DDS (Ver_09-02-01.01) - NTFSx86 Run by Jeffrey Ormsbee at 21:41:58.81 on Sun 02/15/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.264 [GMT -6:00] AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\Program Files\Common Files\Virtual Token\vtserver.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\program files\lenovo\system update\suservice.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\TPHDEXLG.EXE C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\OpenCase\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\umonit.exe C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\FotomatDeviceConnect.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Google\Google Updater\2.4.1487.6512\GoogleUpdaterInstallMgr.exe C:\Documents and Settings\All Users\Application Data\Google Updater\cache\packdata_ci_real_11.0.0.446_en_setup.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Jeffrey Ormsbee\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch uInternet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;*.prod.untd.com;;*.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\nzsearch\SearchEnh1.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Popup-Blocker Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\x1IEBHO.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.8.0\ViewBarBHO.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\Toolbar.dll TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.8.0\IEViewBar.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll uRun: [Active Desktop Calendar] c:\program files\xemicomputers\active desktop calendar\ADC.exe uRun: [Aim6] uRun: [spc_w] "c:\program files\nzsearch\nzspc.exe" -w uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" uRun: [amsg] c:\program files\thinkvantage\amsg\Amsg.exe mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [TpShocks] TpShocks.exe mRun: [TP4EX] tp4ex.exe mRun: [ControlCenter] "c:\program files\thinkvantage fingerprint software\ctlcntr.exe" /startup mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [cssauth] "c:\program files\ibm thinkvantage\client security solution\cssauth.exe" silent mRun: [PDService.exe] "c:\program files\ibm thinkvantage\safeguard privatedisk\pdservice.exe" mRun: [QCWLICON] c:\program files\thinkpad\connectutilities\QCWLICON.EXE mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper mRun: [IBM Warranty Notification] "c:\program files\ibm\acp\erts0749\ERTS0749.exe /nointro" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [Amazing3DAquariumWallpaper] mRun: [EleFunAnimatedWallpaper] "c:\program files\elefun multimedia\halley's comet wallpaper\Halley's Comet.exe" DO_NOT_START mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe" mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [vptray] c:\progra~1\symant~1\VPTray.exe mRun: [UMonit] c:\windows\system32\umonit.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [QCTray] c:\progra~1\thinkpad\connec~1\QCTray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe dRun: [iLike] c:\program files\ilike\1.2.11\ilikesidebar.exe /checkforupdate StartupFolder: c:\docume~1\jeffre~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\windows\installer\{0cd3bb5c-bbca-11d2-8c20-00c04fbbcff9}\A94AAB13.exe IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228 IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {4B48D5DF-9021-45F7-A240-60304302A215} - hxxp://download.microsoft.com/download/5/c/2/5c2fc4b7-3875-4eec-946b-ffe15472cabc/WebCleaner.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220568028375 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Notify: AtiExtEvent - Ati2evxx.dll Notify: NavLogon - c:\windows\system32\NavLogon.dll Notify: psfus - c:\program files\thinkvantage fingerprint software\psfus.dll Notify: QConGina - QConGina.dll Notify: tpfnf2 - notifyf2.dll Notify: tphotkey - tphklock.dll AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli csspwntfy ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jeffre~1\applic~1\mozilla\firefox\profiles\3x8qxetz.default\ FF - prefs.js: browser.startup.homepage - hxxp://freerice.com/ FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\jeffrey ormsbee\application data\mozilla\firefox\profiles\3x8qxetz.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint_.dll FF - plugin: c:\program files\picasa2\npPicasa2.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-12 64160] R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2006-7-14 59904] R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2006-7-14 11520] R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2006-7-14 2432] R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592] R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968] R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2006-7-14 4736] R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2005-8-2 13184] R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-6-28 46142] R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-8-2 3968] R2 SmiHlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-7-12 3328] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090208.016\naveng.sys [2009-2-8 89104] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090208.016\navex15.sys [2009-2-8 876112] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-27 99376] S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2008-1-6 6016] S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2006-7-14 12288] =============== Created Last 30 ================ 2009-02-15 21:42 --d----- c:\program files\common files\xing shared 2009-02-15 20:39 81,288 a------- c:\windows\system32\drivers\iksyssec.sys 2009-02-15 20:39 66,952 a------- c:\windows\system32\drivers\iksysflt.sys 2009-02-15 20:39 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys 2009-02-15 20:39 29,576 a------- c:\windows\system32\drivers\kcom.sys 2009-02-15 20:38 --d----- c:\program files\Spyware Doctor 2009-02-15 20:38 --d----- c:\docume~1\jeffre~1\applic~1\PC Tools 2009-02-15 20:17 --d----- c:\windows\pss 2009-02-15 19:53 --d----- c:\program files\Trend Micro 2009-02-13 09:52 46,640 a------- c:\windows\system32\msln.exe 2009-02-13 09:07 15,688 a------- c:\windows\system32\lsdelete.exe 2009-02-12 19:31 -cd----- c:\docume~1\alluse~1\applic~1\avg8 2009-02-12 19:31 --d----- c:\program files\AVG 2009-02-12 18:48 64,160 a------- c:\windows\system32\drivers\Lbd.sys 2009-02-12 18:40 -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800} 2009-02-12 18:39 --d----- c:\program files\Lavasoft 2009-02-12 18:27 --d----- c:\docume~1\jeffre~1\applic~1\Malwarebytes 2009-02-12 18:27 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-02-12 18:27 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-12 18:27 -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-02-12 18:27 --d----- c:\program files\Malwarebytes' Anti-Malware 2009-02-12 18:27 90,624 a------- c:\windows\system32\GradientButtonS.ocx 2009-02-12 18:27 --d----- c:\program files\KleinSoft 2009-02-08 00:16 398 -c-shr-- C:\autorun.inf 2009-01-27 19:16 -cd----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-20 23:04 --d----- c:\program files\iLike ==================== Find3M ==================== 2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll 2008-12-12 11:42 410,984 a------- c:\windows\system32\deploytk.dll 2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys 2008-11-26 09:17 249,856 -------- c:\windows\Setup1.exe 2008-11-26 09:17 73,216 a------- c:\windows\ST6UNST.EXE 2006-12-30 19:55 194,376 ac------ c:\docume~1\jeffre~1\applic~1\shb.dat 2006-09-05 08:26 644 ac------ c:\program files\Go4.lnk 2008-09-04 23:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090520080906\index.dat ============= FINISH: 21:46:51.87 ===============