Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Had Vundo and other viruses, system still infected, please help! [

Started by rufusfonzarelli , Mar 31 2009 08:01 PM

  • This topic is locked This topic is locked

#1
rufusfonzarelli
Posted 31 March 2009 - 08:01 PM

rufusfonzarelli

    Member

  • Member
  • PipPip
  • 13 posts
I got a virus from a friend, sent over GChat. It was a link for a hilarious video. I clicked. I ran Malwarebytes AntiMalware free service and SuprAnti-Spyware free service. I also tried to run Norton, but the virus blocks updates. It says that it updates, but it clearly doesn't. I found several infected viruses, Vundo was the one that kept appearing. Then I tried Microsoft Windows Live OneCare and it found a single spyware file and 87 that it couldn't scan. System is still infected.

Here is the HJT scan results, please help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:21 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/All%20Users/HomePageFiles/starthere.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.barackobama.com/index.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: CabCCT - https://ondemand.app...Ctrl_Apptix.cab
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.c...pport/acpir.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1213276585406
O17 - HKLM\System\CCS\Services\Tcpip\..\{104AFAF0-C4A4-489C-B2D0-7E24D4E50035}: NameServer = 216.163.32.51,216.163.32.52
O20 - AppInit_DLLs: C:\WINDOWS\system32\vetukuta.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11066 bytes
  • 0

Advertisements

#2
heir
Posted 06 April 2009 - 02:24 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hello rufusfonzarelli !

Welcome to the site! :) My nickname is heir and I'll be helping clean up your computer. :)

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:
  • To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
  • Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
  • NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
  • Make sure you reply to this thread using the Add Reply button: Posted Image

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.


Step 1.
OTL-scan:

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 2.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 3.
Things I would like to see in your reply:

  • The content of OTListIt.txt and Extras.txt from step 1.
  • The content of C:\lopR.txt from step 2.

  • 0

#3
rufusfonzarelli
Posted 06 April 2009 - 03:43 PM

rufusfonzarelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the OTList
OTListIt logfile created on: 4/1/2009 8:52:50 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Local User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.81% Memory free
3.33 Gb Paging File | 2.66 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.62 Gb Total Space | 33.69 Gb Free Space | 49.82% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CFC-L3BK221
Current User Name: Local User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\TPHDEXLG.exe (Lenovo.)
PRC - C:\WINDOWS\system32\TpKmpSVC.exe ()
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
PRC - c:\program files\lenovo\system update\suservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Local User\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IPSSVC [Auto | Running]) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (msfwsvc [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
SRV - (OcHealthMon [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (OneCareMP [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (RampartSvc [On_Demand | Stopped]) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SUService [Auto | Running]) -- c:\program files\lenovo\system update\suservice.exe (Lenovo Group Limited)
SRV - (Symantec AntiVirus [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (ThinkVantage Registry Monitor Service [Auto | Running]) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TPHDEXLGSVC [Auto | Running]) -- C:\WINDOWS\System32\TPHDEXLG.exe (Lenovo.)
SRV - (TpKmpSVC [Auto | Running]) -- C:\WINDOWS\system32\TpKmpSVC.exe ()
SRV - (TVT Scheduler [Auto | Running]) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (winss [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Cisco Systems, Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\CHDAudN.sys (Conexant Systems Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys (Lenovo.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MpFilter [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (MSFWDrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\msfwdrv.sys (Microsoft Corporation)
DRV - (MSFWHLPR [System | Running]) -- C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090109.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090109.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NETw4x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel Corporation)
DRV - (PROCDD [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\PROCDD.SYS (Lenovo Group Limited)
DRV - (psadd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\psadd.sys (Lenovo (United States) Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RCFOX [System | Running]) -- C:\WINDOWS\system32\Drivers\RCFOX.sys (SonicWALL, Inc.)
DRV - (rcvpn [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rcvpn.sys (SonicWALL, Inc.)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Shockprf [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (Tp4Track [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tp4track.sys (Lenovo Group Limited)
DRV - (TPDIGIMN [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (TPHKDRV [System | Running]) -- C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys (Lenovo Group Limited)
DRV - (TwoTrack [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TwoTrack.sys (IBM Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/All%20Users/HomePageFiles/starthere.html
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {C453FB06-A543-4AC6-98B2-CAA18A18ECD0}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/25 23:58:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 15:07:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/29 15:07:44 | 00,000,000 | ---D | M]

[2008/06/18 12:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Extensions
[2008/06/18 12:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/31 10:33:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Firefox\Profiles\g3jikydi.default\extensions
[2009/02/26 21:51:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Firefox\Profiles\g3jikydi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/08/26 21:15:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Firefox\Profiles\g3jikydi.default\extensions\[email protected]
[2009/03/31 10:33:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 18:24:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/11 10:35:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C453FB06-A543-4AC6-98B2-CAA18A18ECD0}
[2009/02/25 23:58:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/28 18:24:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 18:24:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 13:15:05 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (784 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1213276585406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: CabCCT https://ondemand.app...Ctrl_Apptix.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{104AFAF0-C4A4-489C-B2D0-7E24D4E50035}\\NameServer = 216.163.32.51,216.163.32.52
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\vetukuta.dll) - C:\WINDOWS\system32\vetukuta.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/01 08:26:17 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Local User\Desktop\OTListIt2.exe
[2009/04/01 08:24:46 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/01 08:24:37 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\Rooter.exe
[2009/04/01 08:13:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/01 08:13:01 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\NTREGOPT.lnk
[2009/04/01 08:13:01 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\ERUNT.lnk
[2009/04/01 08:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/01 08:12:24 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Local User\Desktop\erunt_setup.exe
[2009/04/01 08:09:50 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\SysRestorePoint_v13.zip
[2009/03/31 22:22:08 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/03/31 22:22:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/03/31 16:35:59 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/31 16:00:08 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\HijackThis.lnk
[2009/03/31 16:00:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/31 15:59:50 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Local User\Desktop\HJTInstall.exe
[2009/03/31 13:41:56 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Roosevelt Institution.doc
[2009/03/31 13:41:42 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume 2.doc
[2009/03/31 13:13:44 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Roosevelt Institution - National Policy Director.doc
[2009/03/29 22:56:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/29 22:55:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/03/29 22:55:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/29 22:52:27 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/29 22:52:13 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/29 22:47:01 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Local User\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/03/29 22:41:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/03/29 22:33:41 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/03/29 22:31:22 | 00,091,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwdrv.sys
[2009/03/29 22:31:17 | 00,116,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwhlpr.sys
[2009/03/29 22:30:31 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2009/03/29 22:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/03/29 18:13:35 | 01,812,426 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\CAP - Teacher Turnover, Tenure Policies, and the Distribution of Teacher Quality.pdf
[2009/03/29 18:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Local User\My Documents\Policy
[2009/03/29 15:10:01 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/29 15:09:43 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/29 15:09:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/29 15:07:22 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/29 13:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/27 10:33:15 | 00,019,609 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\EdSector_JobDescription_ResearchAssoc_Feb09.pdf
[2009/03/24 14:51:40 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - TFA - Recruitment Director.doc
[2009/03/24 14:28:46 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Fatherhood and Parenting.doc
[2009/03/20 15:47:54 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Brookings - Research Assistant - Governance Studies.doc
[2009/03/20 15:33:33 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Brookings - Staff Assistant.doc
[2009/03/20 15:22:33 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Brookings - Staff Assistant - Engelberg Center.doc
[2009/03/20 13:36:35 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Youth Development.doc
[2009/03/20 13:31:51 | 00,148,992 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\RYAN WATKINS - UNOFFICIAL TRANSCRIPT - THE UNIVERSITY OF MICHIGAN.doc
[2009/03/20 13:29:13 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Child Trends.doc
[2009/03/19 12:42:19 | 00,011,276 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\sarah.docx
[2009/03/19 11:05:06 | 00,150,528 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\UNOFFICIAL TRANSCRIPT - THE UNIVERSITY OF MICHIGAN.doc
[2009/03/19 10:05:21 | 00,010,572 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\untitled.JPG
[2009/03/19 10:03:15 | 00,066,533 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\n28600066_30678726_4067.jpg
[2009/03/17 13:26:59 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Ed and Data Development.doc
[2009/03/17 12:44:38 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - AFSCME - Apprentice.doc
[2009/03/17 11:06:53 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - AFSCME - Apprentice.doc
[2009/03/17 10:40:32 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - AFSCME - Apprentice.doc
[2009/03/15 16:55:21 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\An Adult kind of Politics.doc
[2009/03/14 19:59:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Local User\Application Data\Malwarebytes
[2009/03/14 19:59:20 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/14 19:59:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 19:59:18 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/14 19:59:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/14 19:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/14 19:05:23 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Local User\Desktop\mbam-setup.exe
[2009/03/13 11:02:59 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/03/12 11:57:55 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins Writing Sample - Census Summary.doc
[2009/03/12 11:53:24 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - New America Foundation.doc
[2009/03/12 11:52:45 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - New America Foundation - Research Associate.doc
[2009/03/12 11:33:23 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Media Matters - Researcher.doc
[2009/03/11 18:39:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/03/11 18:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/11 18:00:46 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/11 18:00:44 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/11 18:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Local User\Application Data\SUPERAntiSpyware.com
[2009/03/11 18:00:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/11 17:58:16 | 06,043,680 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\SUPERAntiSpyware.exe
[2009/03/11 11:54:33 | 00,030,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gffdfogq.sys
[2009/03/11 11:54:12 | 00,030,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xqgrrtdc.sys
[2009/03/11 11:10:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/03/11 11:09:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/03/11 11:09:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/03/11 10:41:18 | 01,805,682 | -HS- | C] () -- C:\WINDOWS\System32\ukuyiziz.ini
[2009/03/10 13:06:55 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Media Matters - Researcher.doc
[2009/03/08 14:22:46 | 01,241,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/03/08 14:22:30 | 00,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 14:09:26 | 00,638,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/03/08 14:09:26 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/03/08 04:34:52 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/03/08 04:34:48 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/03/08 04:34:48 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/03/08 04:34:30 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/03/08 04:33:48 | 00,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/03/08 04:32:54 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/03/08 04:32:52 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/03/08 04:32:50 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/03/08 04:31:54 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/03/08 04:31:52 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/03/08 04:31:02 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/03/08 04:31:02 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/03/08 04:30:56 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/03/08 04:24:28 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/03/08 04:22:46 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/03/08 04:11:12 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/03/06 09:45:44 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - The New Teacher Project - Site Manager.doc
[2009/03/05 16:18:48 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - New Teacher Project - Site Manager.doc
[2009/03/04 17:49:38 | 00,830,464 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Parking pass.doc
[2009/03/04 17:48:47 | 00,008,192 | -HS- | C] () -- C:\Documents and Settings\Local User\My Documents\Thumbs.db
[2009/03/04 17:48:38 | 00,801,873 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\parking pass.JPG
[2009/03/03 16:48:52 | 00,142,848 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins Writing Sample - Average Wage Growth 1997-2007.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/01 08:52:05 | 00,504,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/01 08:52:05 | 00,425,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/01 08:52:05 | 00,070,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/01 08:48:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/01 08:48:50 | 00,025,253 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2009/04/01 08:47:41 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/04/01 08:47:26 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2009/04/01 08:47:24 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/01 08:47:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/01 08:26:24 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Local User\Desktop\OTListIt2.exe
[2009/04/01 08:24:39 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\Rooter.exe
[2009/04/01 08:13:01 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\NTREGOPT.lnk
[2009/04/01 08:13:01 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\ERUNT.lnk
[2009/04/01 08:12:31 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Local User\Desktop\erunt_setup.exe
[2009/04/01 08:09:50 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\SysRestorePoint_v13.zip
[2009/03/31 16:00:08 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\HijackThis.lnk
[2009/03/31 15:59:56 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Local User\Desktop\HJTInstall.exe
[2009/03/31 14:04:00 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Roosevelt Institution - National Policy Director.doc
[2009/03/31 14:03:05 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins Writing Sample - What is the cause of the crisis in black education.doc
[2009/03/31 13:41:56 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Roosevelt Institution.doc
[2009/03/31 13:41:42 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume 2.doc
[2009/03/31 13:40:40 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Child Trends.doc
[2009/03/30 13:42:14 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/30 12:18:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/29 23:03:10 | 00,000,081 | -HS- | M] () -- C:\Documents and Settings\Local User\My Documents\desktop.ini
[2009/03/29 22:56:06 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/29 22:50:01 | 16,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Local User\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/03/29 22:40:17 | 00,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/29 18:32:21 | 00,017,333 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\Open Journal.docx
[2009/03/29 18:13:36 | 01,812,426 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\CAP - Teacher Turnover, Tenure Policies, and the Distribution of Teacher Quality.pdf
[2009/03/29 16:41:28 | 05,368,758 | -H-- | M] () -- C:\Documents and Settings\Local User\Local Settings\Application Data\IconCache.db
[2009/03/29 13:35:11 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/03/27 13:39:50 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - TFA - Recruitment Director.doc
[2009/03/27 10:33:15 | 00,019,609 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\EdSector_JobDescription_ResearchAssoc_Feb09.pdf
[2009/03/24 14:28:46 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Fatherhood and Parenting.doc
[2009/03/24 14:28:32 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Youth Development.doc
[2009/03/20 15:53:36 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Brookings - Research Assistant - Governance Studies.doc
[2009/03/20 15:35:04 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Brookings - Staff Assistant - Engelberg Center.doc
[2009/03/20 15:33:33 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Brookings - Staff Assistant.doc
[2009/03/20 13:36:19 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Ed and Data Development.doc
[2009/03/20 13:31:52 | 00,148,992 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\RYAN WATKINS - UNOFFICIAL TRANSCRIPT - THE UNIVERSITY OF MICHIGAN.doc
[2009/03/20 13:29:01 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - The New Teacher Project - Site Manager.doc
[2009/03/19 14:42:52 | 00,011,276 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\sarah.docx
[2009/03/19 11:05:06 | 00,150,528 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\UNOFFICIAL TRANSCRIPT - THE UNIVERSITY OF MICHIGAN.doc
[2009/03/19 10:05:35 | 00,010,572 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\untitled.JPG
[2009/03/19 10:03:18 | 00,066,533 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\n28600066_30678726_4067.jpg
[2009/03/17 12:44:38 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - AFSCME - Apprentice.doc
[2009/03/17 12:42:07 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - AFSCME - Apprentice.doc
[2009/03/17 10:40:32 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - AFSCME - Apprentice.doc
[2009/03/16 20:29:05 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Reading Notes - Social Studies--The Next Generation.doc
[2009/03/15 21:43:50 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\An Adult kind of Politics.doc
[2009/03/14 19:59:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 19:12:02 | 02,737,808 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Local User\Desktop\mbam-setup.exe
[2009/03/12 11:57:55 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins Writing Sample - Census Summary.doc
[2009/03/12 11:55:24 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - New America Foundation - Research Associate.doc
[2009/03/12 11:54:57 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Media Matters - Researcher.doc
[2009/03/12 11:53:24 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - New America Foundation.doc
[2009/03/12 11:33:23 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Media Matters - Researcher.doc
[2009/03/11 18:00:46 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/11 17:59:48 | 06,043,680 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\SUPERAntiSpyware.exe
[2009/03/11 11:57:27 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\bulahobi
[2009/03/11 11:54:35 | 00,030,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gffdfogq.sys
[2009/03/11 11:54:15 | 00,030,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xqgrrtdc.sys
[2009/03/11 11:02:38 | 01,805,682 | -HS- | M] () -- C:\WINDOWS\System32\ukuyiziz.ini
[2009/03/08 14:22:46 | 01,241,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll.mui
[2009/03/08 14:22:30 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll.mui
[2009/03/08 14:22:18 | 00,002,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe.mui
[2009/03/08 14:21:06 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll.mui
[2009/03/08 14:21:06 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe.mui
[2009/03/08 14:20:54 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll.mui
[2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2009/03/08 14:09:26 | 00,391,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/03/08 04:41:16 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/03/08 04:39:48 | 11,063,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/03/08 04:35:10 | 00,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/03/08 04:34:58 | 00,914,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/03/08 04:34:56 | 01,206,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2009/03/08 04:34:52 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2009/03/08 04:34:48 | 00,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2009/03/08 04:34:48 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WinFXDocObj.exe
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2009/03/08 04:34:30 | 00,043,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2009/03/08 04:34:28 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2009/03/08 04:34:18 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2009/03/08 04:34:18 | 00,109,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2009/03/08 04:33:48 | 00,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2009/03/08 04:33:40 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2009/03/08 04:33:26 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jscript.dll
[2009/03/08 04:33:16 | 00,726,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2009/03/08 04:33:08 | 00,229,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vbscript.dll
[2009/03/08 04:33:06 | 00,420,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2009/03/08 04:33:02 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admparse.dll
[2009/03/08 04:32:56 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\admparse.dll
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2009/03/08 04:32:54 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2009/03/08 04:32:52 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2009/03/08 04:32:52 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iesetup.dll
[2009/03/08 04:32:50 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iesetup.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2009/03/08 04:32:50 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2009/03/08 04:32:48 | 00,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inseng.dll
[2009/03/08 04:32:46 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/03/08 04:32:26 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2009/03/08 04:32:22 | 01,985,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2009/03/08 04:32:04 | 00,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2009/03/08 04:31:56 | 00,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
[2009/03/08 04:31:52 | 00,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2009/03/08 04:31:52 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 04:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2009/03/08 04:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\imgutil.dll
[2009/03/08 04:31:38 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imgutil.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2009/03/08 04:31:36 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2009/03/08 04:31:26 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmler.dll
[2009/03/08 04:31:18 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmler.dll
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.tlb
[2009/03/08 04:31:02 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.tlb
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshta.exe
[2009/03/08 04:31:02 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshta.exe
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tdc.ocx
[2009/03/08 04:30:56 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2009/03/08 04:24:28 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2009/03/08 04:22:46 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieui.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msls31.dll
[2009/03/08 04:22:38 | 00,156,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msls31.dll
[2009/03/08 04:15:06 | 00,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/03/08 04:11:12 | 00,445,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2009/03/06 09:51:14 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - New Teacher Project - Site Manager.doc
[2009/03/06 09:43:53 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume.doc
[2009/03/04 17:49:38 | 00,830,464 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Parking pass.doc
[2009/03/04 17:48:49 | 00,008,192 | -HS- | M] () -- C:\Documents and Settings\Local User\My Documents\Thumbs.db
[2009/03/04 17:48:38 | 00,801,873 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\parking pass.JPG
[2009/03/03 16:48:53 | 00,142,848 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins Writing Sample - Average Wage Growth 1997-2007.doc
[2009/03/03 16:48:12 | 00,142,848 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Research - Project 3 - Brookings - Metropolitan Area Average Wage Growth, 1997-2007.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 356 bytes -> C:\WINDOWS\System32\drivers\xqgrrtdc.sys:changelist
@Alternate Data Stream - 356 bytes -> C:\WINDOWS\System32\drivers\gffdfogq.sys:changelist
< End of report >


Here is the Extras log

OTListIt Extras logfile created on: 4/1/2009 8:52:50 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Local User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.81% Memory free
3.33 Gb Paging File | 2.66 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.62 Gb Total Space | 33.69 Gb Free Space | 49.82% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CFC-L3BK221
Current User Name: Local User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client (SonicWALL, Inc.)
C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:Windows Defender (Microsoft Corporation)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.24 Idcrl Install
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.24
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{85CFDC2D-710E-49D5-B799-F3743CA506BA}" = Microsoft Protection Service
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9D4B411F-42F9-4566-9621-13D3A969F871}" = Redistributable_MM
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C7EEC93A-2A61-4B1E-B696-A264680A889D}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.24
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"AwayTask" = Maintenance Manager
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA" = HDAUDIO Soft Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OnScreenDisplay" = On Screen Display
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel® PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinSS" = Windows Live OneCare
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2008 11:41:41 AM | Computer Name = CFC-L3BK221 | Source = Application Error | ID = 1001
Description = Fault bucket 944748234.

Error - 11/12/2008 1:34:43 PM | Computer Name = CFC-L3BK221 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3188, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x00053d41.

Error - 11/30/2008 3:53:54 PM | Computer Name = CFC-L3BK221 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\LOCAL USER\MY DOCUMENTS\MY MUSIC\ITUNES\MOBILE
APPLICATIONS\DOWNLOADS\TWITTERRIFIC.TMP\DOWNLOAD.APP> in the hash map cannot be
updated. Context: Application, SystemIndex Catalog Details: A device attached to
the system is not functioning. (0x8007001f)

Error - 12/9/2008 1:39:49 AM | Computer Name = CFC-L3BK221 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3224, faulting module
npswf32.dll, version 9.0.124.0, fault address 0x00053d41.

[ OSession Events ]
Error - 9/17/2008 4:11:36 PM | Computer Name = CFC-L3BK221 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8764
seconds with 180 seconds of active time. This session ended with a crash.

Error - 9/26/2008 1:06:09 PM | Computer Name = CFC-L3BK221 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11388
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/23/2009 12:14:53 PM | Computer Name = CFC-L3BK221 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.117 on
the Network Card with network address 001F3BC96255.

Error - 3/25/2009 1:23:43 PM | Computer Name = CFC-L3BK221 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3BC96255. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 3/25/2009 1:29:41 PM | Computer Name = CFC-L3BK221 | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001F3BC96255. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.

Error - 3/29/2009 5:02:31 PM | Computer Name = CFC-L3BK221 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.117 for the Network Card with network
address 001F3BC96255 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/29/2009 7:37:50 PM | Computer Name = CFC-L3BK221 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/29/2009 7:37:50 PM | Computer Name = CFC-L3BK221 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/29/2009 7:39:27 PM | Computer Name = CFC-L3BK221 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/29/2009 7:39:27 PM | Computer Name = CFC-L3BK221 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/29/2009 9:07:13 PM | Computer Name = CFC-L3BK221 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 3/29/2009 9:07:13 PM | Computer Name = CFC-L3BK221 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

[ Windows OneCare Events ]
Error - 3/29/2009 10:44:17 PM | Computer Name = CFC-L3BK221 | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x8a180109.


< End of report >


Here is the LopR log


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBLH
USER : Local User ( Administrator )
BOOT : Normal boot
Antivirus : Symantec AntiVirus Corporate Edition 10.1.5.5000 (Not Activated)
Firewall : Windows Live OneCare Firewall 1.0.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total:67 Go (Free:33 Go)
D:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Mon 04/06/2009|17:35 )

--------------------\\ Listing folders in APPLIC~1

[07/09/2008|01:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[06/23/2008|06:27] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Google
[06/12/2008|08:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[06/24/2008|06:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> InstallShield
[06/17/2008|06:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Lenovo
[06/17/2008|07:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[06/18/2008|12:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[06/18/2008|12:50] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Mozilla
[06/16/2008|04:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SonicWALL
[06/16/2008|06:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Xerox

[03/29/2009|03:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[06/16/2008|04:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[06/17/2008|06:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[06/16/2008|04:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[06/16/2008|04:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[06/16/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[06/16/2008|04:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[06/16/2008|06:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[06/14/2008|03:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[06/17/2008|05:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lenovo
[03/14/2009|07:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/29/2009|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/29/2009|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[02/25/2009|04:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Office Genuine Advantage
[03/11/2009|11:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SITEguard
[03/11/2009|06:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> STOPzilla!
[03/11/2009|06:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[06/14/2008|03:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[06/16/2008|04:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[06/12/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[06/17/2008|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe
[06/23/2008|06:27] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Google
[06/12/2008|08:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[06/24/2008|06:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> InstallShield
[06/17/2008|06:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Lenovo
[06/17/2008|07:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia
[06/18/2008|12:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[06/18/2008|12:50] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Mozilla
[06/16/2008|06:33] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Xerox

[08/09/2008|05:15] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Adobe
[11/30/2008|03:42] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Apple Computer
[10/12/2008|03:44] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Brother
[06/23/2008|06:27] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Google
[06/12/2008|08:54] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Identities
[06/24/2008|06:02] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> InstallShield
[06/17/2008|06:01] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Lenovo
[06/17/2008|07:00] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Macromedia
[03/14/2009|07:59] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Malwarebytes
[03/29/2009|10:51] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Microsoft
[01/04/2009|11:48] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Move Networks
[06/18/2008|12:50] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Mozilla
[07/10/2008|12:56] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> SonicWALL
[02/25/2009|11:55] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Sun
[03/11/2009|06:00] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/18/2008|10:00] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Windows Desktop Search
[06/16/2008|06:33] C:\DOCUME~1\LOCALU~1\APPLIC~1\<DIR> Xerox

[06/16/2008|08:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Intel
[03/29/2009|10:45] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[06/12/2008|08:07] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[04/06/2009 08:59 AM][--a------] C:\WINDOWS\tasks\WGASetup.job
[04/06/2009 12:18 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/06/2009 08:59 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 08:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[07/09/2008|01:26] C:\Program Files\<DIR> Adobe
[06/16/2008|04:29] C:\Program Files\<DIR> AIM6
[10/24/2008|09:12] C:\Program Files\<DIR> Apple Software Update
[03/29/2009|01:10] C:\Program Files\<DIR> Bonjour
[08/18/2008|11:59] C:\Program Files\<DIR> Citrix
[03/11/2009|06:00] C:\Program Files\<DIR> Common Files
[06/12/2008|08:03] C:\Program Files\<DIR> ComPlus Applications
[06/24/2008|06:02] C:\Program Files\<DIR> CONEXANT
[06/13/2008|03:48] C:\Program Files\<DIR> Digital Line Detect
[04/01/2009|08:13] C:\Program Files\<DIR> ERUNT
[06/23/2008|06:29] C:\Program Files\<DIR> Google
[08/08/2008|10:57] C:\Program Files\<DIR> HP
[06/24/2008|06:13] C:\Program Files\<DIR> InstallShield Installation Information
[06/14/2008|03:32] C:\Program Files\<DIR> Intel
[03/29/2009|11:02] C:\Program Files\<DIR> Internet Explorer
[03/29/2009|03:09] C:\Program Files\<DIR> iPod
[03/29/2009|03:09] C:\Program Files\<DIR> iTunes
[02/25/2009|11:58] C:\Program Files\<DIR> Java
[12/19/2008|11:31] C:\Program Files\<DIR> Lenovo
[03/14/2009|08:00] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/14/2008|06:21] C:\Program Files\<DIR> Messenger
[06/16/2008|07:56] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[06/12/2008|08:08] C:\Program Files\<DIR> microsoft frontpage
[06/16/2008|04:15] C:\Program Files\<DIR> Microsoft Office
[02/27/2009|10:04] C:\Program Files\<DIR> Microsoft Silverlight
[06/16/2008|04:15] C:\Program Files\<DIR> Microsoft Visual Studio
[04/06/2009|09:01] C:\Program Files\<DIR> Microsoft Windows OneCare Live
[06/16/2008|04:16] C:\Program Files\<DIR> Microsoft Works
[06/16/2008|04:14] C:\Program Files\<DIR> Microsoft.NET
[06/12/2008|09:55] C:\Program Files\<DIR> Movie Maker
[04/06/2009|11:31] C:\Program Files\<DIR> Mozilla Firefox
[06/12/2008|08:01] C:\Program Files\<DIR> MSN
[06/12/2008|08:02] C:\Program Files\<DIR> MSN Gaming Zone
[06/12/2008|09:54] C:\Program Files\<DIR> NetMeeting
[06/18/2008|01:58] C:\Program Files\<DIR> Online Services
[06/12/2008|09:54] C:\Program Files\<DIR> Outlook Express
[07/08/2008|12:18] C:\Program Files\<DIR> PDFCreator
[03/29/2009|03:07] C:\Program Files\<DIR> QuickTime
[01/09/2009|04:05] C:\Program Files\<DIR> Real
[03/29/2009|01:35] C:\Program Files\<DIR> Safari
[06/16/2008|04:35] C:\Program Files\<DIR> SonicWALL
[03/11/2009|06:00] C:\Program Files\<DIR> SUPERAntiSpyware
[06/14/2008|03:38] C:\Program Files\<DIR> Symantec
[01/13/2009|09:02] C:\Program Files\<DIR> Symantec AntiVirus
[06/17/2008|05:46] C:\Program Files\<DIR> ThinkPad
[06/17/2008|05:46] C:\Program Files\<DIR> ThinkVantage
[03/31/2009|04:00] C:\Program Files\<DIR> Trend Micro
[06/12/2008|08:53] C:\Program Files\<DIR> Uninstall Information
[06/16/2008|04:29] C:\Program Files\<DIR> Viewpoint
[06/24/2008|05:50] C:\Program Files\<DIR> Windows Defender
[08/18/2008|09:59] C:\Program Files\<DIR> Windows Desktop Search
[03/29/2009|10:16] C:\Program Files\<DIR> Windows Live Safety Center
[06/13/2008|08:37] C:\Program Files\<DIR> Windows Media Connect 2
[06/13/2008|08:37] C:\Program Files\<DIR> Windows Media Player
[06/12/2008|09:54] C:\Program Files\<DIR> Windows NT
[06/12/2008|08:06] C:\Program Files\<DIR> WindowsUpdate
[06/12/2008|08:08] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[06/17/2008|06:54] C:\Program Files\Common Files\<DIR> Adobe
[06/16/2008|04:28] C:\Program Files\Common Files\<DIR> AOL
[03/29/2009|03:09] C:\Program Files\Common Files\<DIR> Apple
[06/16/2008|04:15] C:\Program Files\Common Files\<DIR> DESIGNER
[06/16/2008|04:35] C:\Program Files\Common Files\<DIR> Deterministic Networks
[08/08/2008|10:58] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[06/12/2008|09:11] C:\Program Files\Common Files\<DIR> InstallShield
[03/11/2009|11:09] C:\Program Files\Common Files\<DIR> iS3
[12/19/2008|11:31] C:\Program Files\Common Files\<DIR> Lenovo
[06/16/2008|08:01] C:\Program Files\Common Files\<DIR> Microsoft Shared
[06/12/2008|08:04] C:\Program Files\Common Files\<DIR> MSSoap
[06/12/2008|12:55] C:\Program Files\Common Files\<DIR> ODBC
[06/12/2008|08:04] C:\Program Files\Common Files\<DIR> Services
[06/12/2008|12:55] C:\Program Files\Common Files\<DIR> SpeechEngines
[06/14/2008|03:39] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/16/2008|04:12] C:\Program Files\Common Files\<DIR> System
[03/11/2009|06:00] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 70 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 17:37:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\LOCALU~1\My Documents\My Music\iTunes\iTunes Music\Compilations\Fishscale\09 Columbus Exchange [Skit] _ Crack.m4a


[F:49][D:6]-> C:\DOCUME~1\LOCALU~1\LOCALS~1\Temp
[F:16][D:0]-> C:\DOCUME~1\LOCALU~1\Cookies
[F:409][D:5]-> C:\DOCUME~1\LOCALU~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Mon 04/06/2009|17:38 - Option : [1]

--------------------\\ Scan completed at 17:38:37

Thank you for all your help.
  • 0

#4
heir
Posted 07 April 2009 - 01:09 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's start remove some malware then.


Step 1.
Filescan:

  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\WINDOWS\System32\drivers\xqgrrtdc.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Do the same with this
  • C:\WINDOWS\System32\drivers\gffdfogq.sys


Step 2.
Uninstall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following:

Viewpoint Media Player


Step 3.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O4 - HKLM..\Run: [] File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\vetukuta.dll) - C:\WINDOWS\system32\vetukuta.dll File not found
[2009/03/31 16:35:59 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/11 11:57:27 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\bulahobi
[2009/03/11 11:02:38 | 01,805,682 | -HS- | M] () -- C:\WINDOWS\System32\ukuyiziz.ini
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
 C:\Program Files\Viewpoint
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog


Step 4.
OTL-scan:

  • Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 5.
Things I would like to see in your reply:

  • The results from the filescans from step 1.
  • The content of the fixlog from OTL2 from step 3
  • The content of OTListIt.txt from step 4
  • Information on how your computer is running now

  • 0

#5
rufusfonzarelli
Posted 08 April 2009 - 09:18 AM

rufusfonzarelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
From Step 1
The copy to clipboard feature didn't work so I highlighted and copied


File information
File Name : xqgrrtdc.sys
File Size : 30880 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : f58a27a27e41a1cd35eeb5ffdff95af8
SHA1 : 95c48438cfe9342a9b3061342ff782bbc96b3373

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/04/08 10:15:16 (EDT)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.0.0.32 20090408154925 2009-04-08
-
1.939
AhnLab V3 2009.04.08.01 2009.04.08 2009-04-08
-
0.601
AntiVir 7.9.0.138 7.1.3.30 2009-04-08
-
1.969
Antiy 2.0.18 20090408.2286289 2009-04-08
-
0.121
Authentium 5.1.1 200904080350 2009-04-08
-
1.156
AVAST! 3.0.1 090407-0 2009-04-07
-
0.005
AVG 7.5.52.442 270.11.47/2047 2009-04-08
-
2.011
BitDefender 7.81008.2845659 7.24673 2009-04-08
-
2.631
CA (VET) 9.0.0.143 31.6.6444 2009-04-08
-
3.855
ClamAV 0.95 9212 2009-04-08
-
0.011
Comodo 3.8 1105 2009-04-08
-
0.539
CP Secure 1.1.0.715 2009.04.08 2009-04-08
-
8.035
Dr.Web 4.44.0.9170 2009.04.08 2009-04-08
-
4.320
F-Prot 4.4.4.56 20090407 2009-04-07
-
1.145
F-Secure 5.51.6100 2009.04.08.03 2009-04-08
-
5.109
Fortinet 2.81-3.117 10.259 2009-04-08
-
0.179
GData 19.4467/19.292 20090408 2009-04-08
-
3.434
Ikarus T3.1.01.49 2009.04.08.72546 2009-04-08
-
2.861
JiangMin 11.0.706 2009.04.07 2009-04-07
-
1.845
Kaspersky 5.5.10 2009.04.08 2009-04-08
-
0.046
KingSoft 2009.2.5.15 2009.4.8.14 2009-04-08
-
0.587
McAfee 5.3.00 5577 2009-04-07
-
2.769
Microsoft 1.4502 2009.04.08 2009-04-08
-
4.231
mks_vir 2.01 2009.04.08 2009-04-08
-
2.753
Norman 6.00.06 6.00.00 2009-04-03
-
8.010
nProtect 20090408.03 3437088 2009-04-08
-
5.801
Panda 9.05.01 2009.04.06 2009-04-06
-
1.540
Quick Heal 10.00 2009.04.08 2009-04-08
-
1.055
Rising 20.0 21.23.40.00 2009-04-03
-
1.102
Sophos 2.85.0 4.40 2009-04-08
-
2.115
Sunbelt 5081 5081 2009-04-07
-
0.619
Symantec 1.3.0.24 20090407.003 2009-04-07
-
0.154
The Hacker 6.3.4.0 v00304 2009-04-08
-
0.875
Trend Micro 8.700-1004 5.952.05 2009-04-07
-
0.026
VBA32 3.12.10.2 20090407.1532 2009-04-07
-
1.810
ViRobot 20090407 2009.04.07 2009-04-07
-
0.399
VirusBuster 4.5.11.10 10.102.36/1220037 2009-04-07
-
1.491


The second file you asked me to scan would not scan. Virscan.org displayed a popup window that said the file had already been scanned and there had been no updates, but the time stamp on the scan was for the first file I scanned and it wouldn't allow me to ReScan and when it displayed the results it showed the results of the first file you had me scan.

Step 2: Completed

Step 3: tried to run the fix, however there was an error:

Cannot create file: C:\WINDOWS\System32\drivers\etc\Hosts

Step 4: Didn't complete scan as steps 1 and 3 couldn't be completed.

Will await further directions.
  • 0

#6
heir
Posted 08 April 2009 - 10:10 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
We'll do it slightly different then

Step 3.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
O4 - HKLM..\Run: [] File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\vetukuta.dll) - C:\WINDOWS\system32\vetukuta.dll File not found
[2009/03/31 16:35:59 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/11 11:57:27 | 00,006,456 | -H-- | M] () -- C:\WINDOWS\System32\bulahobi
[2009/03/11 11:02:38 | 01,805,682 | -HS- | M] () -- C:\WINDOWS\System32\ukuyiziz.ini
:Files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
 C:\Program Files\Viewpoint
:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog


Step 4.
OTL-scan:

  • Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.


Then complete step 5 from my previous post

Edited by heir, 08 April 2009 - 10:10 AM.

  • 0

#7
rufusfonzarelli
Posted 08 April 2009 - 02:23 PM

rufusfonzarelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OTL2 Fix Log

========== OTLISTIT ==========
Process explorer.exe killed successfully!
No active process named ViewpointService.exe was found!
Service\Driver Viewpoint Manager Service not found.
Service\Driver Viewpoint Manager Service not found.
File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\system32\vetukuta.dll deleted successfully.
Folder C:\VundoFix Backups not found.
C:\WINDOWS\System32\bulahobi moved successfully.
C:\WINDOWS\System32\ukuyiziz.ini moved successfully.
========== FILES ==========
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint moved successfully.
File/Folder C:\Program Files\Viewpoint not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Local User\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_528.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.8.0 log created on 04082009_160915

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_528.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_9ac.dat not found!

Registry entries deleted on Reboot...


OTL2 Log

OTListIt logfile created on: 4/8/2009 4:14:57 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Local User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.16% Memory free
3.33 Gb Paging File | 2.70 Gb Available in Paging File | 80.99% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.62 Gb Total Space | 33.19 Gb Free Space | 49.09% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CFC-L3BK221
Current User Name: Local User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\System32\TPHDEXLG.exe (Lenovo.)
PRC - C:\WINDOWS\system32\TpKmpSVC.exe ()
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - c:\program files\lenovo\system update\suservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Local User\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE File not found

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (IPSSVC [Auto | Running]) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
SRV - (msfwsvc [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
SRV - (OcHealthMon [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (OneCareMP [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (RampartSvc [On_Demand | Stopped]) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SUService [Auto | Running]) -- c:\program files\lenovo\system update\suservice.exe (Lenovo Group Limited)
SRV - (Symantec AntiVirus [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (ThinkVantage Registry Monitor Service [Auto | Running]) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (TPHDEXLGSVC [Auto | Running]) -- C:\WINDOWS\System32\TPHDEXLG.exe (Lenovo.)
SRV - (TpKmpSVC [Auto | Running]) -- C:\WINDOWS\system32\TpKmpSVC.exe ()
SRV - (TVT Scheduler [Auto | Running]) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (winss [Auto | Running]) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys (Cisco Systems, Inc.)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\CHDAudN.sys (Conexant Systems Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys (Lenovo.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MpFilter [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MpFilter.sys (Microsoft Corporation)
DRV - (MSFWDrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\msfwdrv.sys (Microsoft Corporation)
DRV - (MSFWHLPR [System | Running]) -- C:\WINDOWS\system32\DRIVERS\msfwhlpr.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090109.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090109.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NETw4x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys (Intel Corporation)
DRV - (PROCDD [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\PROCDD.SYS (Lenovo Group Limited)
DRV - (psadd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\psadd.sys (Lenovo (United States) Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RCFOX [System | Running]) -- C:\WINDOWS\system32\Drivers\RCFOX.sys (SonicWALL, Inc.)
DRV - (rcvpn [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\rcvpn.sys (SonicWALL, Inc.)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Shockprf [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (Tp4Track [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tp4track.sys (Lenovo Group Limited)
DRV - (TPDIGIMN [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (TPHKDRV [System | Running]) -- C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys (Lenovo Group Limited)
DRV - (TwoTrack [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\TwoTrack.sys (IBM Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/All%20Users/HomePageFiles/starthere.html
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.07103010
FF - prefs.js..extensions.enabledItems: {C453FB06-A543-4AC6-98B2-CAA18A18ECD0}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/25 23:58:18 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/29 15:07:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/29 15:07:44 | 00,000,000 | ---D | M]

[2008/06/18 12:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Extensions
[2008/06/18 12:50:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/06 09:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Firefox\Profiles\g3jikydi.default\extensions
[2009/02/26 21:51:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Firefox\Profiles\g3jikydi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/08/26 21:15:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Local User\Application Data\mozilla\Firefox\Profiles\g3jikydi.default\extensions\[email protected]
[2009/04/08 10:09:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/28 18:24:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/11 10:35:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C453FB06-A543-4AC6-98B2-CAA18A18ECD0}
[2009/02/25 23:58:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/28 18:24:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/28 18:24:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 13:15:05 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
O4 - HKLM..\Run: [TpShocks] TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKCU..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.c...pport/acpir.cab (IASRunner Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1213276585406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: CabCCT https://ondemand.app...Ctrl_Apptix.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{104AFAF0-C4A4-489C-B2D0-7E24D4E50035}\\NameServer = 216.163.32.51,216.163.32.52
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/08 10:54:06 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/06 17:34:39 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/06 17:32:58 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\LopSD.exe
[2009/04/06 14:08:53 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - SEIU Local 1.doc
[2009/04/06 13:42:50 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - MOSES.doc
[2009/04/06 13:40:34 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - MOSES - Community Organizer.doc
[2009/04/06 13:10:39 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - SEIU Local 1 - External Organizer.doc
[2009/04/02 13:22:36 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Education Sector.doc
[2009/04/02 13:09:33 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Education Sector - Research Associate.doc
[2009/04/01 08:26:17 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Local User\Desktop\OTListIt2.exe
[2009/04/01 08:24:46 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/01 08:24:37 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\Rooter.exe
[2009/04/01 08:13:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/01 08:13:01 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\NTREGOPT.lnk
[2009/04/01 08:13:01 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\ERUNT.lnk
[2009/04/01 08:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/01 08:12:24 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Local User\Desktop\erunt_setup.exe
[2009/04/01 08:09:50 | 00,009,334 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\SysRestorePoint_v13.zip
[2009/03/31 22:22:08 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/03/31 22:22:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/03/31 16:35:59 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/03/31 16:00:08 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\HijackThis.lnk
[2009/03/31 16:00:07 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/31 15:59:50 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Local User\Desktop\HJTInstall.exe
[2009/03/31 13:41:56 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Roosevelt Institution.doc
[2009/03/31 13:41:42 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume 2.doc
[2009/03/31 13:13:44 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Roosevelt Institution - National Policy Director.doc
[2009/03/29 22:56:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/03/29 22:55:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/03/29 22:55:03 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/03/29 22:52:27 | 24,768,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/03/29 22:52:13 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/03/29 22:47:01 | 16,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Local User\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/03/29 22:41:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/03/29 22:33:41 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/03/29 22:31:22 | 00,091,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwdrv.sys
[2009/03/29 22:31:17 | 00,116,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwhlpr.sys
[2009/03/29 22:30:31 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2009/03/29 22:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/03/29 18:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Local User\My Documents\Policy
[2009/03/29 15:10:01 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/29 15:09:43 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/29 15:09:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/29 15:07:22 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/29 13:10:21 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/27 10:33:15 | 00,019,609 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\EdSector_JobDescription_ResearchAssoc_Feb09.pdf
[2009/03/24 14:51:40 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - TFA - Recruitment Director.doc
[2009/03/24 14:28:46 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Fatherhood and Parenting.doc
[2009/03/20 15:47:54 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Brookings - Research Assistant - Governance Studies.doc
[2009/03/20 15:33:33 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Brookings - Staff Assistant.doc
[2009/03/20 15:22:33 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Brookings - Staff Assistant - Engelberg Center.doc
[2009/03/20 13:36:35 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Youth Development.doc
[2009/03/20 13:31:51 | 00,148,992 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\RYAN WATKINS - UNOFFICIAL TRANSCRIPT - THE UNIVERSITY OF MICHIGAN.doc
[2009/03/20 13:29:13 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Child Trends.doc
[2009/03/19 12:42:19 | 00,011,276 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\sarah.docx
[2009/03/19 11:05:06 | 00,150,528 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\UNOFFICIAL TRANSCRIPT - THE UNIVERSITY OF MICHIGAN.doc
[2009/03/19 10:05:21 | 00,010,572 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\untitled.JPG
[2009/03/19 10:03:15 | 00,066,533 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\n28600066_30678726_4067.jpg
[2009/03/17 13:26:59 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Ed and Data Development.doc
[2009/03/17 12:44:38 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - AFSCME - Apprentice.doc
[2009/03/17 11:06:53 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - AFSCME - Apprentice.doc
[2009/03/17 10:40:32 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - AFSCME - Apprentice.doc
[2009/03/15 16:55:21 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\An Adult kind of Politics.doc
[2009/03/14 19:59:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Local User\Application Data\Malwarebytes
[2009/03/14 19:59:20 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/14 19:59:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 19:59:18 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/14 19:59:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/14 19:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/14 19:05:23 | 02,737,808 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Local User\Desktop\mbam-setup.exe
[2009/03/13 11:02:59 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/03/12 11:57:55 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins Writing Sample - Census Summary.doc
[2009/03/12 11:53:24 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - New America Foundation.doc
[2009/03/12 11:52:45 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - New America Foundation - Research Associate.doc
[2009/03/12 11:33:23 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Media Matters - Researcher.doc
[2009/03/11 18:39:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/03/11 18:00:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/03/11 18:00:46 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/11 18:00:44 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/03/11 18:00:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Local User\Application Data\SUPERAntiSpyware.com
[2009/03/11 18:00:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/03/11 17:58:16 | 06,043,680 | ---- | C] () -- C:\Documents and Settings\Local User\Desktop\SUPERAntiSpyware.exe
[2009/03/11 11:54:33 | 00,030,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gffdfogq.sys
[2009/03/11 11:54:12 | 00,030,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xqgrrtdc.sys
[2009/03/11 11:10:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/03/11 11:09:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/03/11 11:09:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/03/10 13:06:55 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Media Matters - Researcher.doc

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/04/08 16:15:31 | 00,504,376 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/08 16:15:31 | 00,425,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/08 16:15:31 | 00,070,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/08 16:11:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/08 16:11:06 | 00,025,253 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2009/04/08 16:10:52 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/04/08 16:10:39 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2009/04/08 16:10:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/08 16:10:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/08 16:09:16 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/04/06 17:33:09 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\LopSD.exe
[2009/04/06 14:13:55 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/06 14:08:53 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - SEIU Local 1.doc
[2009/04/06 14:08:37 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - MOSES.doc
[2009/04/06 14:06:03 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - SEIU Local 1 - External Organizer.doc
[2009/04/06 13:49:26 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Referenes.doc
[2009/04/06 13:40:34 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - MOSES - Community Organizer.doc
[2009/04/06 12:18:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/02 13:22:36 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Education Sector.doc
[2009/04/02 13:19:38 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Education Sector - Research Associate.doc
[2009/04/02 13:10:46 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Roosevelt Institution.doc
[2009/04/01 08:26:24 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Local User\Desktop\OTListIt2.exe
[2009/04/01 08:24:39 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\Rooter.exe
[2009/04/01 08:13:01 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\NTREGOPT.lnk
[2009/04/01 08:13:01 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\ERUNT.lnk
[2009/04/01 08:12:31 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Local User\Desktop\erunt_setup.exe
[2009/04/01 08:09:50 | 00,009,334 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\SysRestorePoint_v13.zip
[2009/03/31 16:00:08 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\HijackThis.lnk
[2009/03/31 15:59:56 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Local User\Desktop\HJTInstall.exe
[2009/03/31 14:04:00 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Roosevelt Institution - National Policy Director.doc
[2009/03/31 14:03:05 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins Writing Sample - What is the cause of the crisis in black education.doc
[2009/03/31 13:41:42 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume 2.doc
[2009/03/31 13:40:40 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Child Trends.doc
[2009/03/29 23:03:10 | 00,000,081 | -HS- | M] () -- C:\Documents and Settings\Local User\My Documents\desktop.ini
[2009/03/29 22:56:06 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/29 22:50:01 | 16,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Local User\Desktop\IE8-WindowsXP-x86-ENU.exe
[2009/03/29 22:40:17 | 00,187,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/29 18:32:21 | 00,017,333 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\Open Journal.docx
[2009/03/29 16:41:28 | 05,368,758 | -H-- | M] () -- C:\Documents and Settings\Local User\Local Settings\Application Data\IconCache.db
[2009/03/29 13:35:11 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/03/27 13:39:50 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - TFA - Recruitment Director.doc
[2009/03/27 10:33:15 | 00,019,609 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\EdSector_JobDescription_ResearchAssoc_Feb09.pdf
[2009/03/24 14:28:46 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Fatherhood and Parenting.doc
[2009/03/24 14:28:32 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Youth Development.doc
[2009/03/20 15:53:36 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Brookings - Research Assistant - Governance Studies.doc
[2009/03/20 15:35:04 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Brookings - Staff Assistant - Engelberg Center.doc
[2009/03/20 15:33:33 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Brookings - Staff Assistant.doc
[2009/03/20 13:36:19 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Child Trends - Research Assistant - Ed and Data Development.doc
[2009/03/20 13:31:52 | 00,148,992 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\RYAN WATKINS - UNOFFICIAL TRANSCRIPT - THE UNIVERSITY OF MICHIGAN.doc
[2009/03/20 13:29:01 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - The New Teacher Project - Site Manager.doc
[2009/03/19 14:42:52 | 00,011,276 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\sarah.docx
[2009/03/19 11:05:06 | 00,150,528 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\UNOFFICIAL TRANSCRIPT - THE UNIVERSITY OF MICHIGAN.doc
[2009/03/19 10:05:35 | 00,010,572 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\untitled.JPG
[2009/03/19 10:03:18 | 00,066,533 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\n28600066_30678726_4067.jpg
[2009/03/17 12:44:38 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - AFSCME - Apprentice.doc
[2009/03/17 12:42:07 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - AFSCME - Apprentice.doc
[2009/03/17 10:40:32 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - AFSCME - Apprentice.doc
[2009/03/16 20:29:05 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Reading Notes - Social Studies--The Next Generation.doc
[2009/03/15 21:43:50 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\An Adult kind of Politics.doc
[2009/03/14 19:59:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/14 19:12:02 | 02,737,808 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Local User\Desktop\mbam-setup.exe
[2009/03/12 11:57:55 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins Writing Sample - Census Summary.doc
[2009/03/12 11:55:24 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - New America Foundation - Research Associate.doc
[2009/03/12 11:54:57 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Cover Letter - Media Matters - Researcher.doc
[2009/03/12 11:53:24 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - New America Foundation.doc
[2009/03/12 11:33:23 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Local User\My Documents\Ryan Watkins - Resume - Media Matters - Researcher.doc
[2009/03/11 18:00:46 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/03/11 17:59:48 | 06,043,680 | ---- | M] () -- C:\Documents and Settings\Local User\Desktop\SUPERAntiSpyware.exe
[2009/03/11 11:54:35 | 00,030,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gffdfogq.sys
[2009/03/11 11:54:15 | 00,030,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xqgrrtdc.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 356 bytes -> C:\WINDOWS\System32\drivers\xqgrrtdc.sys:changelist
@Alternate Data Stream - 356 bytes -> C:\WINDOWS\System32\drivers\gffdfogq.sys:changelist
< End of report >
  • 0

#8
heir
Posted 08 April 2009 - 11:31 PM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

And how is your computer running now?
Still the same issues?
  • 0

#9
rufusfonzarelli
Posted 09 April 2009 - 06:27 AM

rufusfonzarelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
So, right now there are tons of google redirects and the system seems slow. IE also loads only one page and then in crashes, sometimes it won't even load a single page before it crashes (stops loading and then stops responding). I also have my suspicions that it might be blocking malware definition updates.

Thanks for your help.
  • 0

#10
heir
Posted 09 April 2009 - 06:40 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's bring on a more powerful tool then.
We'll sort this out, eventually.


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements

#11
rufusfonzarelli
Posted 09 April 2009 - 07:26 AM

rufusfonzarelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ComboFix 09-04-04.01 - Local User 2009-04-09 9:14:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1343 [GMT -4:00]
Running from: c:\documents and settings\Local User\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-08 10:54 . 2009-04-08 10:54 <DIR> d-------- C:\_OTListIt
2009-04-06 17:34 . 2009-04-06 17:38 <DIR> d-------- C:\Lop SD
2009-04-01 08:24 . 2009-04-01 08:25 <DIR> d-------- C:\Rooter$
2009-04-01 08:20 . 2009-04-01 08:20 <DIR> d--hs---- c:\documents and settings\Local User\PrivacIE
2009-04-01 08:12 . 2009-04-01 08:13 <DIR> d-------- c:\program files\ERUNT
2009-03-31 22:22 . 2009-03-31 22:22 <DIR> d-------- c:\windows\system32\KB905474
2009-03-31 22:22 . 2009-03-10 22:26 1,403,264 --a------ c:\windows\system32\KB905474\wganotifypackageinner.exe
2009-03-31 22:22 . 2009-03-10 22:18 453,512 --a------ c:\windows\system32\KB905474\wgasetup.exe
2009-03-31 22:22 . 2009-02-09 18:51 12,490 --a------ c:\windows\system32\KB905474\wga_eula.txt
2009-03-31 16:35 . 2009-03-31 16:35 <DIR> d-------- C:\VundoFix Backups
2009-03-31 16:00 . 2009-03-31 16:00 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 23:05 . 2009-03-29 23:05 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-29 23:03 . 2009-03-29 23:03 <DIR> d--hs---- c:\documents and settings\Local User\IETldCache
2009-03-29 22:56 . 2009-03-29 22:56 <DIR> d-------- c:\windows\ie8updates
2009-03-29 22:55 . 2009-03-29 22:55 <DIR> d--h-c--- c:\windows\ie8
2009-03-29 22:52 . 2009-02-28 00:55 105,984 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-29 22:33 . 2008-04-13 20:12 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-29 22:31 . 2007-11-27 22:56 116,416 --a------ c:\windows\system32\drivers\msfwhlpr.sys
2009-03-29 22:31 . 2007-11-27 22:56 91,328 --a------ c:\windows\system32\drivers\msfwdrv.sys
2009-03-29 22:30 . 2008-05-15 16:15 53,168 --a------ c:\windows\system32\drivers\MpFilter.sys
2009-03-29 22:16 . 2009-04-08 17:21 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2009-03-29 15:09 . 2009-03-29 15:09 <DIR> d-------- c:\program files\iPod
2009-03-29 15:09 . 2009-03-29 15:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-29 15:07 . 2009-03-29 15:07 <DIR> d-------- c:\program files\QuickTime
2009-03-29 13:10 . 2009-03-29 13:10 <DIR> d-------- c:\program files\Bonjour
2009-03-14 19:59 . 2009-03-14 20:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-14 19:59 . 2009-03-14 19:59 <DIR> d-------- c:\documents and settings\Local User\Application Data\Malwarebytes
2009-03-14 19:59 . 2009-03-14 19:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-14 19:59 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-14 19:59 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-13 11:02 . 2009-03-29 22:16 <DIR> d-------- c:\program files\Windows Live Safety Center
2009-03-11 18:00 . 2009-03-11 18:00 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-11 18:00 . 2009-03-11 18:00 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-11 18:00 . 2009-03-11 18:00 <DIR> d-------- c:\documents and settings\Local User\Application Data\SUPERAntiSpyware.com
2009-03-11 18:00 . 2009-03-11 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-11 11:54 . 2009-03-11 11:54 30,880 --a------ c:\windows\system32\drivers\xqgrrtdc.sys
2009-03-11 11:54 . 2009-03-11 11:54 30,880 --a------ c:\windows\system32\drivers\gffdfogq.sys
2009-03-11 11:10 . 2009-03-11 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-11 11:09 . 2009-03-11 11:09 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-11 11:09 . 2009-03-11 18:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 02:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-29 19:09 --------- d-----w c:\program files\iTunes
2009-03-29 19:09 --------- d-----w c:\program files\Common Files\Apple
2009-03-29 17:35 --------- d-----w c:\program files\Safari
2009-02-27 14:04 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 03:58 --------- d-----w c:\program files\Java
2009-02-25 20:47 --------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-07-08 04:18 14,290 ----a-w c:\program files\settings.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\program files\Lenovo\TrackPoint\tp4serv.exe" [2008-03-04 92960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-05 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-05 137752]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-02-13 66928]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-27 125168]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 243248]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-01-11 144728]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-01-11 124248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-25 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-03-22 63864]
"TpShocks"="TpShocks.exe" [2007-11-22 c:\windows\system32\TpShocks.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-06-13 50688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 19:37 34344 c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2007-12-14 19:36 28672 c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [2008-06-16 101528]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-03-22 24936]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-21 101936]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [2008-06-16 24876]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2008-03-04 22568]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-27 116464]

--- Other Services/Drivers In Memory ---

*Deregistered* - EraserUtilDrvI7

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-04-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-10 22:18]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Documents%20and%20Settings/All%20Users/HomePageFiles/starthere.html
uInternet Connection Wizard,ShellNext = hxxp://www.barackobama.com/index.php
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: windowsupdate.com\download
TCP: {104AFAF0-C4A4-489C-B2D0-7E24D4E50035} = 216.163.32.51,216.163.32.52
DPF: CabCCT - hxxps://ondemand.apptix.net/codebase/ActCtrl_Apptix.cab
FF - ProfilePath - c:\documents and settings\Local User\Application Data\Mozilla\Firefox\Profiles\g3jikydi.default\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 09:17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1592)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\searchindexer.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2009-04-09 9:21:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-09 13:21:12

Pre-Run: 35,484,385,280 bytes free
Post-Run: 35,449,135,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

221 --- E O F --- 2009-04-01 02:22:08
  • 0

#12
heir
Posted 09 April 2009 - 07:34 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Wmmm... strange
I assume you still gets redirected.

Please do this scan

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.
  • 0

#13
rufusfonzarelli
Posted 09 April 2009 - 07:55 AM

rufusfonzarelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
GooredFix v1.92 by jpshortstuff
Log created at 09:54 on 09/04/2009 running Option #1 (Local User)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{C453FB06-A543-4AC6-98B2-CAA18A18ECD0}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
  • 0

#14
heir
Posted 09 April 2009 - 08:00 AM

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Can you please answer these questions:

How are you computer connected to Internet?
Through a router?
If so are there any other computers connected to that router?
  • 0

#15
rufusfonzarelli
Posted 09 April 2009 - 08:12 AM

rufusfonzarelli

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
i am connected to the internet through a wireless router, i'm stealing access off my neighbor's connection.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP