk [2009/10/25 20:16:06 | 00,000,461 | ---- | M] () -- C:\Documents and Settings\smith.BBS\Desktop\All Staff SCHEDULES.lnk [2009/10/25 19:32:47 | 00,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2009/10/25 19:21:58 | 00,001,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk [2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe [2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll [2009/10/20 23:08:54 | 03,598,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/07 22:12:47 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2009/11/07 22:12:43 | 00,260,272 | ---- | C] () -- C:\cmldr [2009/11/07 22:11:21 | 00,267,264 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/11/07 22:11:21 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/11/07 22:11:21 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/11/07 22:11:21 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2009/11/07 22:11:21 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/11/07 22:08:13 | 03,562,645 | R--- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\ComboFix.exe [2009/11/07 14:43:39 | 00,000,501 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/11/07 14:41:03 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\NTREGOPT.lnk [2009/11/07 14:41:03 | 00,000,599 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\ERUNT.lnk [2009/11/03 19:24:50 | 00,026,041 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\GBSStudent_Logins.csv [2009/10/28 20:31:04 | 00,000,613 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\XnView.lnk [2009/10/28 16:44:56 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk [2009/10/28 15:49:36 | 00,000,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlipShare.lnk [2009/10/28 08:12:27 | 00,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini [2009/10/28 08:12:14 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini [2009/10/28 08:01:48 | 00,000,623 | R--- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\Scanner Registration.URL [2009/10/28 07:59:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI [2009/10/28 07:58:52 | 00,074,665 | ---- | C] () -- C:\WINDOWS\System32\openpage.msg [2009/10/28 07:57:59 | 00,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009/10/28 07:56:38 | 00,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI [2009/10/28 07:52:53 | 00,393,225 | R--- | C] () -- C:\WINDOWS\System32\D125UFWF.PLG [2009/10/28 07:52:53 | 00,393,225 | R--- | C] () -- C:\WINDOWS\System32\D125UFW1.PLG [2009/10/28 07:52:52 | 00,393,225 | R--- | C] () -- C:\WINDOWS\System32\D125UFWB.PLG [2009/10/28 07:52:52 | 00,008,575 | R--- | C] () -- C:\WINDOWS\System32\D125UFW.INI [2009/10/27 19:08:15 | 00,009,619 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\draft_TechWeek.odt [2009/10/27 07:30:59 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe [2009/10/26 20:52:42 | 00,001,646 | ---- | C] () -- C:\Documents and Settings\smith.BBS\.recently-used.xbel [2009/10/26 20:41:29 | 00,026,624 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/26 18:19:17 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\Shortcut to LICENSE.lnk [2009/10/26 18:19:17 | 00,000,661 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\Pencil.lnk [2009/10/26 18:13:07 | 00,000,689 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\Kompozer.lnk [2009/10/26 11:32:57 | 00,000,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Xerox Support Centre.lnk [2009/10/26 09:04:55 | 00,000,993 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\ComputerLabs.lnk [2009/10/26 08:44:49 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\smith - Wireless MAC address [2009/10/26 06:05:25 | 00,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GIMP 2.6.lnk [2009/10/26 06:02:12 | 00,000,637 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\Audacity.lnk [2009/10/26 06:01:46 | 00,001,678 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\ScreenHunter 5.1 Plus.lnk [2009/10/25 20:16:06 | 00,000,461 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Desktop\All Staff SCHEDULES.lnk [2009/10/25 20:10:07 | 00,048,724 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\MAP_Results_9-17.pdf [2009/10/25 20:10:07 | 00,022,868 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\AUP update.odt [2009/10/25 20:10:07 | 00,018,878 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\2015_Portfolio Matrix.odt [2009/10/25 20:10:07 | 00,018,421 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\2014_Portfolio Matrix.odt [2009/10/25 20:10:07 | 00,018,396 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\2016_Portfolio Matrix.odt [2009/10/25 20:10:07 | 00,016,594 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\2017_Portfolio Matrix.odt [2009/10/25 20:10:07 | 00,014,789 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\MAP_Results_9-17.ods [2009/10/25 20:10:07 | 00,001,790 | -H-- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\Default.rdp [2009/10/25 20:10:07 | 00,001,399 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\09-10 Daily Sheets Data0.odb [2009/10/25 20:10:07 | 00,001,397 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\09-10_AUP Checklist_Graph0.odb [2009/10/25 20:10:07 | 00,001,393 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\StudentList_09-100.odb [2009/10/25 20:10:07 | 00,001,384 | ---- | C] () -- C:\Documents and Settings\smith.BBS\My Documents\Days_Dates0.odb [2009/10/25 19:32:47 | 00,001,675 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk [2009/10/25 19:21:58 | 00,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VIPRE.lnk [2009/09/07 13:38:44 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/08/23 12:17:15 | 03,643,228 | -H-- | C] () -- C:\Documents and Settings\smith.BBS\Local Settings\Application Data\IconCache.db [2009/08/23 12:17:15 | 00,077,864 | ---- | C] () -- C:\Documents and Settings\smith.BBS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2009/08/23 12:17:15 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\smith.BBS\Application Data\desktop.ini [2008/09/01 01:35:33 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/09/01 01:18:26 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2008/09/01 01:13:52 | 01,398,352 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe [2008/09/01 01:09:10 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/09/01 01:09:10 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/09/01 01:09:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/09/01 01:09:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/09/01 01:09:10 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/09/01 01:09:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/09/01 01:04:16 | 00,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2008/09/01 01:04:16 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll [2008/09/01 01:04:04 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2008/09/01 01:04:04 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2008/09/01 01:03:07 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2008/09/01 01:02:07 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2008/09/01 01:01:24 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2008/09/01 01:01:23 | 09,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2008/03/14 00:53:22 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll [2008/02/19 01:33:34 | 00,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2007/08/16 05:28:38 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2007/08/16 05:28:27 | 00,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI [2007/03/15 12:47:48 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll [2007/02/09 14:54:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/06/29 16:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 16:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/04/30 01:56:08 | 00,000,600 | ---- | C] () -- C:\WINDOWS\win.ini [2006/04/30 01:56:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2006/04/29 19:04:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2006/04/18 17:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 17:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont < End of report > |
|
|
|
|
Nov 7 2009, 11:31 PM
Post
#11
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
How's the computer now? |
|
|
|
|
Nov 8 2009, 06:06 AM
Post
#12
|
|
|
New Member Posts: 9 OS: XP Pro, w SP3 |
Thanks.
As of right now the system is much improved and appears to be running fine (no nasty/annoying pops-ups or slow downs). Thanks for all of your assistance. The instructions & tools have been great & appear to be resolving the issue! I'll run ESET scanner & will post the results. |
|
|
|
|
Nov 8 2009, 07:02 AM
Post
#13
|
|
|
New Member Posts: 9 OS: XP Pro, w SP3 |
Here are the results of the ESET scan:
C:\Qoobox\Quarantine\C\Program Files\Personal Guard 2009\uninstalls.exe.vir a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP49\A0011304.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP49\A0011311.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP49\A0011361.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP50\A0011376.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP50\A0011396.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP52\A0011436.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP52\A0011459.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP52\A0011496.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP52\A0011521.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP52\A0011553.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP52\A0011586.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP52\A0011605.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0011653.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0011678.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0011693.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0011771.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP53\A0011777.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP54\A0011790.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP54\A0011796.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP54\A0011819.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP54\A0011842.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP54\A0011861.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP54\A0011899.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP54\A0011944.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP54\A0011953.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP54\A0011982.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\11072009_213814\C_Documents and Settings\All Users\Microsoft AData\sysnet.dll a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined C:\_OTL\MovedFiles\11072009_213814\C_WINDOWS\system32\winsc.exe a variant of Win32/Kryptik.BAC trojan cleaned by deleting - quarantined |
|
|
|
|
Nov 8 2009, 11:07 AM
Post
#14
|
|
|
Trusted Helper Posts: 9,275 OS: Windows XP |
Looks good to me.. Lets do some cleanup...
Please download OTC and save it to Desktop.
Please read these excellent articles write by my friends: Preventing Malware and Safe Computing by Rorschach112 What makes your machine slow? by Artellos Also, please read these excellent articles by miekiemoes : Help! My computer is slow! How to prevent Malware Read these great info's about safe internet surfing.. http://www.pcpitstop.com/spycheck/safesurfing.asp http://bluefive.pair.com/practice_safe_surfing.htm Please reply to this thread once more and tell us about the computer behaviour before we can close this thread Have a safe and happy computing day! Regards fenzodahl512 |
|
|
|
|
Nov 8 2009, 09:06 PM
Post
#15
|
|
|
New Member Posts: 9 OS: XP Pro, w SP3 |
Fenzodahl512,
I just ran the OTL Cleanup process & I've rebooted the system and things appear to be working normally. No sign of malware. Thanks for your assistance and support. I'll read through the articles you provided in your last post as the subject material is of particular interest given this latest unpleasant encounter with malware. Thanks for the service that you and all of the other volunteers at Geeks To Go provide!! |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
8 / 13,356 | 8th July 2005 - 02:11 PM chezor started - last by Trevuren |
|||||
 |
24 / 6,074 | 20th December 2008 - 01:40 AM shilpa started - last by Jimmy2012 |
|||||
|
16 / 307 | 3rd November 2009 - 09:15 PM JuliaP started - last by kahdah |
|||||
|
4 / 208 | 3rd November 2009 - 03:40 PM Psychoblue started - last by NeonFx |
|||||
|
Time is now: 21st November 2009 - 12:09 AM |
Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising