Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Backdoor.Cycbot


  • This topic is locked This topic is locked

#1
Fourthand26

Fourthand26

    Member

  • Member
  • PipPip
  • 31 posts
I apparently acquired this virus somehow and my anti-virus programs can't get rid of it. I'm not noticing any symptoms as of now, other than that it shows up in scans.

Edit: I think I've been getting redirected to some random search websites that don't show any results. It's happened 2 or 3 times since I realized I had the virus.


Please help me out if you can.

Edit: I spent some time last night trying to get rid of it, so I ran a new OTL and made a new post for it. I'm leaving the original in case it's useful.

OTL.txt

OTL logfile created on: 11/14/2010 8:46:19 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Josh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.47 Gb Total Space | 8.80 Gb Free Space | 6.14% Space Free | Partition Type: NTFS

Computer Name: LENOVO-78548A51 | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 20:45:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\Downloads\OTL.exe
PRC - [2010/11/14 20:38:51 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Windows\shell.exe
PRC - [2010/11/14 20:38:31 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\svchost.exe
PRC - [2010/11/14 16:53:12 | 000,144,896 | ---- | M] () -- C:\Documents and Settings\Josh\Local Settings\Temp\dwm.exe
PRC - [2010/10/28 08:28:42 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 08:28:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/20 06:02:36 | 000,802,960 | ---- | M] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2010/03/08 15:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/10/30 11:52:52 | 000,047,456 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2009/10/19 16:30:26 | 002,913,576 | ---- | M] (Guillemot Corporation S.A.) -- C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/10/20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/11/29 12:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/11/22 17:09:26 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/10/16 20:33:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/03 18:42:08 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2007/08/03 18:35:38 | 002,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007/08/03 18:19:08 | 000,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/08/03 18:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 17:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 17:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 17:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/05/31 04:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/04/26 11:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/03/28 11:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/03/14 18:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 18:48:42 | 000,024,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DoScan.exe
PRC - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/03/08 23:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 22:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/08 15:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/02/01 12:00:01 | 000,419,376 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
PRC - [2007/01/29 21:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 16:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/09/06 01:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 18:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/02 07:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 18:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 20:45:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/12/29 14:05:02 | 000,378,880 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter3\nphooks.dll
MOD - [2009/12/29 14:01:24 | 000,482,304 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter3\communication.dll
MOD - [2009/12/29 14:01:10 | 000,453,120 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\meter3\nscore.dll
MOD - [2009/10/30 11:49:40 | 000,246,272 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2008/04/13 18:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/13 18:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/13 11:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2007/08/03 18:42:18 | 000,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
MOD - [2007/08/03 18:42:10 | 002,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
MOD - [2007/08/03 18:28:10 | 001,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
MOD - [2007/08/03 18:28:06 | 000,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dll
MOD - [2007/08/03 18:28:04 | 005,211,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_think_res.dll
MOD - [2007/08/03 18:27:46 | 001,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dll
MOD - [2007/08/03 18:27:42 | 000,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dll
MOD - [2007/08/03 18:19:10 | 000,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dll
MOD - [2007/08/03 18:19:06 | 000,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dll
MOD - [2007/08/03 18:09:56 | 000,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_think_res.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/05 10:45:54 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/16 20:33:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/03 18:19:08 | 000,722,232 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/08/03 18:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/05 17:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 17:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/05/31 04:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/14 18:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 16:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/02/05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/29 21:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - [2010/09/29 02:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101113.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/29 02:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101113.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/26 15:01:31 | 000,277,784 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/12/29 14:10:04 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2009/12/29 14:09:44 | 000,024,192 | ---- | M] (The Nielsen Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - [2009/12/29 14:08:04 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2009/12/29 14:08:02 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/04/22 14:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/02/08 23:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2009/01/15 16:07:38 | 000,043,168 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/01/08 18:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DsAudioDevice_282.sys -- (DsAudioDevice_282)
DRV - [2008/08/24 20:14:04 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/12 13:35:55 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/01/12 13:34:55 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007/12/06 10:22:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/11/29 12:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/10/24 23:19:00 | 000,153,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/16 20:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/10/16 20:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/08/08 19:28:50 | 005,765,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/08 05:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/29 20:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 19:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/31 04:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/05/22 17:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 01:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/05/01 20:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/04/30 08:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/04/27 01:00:58 | 000,666,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - [2007/04/02 13:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/03/29 17:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/25 07:43:00 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/03/25 07:43:00 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/25 07:42:00 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/03/15 00:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2007/03/14 23:50:08 | 000,040,848 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/02/12 16:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 16:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/02/08 14:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/10 15:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/06 02:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/22 19:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/03/01 05:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/02 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 07:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 14:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 07:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/11/08 11:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/05/17 12:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/08/03 16:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/11 01:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 06:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...rud=02-05-2010"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {51ef49d2-624b-4194-8b97-1c468e9b0efe}:1.300.346
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "https://www.mypoints...&fctb.dns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/29 18:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter3\FFAddon\ [2010/09/14 17:01:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 08:28:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/10 16:30:02 | 000,000,000 | ---D | M]

[2008/09/20 21:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions
[2010/11/14 12:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions
[2010/11/06 23:40:39 | 000,000,000 | ---D | M] (MyPoints Point Finder) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}
[2010/08/18 23:20:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 23:35:06 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/09/19 12:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\vshare@toolbar
[2010/05/02 09:43:38 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\searchplugins\AIM Search.xml
[2010/05/02 10:59:10 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\searchplugins\aol-search.xml
[2009/05/02 09:56:43 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\searchplugins\live-search.xml
[2010/11/13 22:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/11 16:41:09 | 000,508,672 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Mozilla Firefox\components\IdVault.XPCOM.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/02/15 23:40:27 | 000,292,053 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - Reg Error: Value error. File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CamserviceOG] C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\5.0 ( File not found
O4 - Startup: C:\Documents and Settings\Josh\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Josh\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Josh\LOCALS~1\Temp\dwm.exe) - C:\Documents and Settings\Josh\Local Settings\Temp\dwm.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1216251367330 (WUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Josh\My Documents\My Pictures\VideoCallSnapshotWallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh\My Documents\My Pictures\VideoCallSnapshotWallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 01:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell - "" = AutoRun
O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/17 22:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/17 11:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/01/12 13:17:13 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/01/12 13:17:13 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 20:46:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3297437066-2062060420-1293268813-1009UA.job
[2010/11/14 20:40:29 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Josh\Desktop\~$jectificationTheoryPaper.docx
[2010/11/14 20:38:56 | 000,025,384 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/11/14 20:38:35 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/11/14 20:38:07 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/14 20:38:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3297437066-2062060420-1293268813-1009.job
[2010/11/14 20:36:52 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/11/14 20:36:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/14 20:36:29 | 2137,305,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 20:33:50 | 000,025,086 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\ObjectificationTheoryPaper.docx
[2010/11/13 21:46:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3297437066-2062060420-1293268813-1009Core.job
[2010/11/10 15:30:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/08 07:20:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3297437066-2062060420-1293268813-1009.job
[2010/11/07 09:24:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/11/07 07:45:13 | 000,491,860 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 07:45:13 | 000,090,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/14 20:40:29 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Josh\Desktop\~$jectificationTheoryPaper.docx
[2010/11/13 22:25:36 | 000,025,086 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\ObjectificationTheoryPaper.docx
[2010/11/13 09:14:49 | 000,005,374 | ---- | C] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\AutobahnAcceleratorInstall.txt
[2010/06/18 08:51:03 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2010/03/25 12:41:25 | 000,001,164 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/25 23:13:00 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/27 12:36:21 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/24 20:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/24 19:57:29 | 000,008,633 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/07/22 22:15:51 | 000,002,686 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/18 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/22 02:36:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/12 13:34:27 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/01/12 13:28:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/12 13:26:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/12 13:26:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/12 13:26:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/12 13:26:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/12 13:26:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/12 13:26:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/01/12 13:19:59 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/01/12 13:19:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2008/01/12 13:17:53 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/01/12 13:17:13 | 003,482,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/01/12 13:17:13 | 000,027,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/01/12 13:17:13 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2008/01/12 13:15:39 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/07/27 00:37:40 | 000,025,384 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/07/27 00:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/01/16 09:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 16:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 01:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 01:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 00:45:50 | 000,277,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2006/04/29 18:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2008/07/16 17:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/02 09:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/28 12:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2008/08/01 01:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/07/04 17:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/01/12 13:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/01/20 14:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/08/15 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/23 11:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/01/12 14:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2009/06/11 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/28 12:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2009/03/22 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/30 16:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 14:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/23 11:50:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2008/07/16 17:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\acccore
[2010/03/25 17:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\AD2C74113C6146C04F4B34056417B767
[2010/08/30 16:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Audacity
[2009/07/03 14:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\BallStat
[2009/11/21 14:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\FCTB000060497
[2008/08/15 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\funkitron
[2009/01/19 12:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\goombah
[2010/03/20 22:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\gtk-2.0
[2010/05/02 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\ID Vault
[2008/12/25 23:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\InterVideo
[2010/03/26 12:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\IObit
[2008/07/31 00:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\iWin
[2008/07/31 01:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\iWinArcade
[2008/07/15 02:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Leadertech
[2008/10/27 22:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Lenovo
[2009/02/08 22:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Ruckus Network
[2010/04/09 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\StreamTorrent
[2010/08/23 11:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TuneUp Software
[2010/08/23 12:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\uTorrent
[2008/11/11 17:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Viewpoint
[2010/11/14 20:38:35 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFA9D961
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F664613B

< End of report >

Edited by Fourthand26, 16 November 2010 - 09:28 AM.

  • 0

Advertisements


#2
Fourthand26

Fourthand26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Edit: This is also from the first scan.

Extras.txt

OTL Extras logfile created on: 11/14/2010 8:46:19 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Josh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.47 Gb Total Space | 8.80 Gb Free Space | 6.14% Space Free | Partition Type: NTFS

Computer Name: LENOVO-78548A51 | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- File not found
"C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe" = C:\Program Files\MyPoints Toolbar 2.0\TroubleShooter.exe:*:Enabled:MyPoints Toolbar 2.0 (Helper) -- (FreeCause Inc.)
"C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe" = C:\Program Files\MyPoints Toolbar 2.0\ToolbarUpdate.exe:*:Enabled:MyPoints Toolbar 2.0 (Update) -- (FreeCause Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Josh\Desktop\Games\zsnesw142\zsnesw.exe" = C:\Documents and Settings\Josh\Desktop\Games\zsnesw142\zsnesw.exe:*:Enabled:zsnesw -- ()
"C:\Documents and Settings\Josh\Desktop\Games\Fusion.exe" = C:\Documents and Settings\Josh\Desktop\Games\Fusion.exe:*:Enabled:Fusion -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent Media Player -- (StreamTorrent)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\fscommand\Updater.exe" = D:\fscommand\Updater.exe:*:Enabled:Hercules Updater -- File not found
"C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe" = C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe:*:Enabled:Hercules Xtra Controller Main Application -- (Guillemot Corporation S.A.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2A8E4833-F483-4074-B4DB-F295F7901A8D}" = MobileMe Control Panel
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3581a349-e9e0-474b-92c4-5d887eb9d5f4}" = DJ_SF_03_D2500_Software
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4a1789a1-33fd-427e-9027-dec4d7fe8fa5}" = D2500
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5680dfaf-b87b-455b-a0b1-0c77eb0b03ca}" = DJ_SF_03_D2500_Software_Min
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{656957B8-41DB-4E43-AAA1-B128C2213D50}" = VodBurner
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{89998BCF-F415-468a-8282-CB042765A26F}" = HP Deskjet D2500 Printer Driver Software 10.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95774351-6087-3A3B-8CA8-70BEE49D2BD5}" = Google Gears
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ThinkPad UltraNav Driver
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{ac55e361-642f-46af-81f5-1c69fedb6706}" = DJ_SF_03_D2500_ProductContext
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{c6d55c99-0700-44f6-8c46-3a0a14ee3d4c}" = D2500_Help
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Deluxe Optical Glass
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBBE2FB2-FBED-44F6-B95F-230AB5A65B28}" = Goombah Partner COM Server
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"Autobahn" = MLB.TV NexDef Plug-in
"AwayTask" = Maintenance Manager
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Finale NotePad 2008" = Finale NotePad 2008
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyPoints Toolbar 2.0" = MyPoints Toolbar 2.0
"NetSight" = Nielsen
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel® PROSet/Wireless Software
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.0
"RealPlayer 6.0" = RealPlayer
"Remove Multimedia Center" = Remove Multimedia Center
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreamTorrent 1.0" = StreamTorrent 1.0
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wheel of Fortune Deluxe" = Wheel of Fortune Deluxe (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2010 10:21:53 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Backdoor.Cycbot!gen2 in File: C:\Documents and Settings\Josh\Application
Data\Microsoft\Windows\shell.exe by: Auto-Protect scan. Action: Cleaned by Deletion.
Action Description:

Error - 11/14/2010 10:25:16 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\josh\local settings\temp\dwm.exe by: Startup scan. Action: Clean failed
: Quarantine failed. Action Description: The file was left unchanged.

Error - 11/14/2010 10:25:21 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk: in File: c:\documents and settings\josh\local settings\temp\dwm.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. Risk: in File: c:\documents and settings\josh\application data\microsoft\svchost.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. Risk: in File: c:\documents and settings\josh\local settings\temp\dwm.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. Risk: in File: c:\documents and settings\josh\application data\microsoft\svchost.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and settings\josh\local
settings\temp\dwm.exe by: Startup scan. Action: Leave Alone succeeded. Action
Description: The file was left unchanged.

Error - 11/14/2010 10:25:24 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\josh\local settings\temp\dwm.exe by: Startup scan. Action: Terminate
Process Required. Action Description:

Error - 11/14/2010 10:34:19 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\josh\local settings\temp\dwm.exe by: Startup scan. Action: Clean failed
: Quarantine failed. Action Description: The file was left unchanged.

Error - 11/14/2010 10:34:27 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\josh\local settings\temp\dwm.exe by: Startup scan. Action: Reboot Required.
Action Description: The file was repaired successfully.

Error - 11/14/2010 10:41:25 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: Unavailable by:
Invalid : (15) scan. Action: Delete failed. Action Description: The file was
left unchanged.

Error - 11/14/2010 10:41:26 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: Unavailable by:
Invalid : (15) scan. Action: Delete failed : Leave Alone failed. Action Description:


Error - 11/14/2010 10:42:31 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\josh\application data\microsoft\svchost.exe by: Startup scan. Action:
Clean failed : Quarantine failed. Action Description: The file was left unchanged.



Error - 11/14/2010 10:42:31 PM | Computer Name = LENOVO-78548A51 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\josh\application data\microsoft\svchost.exe by: Startup scan. Action:
Terminate Process Required. Action Description:

[ System Events ]
Error - 11/13/2010 5:54:16 PM | Computer Name = LENOVO-78548A51 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 11/13/2010 5:54:16 PM | Computer Name = LENOVO-78548A51 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/14/2010 11:11:48 AM | Computer Name = LENOVO-78548A51 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/14/2010 11:12:46 AM | Computer Name = LENOVO-78548A51 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/14/2010 11:12:47 AM | Computer Name = LENOVO-78548A51 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC00000B5'
while processing the file 'Client Security Solution' on the volume 'HarddiskVolume1'.
It has stopped monitoring the volume.

Error - 11/14/2010 2:08:47 PM | Computer Name = LENOVO-78548A51 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/14/2010 9:56:35 PM | Computer Name = LENOVO-78548A51 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/14/2010 10:19:34 PM | Computer Name = LENOVO-78548A51 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/14/2010 10:20:37 PM | Computer Name = LENOVO-78548A51 | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 11/14/2010 10:38:52 PM | Computer Name = LENOVO-78548A51 | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

[ TuneUp Events ]
Error - 8/25/2010 10:37:17 PM | Computer Name = LENOVO-78548A51 | Source = TuneUp.UtilitiesSvc | ID = 300
Description =


< End of report >

Edited by Fourthand26, 16 November 2010 - 09:28 AM.

  • 0

#3
Fourthand26

Fourthand26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I deleted the file "dwm.exe" last night, and now nothing shows up in the virus scans. However, when I log onto the computer, a box pops up saying "Windows cannot find 'C:\DOCUME~1\Josh\LOCALS~1\Temp\dwm.exe'." So I feel like there's still something on the computer trying to get the file to run, which I'm unable to find myself.

Here's an updated OTL scan.

OTL logfile created on: 11/16/2010 9:19:24 AM - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Josh\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.47 Gb Total Space | 8.73 Gb Free Space | 6.08% Space Free | Partition Type: NTFS

Computer Name: LENOVO-78548A51 | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 20:45:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\Downloads\OTL.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/10/20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/10/16 20:33:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/03 18:19:08 | 000,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/08/03 18:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 17:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 17:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 17:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/05/31 04:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/08 15:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/29 21:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 18:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 20:45:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/05 10:45:54 | 000,229,376 | ---- | M] (Puran Software) [Disabled | Stopped] -- C:\WINDOWS\System32\PuranDefragS.exe -- (PuranDefrag)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/10/20 10:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/01/29 18:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/10/16 20:33:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/03 18:19:08 | 000,722,232 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/08/03 18:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/05 17:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 17:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/05/31 04:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/04/16 13:33:18 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/04/16 13:21:20 | 000,983,040 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/04/16 13:14:24 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/03/14 18:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 16:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/02/08 15:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 15:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 13:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/02/05 09:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 09:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/29 21:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/05/23 23:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - [2010/09/29 02:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101115.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/29 02:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101115.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/28 02:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 02:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/26 15:01:31 | 000,277,784 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/12/29 14:10:04 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2009/12/29 14:09:44 | 000,024,192 | ---- | M] (The Nielsen Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - [2009/12/29 14:08:04 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2009/12/29 14:08:02 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/04/22 14:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/02/08 23:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2009/01/15 16:07:38 | 000,043,168 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009/01/08 18:00:54 | 000,016,640 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DsAudioDevice_282.sys -- (DsAudioDevice_282)
DRV - [2008/08/24 20:14:04 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/12 13:35:55 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/01/12 13:34:55 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007/12/06 10:22:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/11/29 12:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/10/24 23:19:00 | 000,153,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/16 20:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/10/16 20:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/08/08 19:28:50 | 005,765,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/08 05:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/29 20:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 19:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/31 04:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/05/22 17:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 01:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/05/01 20:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/04/30 08:37:20 | 002,206,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/04/27 01:00:58 | 000,666,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - [2007/04/02 13:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/03/29 17:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/03/25 07:43:00 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/03/25 07:43:00 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/25 07:42:00 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/03/15 00:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
DRV - [2007/03/14 23:50:08 | 000,040,848 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2007/02/12 16:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 16:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/02/08 14:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/10 15:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/06 02:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/22 19:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/03/01 05:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/02 07:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 07:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 07:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 07:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 07:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 07:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 07:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 14:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 14:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 07:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/11/08 11:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/05/17 12:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/08/03 16:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/11 01:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 06:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...rud=02-05-2010"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {51ef49d2-624b-4194-8b97-1c468e9b0efe}:1.300.346
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "https://www.mypoints...&fctb.dns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/29 18:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter3\FFAddon\ [2010/09/14 17:01:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/15 18:28:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/10 16:30:02 | 000,000,000 | ---D | M]

[2008/09/20 21:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions
[2010/11/16 09:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions
[2010/11/06 23:40:39 | 000,000,000 | ---D | M] (MyPoints Point Finder) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}
[2010/08/18 23:20:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 23:35:06 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/09/19 12:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\vshare@toolbar
[2010/05/02 09:43:38 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\searchplugins\AIM Search.xml
[2010/05/02 10:59:10 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\searchplugins\aol-search.xml
[2009/05/02 09:56:43 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\searchplugins\live-search.xml
[2010/11/15 22:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/11 16:41:09 | 000,508,672 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Mozilla Firefox\components\IdVault.XPCOM.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/02/15 23:40:27 | 000,292,053 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - Reg Error: Value error. File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CamserviceOG] C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\5.0 ( File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\Josh\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Josh\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
F3 - HKCU WinNT: Load - (C:\DOCUME~1\Josh\LOCALS~1\Temp\dwm.exe) - C:\DOCUME~1\Josh\LOCALS~1\Temp\dwm.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1216251367330 (WUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Josh\My Documents\My Pictures\VideoCallSnapshotWallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh\My Documents\My Pictures\VideoCallSnapshotWallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 01:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/06 04:58:36 | 000,000,198 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell - "" = AutoRun
O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/05/23 09:04:24 | 000,921,600 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/05/23 09:04:24 | 000,921,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 16:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\RegRun2
[2010/11/15 16:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/10/17 22:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/17 11:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2008/01/12 13:17:13 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/01/12 13:17:13 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/16 09:10:59 | 000,025,384 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/11/16 09:10:06 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/16 09:10:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3297437066-2062060420-1293268813-1009.job
[2010/11/16 09:08:59 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/11/16 09:08:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 09:08:40 | 2137,305,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/15 23:46:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3297437066-2062060420-1293268813-1009UA.job
[2010/11/15 22:22:24 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/11/15 21:46:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3297437066-2062060420-1293268813-1009Core.job
[2010/11/15 19:34:07 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/15 16:30:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/15 16:30:14 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/11/15 16:30:14 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/11/15 07:30:49 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Go4.lnk
[2010/11/15 07:20:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3297437066-2062060420-1293268813-1009.job
[2010/11/14 20:33:50 | 000,025,086 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\ObjectificationTheoryPaper.docx
[2010/11/07 09:24:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/11/07 07:45:13 | 000,491,860 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 07:45:13 | 000,090,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 22:20:23 | 2137,305,088 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/15 16:30:14 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/11/15 07:30:49 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Go4.lnk
[2010/11/15 07:23:27 | 000,005,374 | ---- | C] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\AutobahnAcceleratorInstall.txt
[2010/11/13 22:25:36 | 000,025,086 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\ObjectificationTheoryPaper.docx
[2010/06/18 08:51:03 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2010/03/25 12:41:25 | 000,001,164 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/25 23:13:00 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/27 12:36:21 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/24 20:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/24 19:57:29 | 000,008,633 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/07/22 22:15:51 | 000,002,686 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/18 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/22 02:36:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/12 13:34:27 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/01/12 13:28:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/12 13:26:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/12 13:26:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/12 13:26:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/12 13:26:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/12 13:26:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/12 13:26:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/01/12 13:19:59 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/01/12 13:19:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2008/01/12 13:17:53 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/01/12 13:17:13 | 003,482,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/01/12 13:17:13 | 000,027,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/01/12 13:17:13 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2008/01/12 13:15:39 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/07/27 00:37:40 | 000,025,384 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/07/27 00:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/01/16 09:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 16:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 01:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 01:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 00:45:50 | 000,277,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2006/04/29 18:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2008/07/16 17:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/02 09:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/28 12:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2008/08/01 01:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/07/04 17:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/01/12 13:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/01/20 14:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/08/15 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/23 11:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/01/12 14:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2009/06/11 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/28 12:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2009/03/22 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/30 16:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 14:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/23 11:50:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2008/07/16 17:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\acccore
[2010/03/25 17:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\AD2C74113C6146C04F4B34056417B767
[2010/08/30 16:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Audacity
[2009/07/03 14:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\BallStat
[2009/11/21 14:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\FCTB000060497
[2008/08/15 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\funkitron
[2009/01/19 12:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\goombah
[2010/03/20 22:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\gtk-2.0
[2010/05/02 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\ID Vault
[2008/12/25 23:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\InterVideo
[2010/03/26 12:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\IObit
[2008/07/31 00:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\iWin
[2008/07/31 01:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\iWinArcade
[2008/07/15 02:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Leadertech
[2008/10/27 22:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Lenovo
[2009/02/08 22:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Ruckus Network
[2010/04/09 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\StreamTorrent
[2010/08/23 11:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TuneUp Software
[2010/08/23 12:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\uTorrent
[2008/11/11 17:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Viewpoint
[2010/11/15 22:22:24 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFA9D961
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F664613B

< End of report >
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Check the box beside Scan All Users
  • Under File Age: change it from 30 Days to 90 Days.
  • Check the boxes beside LOP Check and Purity Check.
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#5
Fourthand26

Fourthand26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thank you so much for helping me out. I ran the scan, but only OTL.exe showed up afterward. I noticed that the box "Extra Registry" was checked 'none.' Is it supposed to be something else? Anyhow, here's the OTL.exe.

OTL logfile created on: 11/16/2010 3:41:34 PM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Josh\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.47 Gb Total Space | 8.72 Gb Free Space | 6.08% Space Free | Partition Type: NTFS
Drive E: | 4.09 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 973.73 Mb Total Space | 886.34 Mb Free Space | 91.03% Space Free | Partition Type: FAT

Computer Name: LENOVO-78548A51 | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Josh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Documents and Settings\Josh\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
PRC - C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
PRC - C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Documents and Settings\Josh\Application Data\U3\0B610760A3B3898B\Launchpad.exe ()
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - c:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\Installshield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\Installshield\UpdateService\agent.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Josh\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\NetRatingsNetSight\NetSight\meter3\nphooks.dll (The Nielsen Company)
MOD - C:\Program Files\NetRatingsNetSight\NetSight\meter3\communication.dll ()
MOD - C:\Program Files\NetRatingsNetSight\NetSight\meter3\nscore.dll (The Nielsen Company)
MOD - C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_banner.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_think_res.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\csswait.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\cssuserdatadispatcher.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\tcsrpc.dll (Lenovo)
MOD - C:\WINDOWS\system32\tvttsp.dll (Lenovo)
MOD - C:\Program Files\Common Files\Lenovo\tvt_think_res.dll (Lenovo Group Limited)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (PuranDefrag) -- C:\WINDOWS\System32\PuranDefragS.exe (Puran Software)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (PcdrNdisuio) -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101115.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101115.002\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys ()
DRV - (NielGfx) -- C:\WINDOWS\system32\drivers\nielgfx.sys (The Nielsen Company)
DRV - (nielprt) -- C:\WINDOWS\system32\DRIVERS\nielprt.sys (The Nielsen Company)
DRV - (nnrnstdi) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys (The Nielsen Company)
DRV - (km_filter) -- C:\WINDOWS\system32\drivers\km_filter.sys (The Nielsen Company)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (hxctlflt) -- C:\WINDOWS\system32\drivers\hxctlflt.sys (Guillemot Corporation)
DRV - (tbhsd) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (DsAudioDevice_282) -- C:\WINDOWS\system32\drivers\DsAudioDevice_282.sys (Wondershare)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAudN.sys (Conexant Systems Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (atmeltpm) -- C:\WINDOWS\system32\drivers\atmeltpm.sys (Atmel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...rud=02-05-2010"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {51ef49d2-624b-4194-8b97-1c468e9b0efe}:1.300.346
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..keyword.URL: "https://www.mypoints...&fctb.dns=1&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/29 18:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter3\FFAddon\ [2010/09/14 17:01:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/15 18:28:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/10 16:30:02 | 000,000,000 | ---D | M]

[2008/09/20 21:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Extensions
[2010/11/16 09:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions
[2010/11/06 23:40:39 | 000,000,000 | ---D | M] (MyPoints Point Finder) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{51ef49d2-624b-4194-8b97-1c468e9b0efe}
[2010/08/18 23:20:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 23:35:06 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/09/19 12:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\vshare@toolbar
[2010/05/02 09:43:38 | 000,001,490 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\searchplugins\AIM Search.xml
[2010/05/02 10:59:10 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\searchplugins\aol-search.xml
[2009/05/02 09:56:43 | 000,001,703 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\searchplugins\live-search.xml
[2010/11/15 22:35:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/11 16:41:09 | 000,508,672 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Mozilla Firefox\components\IdVault.XPCOM.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/02/15 23:40:27 | 000,292,053 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - Reg Error: Value error. File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CamserviceOG] C:\Program Files\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla\5.0 ( File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\Josh\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Documents and Settings\Josh\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe ()
F3 - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009 WinNT: Load - (C:\DOCUME~1\Josh\LOCALS~1\Temp\dwm.exe) - C:\DOCUME~1\Josh\LOCALS~1\Temp\dwm.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1216251367330 (WUWebControl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 01:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/06 04:58:36 | 000,000,198 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell - "" = AutoRun
O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/05/23 09:04:24 | 000,921,600 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/05/23 09:04:24 | 000,921,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: klmdb.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 90 Days ==========

[2010/11/16 15:39:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\OTL.exe
[2010/11/15 16:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\RegRun2
[2010/11/15 16:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/10/17 22:10:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/17 11:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/10/14 09:09:29 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/14 09:08:30 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/14 09:08:30 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 09:08:29 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 22:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Desktop\School
[2010/10/04 23:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\My Documents\German
[2010/10/01 19:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/10/01 19:25:38 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/10/01 19:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Desktop\hi
[2010/09/28 14:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/28 14:43:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/28 14:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/18 11:23:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010/09/17 17:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\.autobahn
[2010/09/17 17:39:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Local Settings\Application Data\Autobahn
[2010/09/14 16:59:00 | 000,015,360 | ---- | C] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nnrnstdi.sys
[2010/09/14 16:59:00 | 000,010,368 | ---- | C] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\km_filter.sys
[2010/09/14 16:58:33 | 000,024,192 | ---- | C] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nielprt.sys
[2010/09/14 16:58:33 | 000,009,088 | ---- | C] (The Nielsen Company) -- C:\WINDOWS\System32\drivers\nielgfx.sys
[2010/09/08 10:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/09/08 10:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/08/26 23:57:43 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010/08/24 13:53:37 | 000,099,968 | ---- | C] (Guillemot Corporation) -- C:\WINDOWS\System32\drivers\hxctlflt.sys
[2010/08/24 13:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\Hercules
[2010/08/23 11:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Application Data\TuneUp Software
[2010/08/23 11:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/08/23 11:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/08/23 11:50:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2008/01/12 13:17:13 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/01/12 13:17:13 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/11/16 15:37:04 | 000,025,384 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/11/16 15:37:03 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/11/16 15:36:25 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/16 15:36:21 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3297437066-2062060420-1293268813-1009.job
[2010/11/16 15:34:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\OTL.exe
[2010/11/16 15:34:56 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/11/16 15:34:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/16 15:34:40 | 2137,305,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/16 09:46:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3297437066-2062060420-1293268813-1009UA.job
[2010/11/15 21:46:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3297437066-2062060420-1293268813-1009Core.job
[2010/11/15 19:34:07 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/11/15 16:30:14 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/15 16:30:14 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/11/15 16:30:14 | 000,000,002 | RHS- | M] () -- C:\WINDOWS\winstart.bat
[2010/11/15 07:30:49 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Go4.lnk
[2010/11/15 07:20:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3297437066-2062060420-1293268813-1009.job
[2010/11/14 20:33:50 | 000,025,086 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\ObjectificationTheoryPaper.docx
[2010/11/07 09:24:19 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/11/07 07:45:13 | 000,491,860 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/07 07:45:13 | 000,090,504 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 14:35:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/10/15 07:19:24 | 000,287,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/14 23:51:20 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 22:11:28 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/03 18:15:35 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Family Wish List.doc
[2010/09/19 11:10:14 | 000,012,211 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\Signature.docx
[2010/09/18 11:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2010/09/18 11:23:26 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42u.dll
[2010/09/18 00:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42.dll
[2010/09/18 00:53:25 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/09/18 00:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40.dll
[2010/09/18 00:53:25 | 000,954,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/09/18 00:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc40u.dll
[2010/09/18 00:53:25 | 000,953,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/09/17 17:39:55 | 000,001,128 | ---- | M] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
[2010/09/17 11:10:12 | 000,014,965 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\Aristophanes Apparatus.docx
[2010/09/16 17:52:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/12 21:32:38 | 000,012,089 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Fall 2010 Schedule.xlsx
[2010/09/09 23:58:08 | 005,957,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/09/09 23:58:08 | 001,210,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/09/09 23:58:08 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/09/09 23:58:08 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/09/09 23:58:08 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/09/09 23:58:08 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/09/09 23:58:08 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/09/09 23:58:06 | 001,986,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/09/09 23:58:06 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/09/09 23:58:06 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/09/09 23:58:06 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/09/09 23:58:06 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/09/09 23:58:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/09/09 23:58:06 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/09/09 23:58:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2010/09/09 23:58:06 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2010/09/09 23:58:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/09/09 23:58:06 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/09/09 23:58:05 | 011,080,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/09/09 23:58:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/09/09 23:58:05 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/09/09 23:58:03 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/09/09 23:58:03 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/09/09 23:58:03 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/09/08 10:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2010/09/08 10:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2010/09/01 05:51:14 | 000,285,824 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2010/09/01 05:51:14 | 000,285,824 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2010/08/31 07:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2010/08/31 07:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2010/08/27 02:02:29 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2010/08/27 02:02:29 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/08/26 23:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srvsvc.dll
[2010/08/26 07:39:50 | 000,357,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/08/26 06:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/08/26 06:22:20 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2010/08/25 22:36:02 | 010,841,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmp.dll
[2010/08/23 10:12:04 | 000,617,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/15 22:20:23 | 2137,305,088 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/15 16:30:14 | 000,000,002 | RHS- | C] () -- C:\WINDOWS\winstart.bat
[2010/11/15 07:30:49 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Go4.lnk
[2010/11/15 07:23:27 | 000,005,374 | ---- | C] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\AutobahnAcceleratorInstall.txt
[2010/11/13 22:25:36 | 000,025,086 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\ObjectificationTheoryPaper.docx
[2010/10/01 19:25:40 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/28 14:53:01 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/09/22 19:15:40 | 000,014,965 | ---- | C] () -- C:\Documents and Settings\Josh\My Documents\Aristophanes Apparatus.docx
[2010/09/17 17:39:55 | 000,001,128 | ---- | C] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk
[2010/09/16 17:52:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/15 06:42:38 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/08/25 21:15:21 | 000,012,089 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Fall 2010 Schedule.xlsx
[2010/06/18 08:51:03 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2010/03/25 12:41:25 | 000,001,164 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/25 23:13:00 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/27 12:36:21 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/24 20:27:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/08/24 19:57:29 | 000,008,633 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/07/22 22:15:51 | 000,002,686 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/06/18 14:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/05/22 02:36:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/01/12 13:34:27 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/01/12 13:28:23 | 000,000,433 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/12 13:26:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/12 13:26:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/12 13:26:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/12 13:26:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/12 13:26:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/12 13:26:30 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/01/12 13:19:59 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/01/12 13:19:59 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2008/01/12 13:17:53 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/01/12 13:17:13 | 003,482,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/01/12 13:17:13 | 000,027,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008/01/12 13:17:13 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2008/01/12 13:15:39 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/07/27 00:37:40 | 000,025,384 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/07/27 00:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/01/16 09:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 16:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 01:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 01:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 00:45:50 | 000,277,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2006/04/29 18:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2008/07/04 17:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2008/07/16 17:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/05/02 09:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/28 12:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2008/08/01 01:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/07/04 17:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/01/12 13:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/01/20 14:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/08/15 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/23 11:52:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/01/12 14:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2009/06/11 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/28 12:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2009/03/22 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/30 16:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 15:41:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/11 14:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/08/23 11:50:19 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2008/07/04 17:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2008/07/16 17:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\acccore
[2010/03/25 17:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\AD2C74113C6146C04F4B34056417B767
[2010/08/30 16:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Audacity
[2009/07/03 14:11:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\BallStat
[2009/11/21 14:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\FCTB000060497
[2008/08/15 21:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\funkitron
[2009/01/19 12:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\goombah
[2010/03/20 22:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\gtk-2.0
[2010/05/02 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\ID Vault
[2008/12/25 23:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\InterVideo
[2010/03/26 12:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\IObit
[2008/07/31 00:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\iWin
[2008/07/31 01:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\iWinArcade
[2008/07/15 02:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Leadertech
[2008/10/27 22:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Lenovo
[2009/02/08 22:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Ruckus Network
[2010/04/09 18:07:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\StreamTorrent
[2010/08/23 11:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\TuneUp Software
[2010/08/23 12:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\uTorrent
[2008/11/11 17:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Viewpoint
[2010/11/16 15:37:03 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/12/10 19:41:59 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2006/04/30 01:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/05/22 03:07:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2006/04/30 01:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/01/12 13:27:52 | 000,002,291 | ---- | M] () -- C:\drivez.log
[2006/04/13 23:55:44 | 000,000,529 | ---- | M] () -- C:\dsbHSM.inf
[2010/11/16 15:34:40 | 2137,305,088 | -HS- | M] () -- C:\hiberfil.sys
[2006/04/30 01:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/02 09:43:45 | 000,001,194 | -H-- | M] () -- C:\IPH.PH
[2006/04/30 01:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/09/14 16:54:25 | 000,000,439 | ---- | M] () -- C:\nsinst.log
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/01 09:55:08 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/11/16 15:34:38 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/03/25 10:42:34 | 000,000,483 | ---- | M] () -- C:\rkill.log
[2008/01/12 13:18:11 | 000,000,086 | ---- | M] () -- C:\setup.log
[2008/07/30 23:39:44 | 000,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/01/07 11:52:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/07/30 23:39:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/07 11:52:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/01/12 13:01:50 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl
[2010/03/26 14:59:49 | 000,017,214 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_26.03.2010_15.59.47_log.txt
[2010/11/16 15:34:48 | 000,016,152 | ---- | M] () -- C:\TPHKLOCK.TXT
[2009/08/20 08:30:11 | 000,000,922 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/04/30 01:12:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/10/20 19:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/04/29 18:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 18:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 18:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/01 10:02:12 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2007/02/09 10:31:08 | 000,004,608 | ---- | M] () -- C:\WINDOWS\system32\Thumbs.db
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/07/05 07:06:37 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/04/30 01:21:31 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/19 10:53:02 | 000,013,022 | ---- | M] () -- C:\WINDOWS\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/07/05 07:06:37 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Josh\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/30 16:36:31 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Josh\Cookies\desktop.ini
[2010/11/16 15:39:09 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\Josh\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2007/05/01 01:15:06 | 000,600,592 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2008/04/13 18:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/11/16 09:51:40 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Josh\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >
[2010/11/15 07:51:22 | 000,132,608 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Windows\SHELL.EXE.del

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2007/10/19 20:00:40 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzmcp01.exe

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.rpv /x >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< %ProgramFiles%\Microsoft\*.* >

< %systemroot%\usgwmt\*.* >

< %ProgramFiles%\B\*.* >

< %SYSTEMDRIVE%\lspp\*.* >

< %systemroot%\Kral\*.* >

< %SYSTEMDRIVE%\windowsdvd.exe\*.* >

< %systemroot%\system32\*.ipo >

< %SYSTEMDRIVE%\usxxxxxxxx.exe\*.* >

< %systemroot%\system32\*.mof >

< %systemroot%\*.atm >

< %systemroot%\system32\svhost\*.* >

< %ProgramFiles%\system32\*.* >

< %ProgramFiles%\Docmentt\*.* >

< %systemroot%\Help\*.vbs >

< %ProgramFiles%\Windows WinSxs\*.* /s >

< %ProgramFiles%\Outlook Express\IDT\*.* /s >

< %ProgramFiles%\Microsoft Office\365\*.* /s >

< %ProgramFiles%\Windows Live\*.* >

< %systemroot%\system32\win32\*.* >

< %SYSTEMDRIVE%\RECYCLER\*.* >

< %systemroot%\Fresh1\*.* >

< %ProgramFiles%\Kekj\*.* /s >

< %systemroot%\GDU\*.* >

< %systemroot%\KA\*.* >

< %systemroot%\R\*.* >

< %systemroot%\system32\*.fyo >

< %USERPROFILE%\System\*.* >

< %systemroot%\Source\*.* >

< %systemroot%\system32\ac\*.* >

< %ProgramFiles%\MSDN\*.* >

< %AppData%\AdobeUM\winvcldll54\*.* /s >

< %ProgramFiles%\Internet Explorer\*.ico >

< %systemroot%\system32\*.ojo >

< %systemroot%\system32\d323s\*.* >

< %systemroot%\system32\re\*.* >

< %UserProfile%\Microsoft\*.dll >

< %UserProfile%\Microsoft\*.log >

< %systemroot%\Bios\*.* >

< %ProgramFiles%\Spool\*.* >

< %ProgramFiles%\promp3\*.* >

< %SYSTEMDRIVE%\Driver\*.* /s >

< %SYSTEMDRIVE%\inetserver.exe\*.* >

< %systemroot%\java\trustlib\*.* >

< %ProgramFiles%\Common Files\designer\*.exe >

< %ProgramFiles%\*. >
[2010/05/12 12:29:27 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/05/02 09:43:36 | 000,000,000 | ---D | M] -- C:\Program Files\AIM
[2008/01/12 13:19:11 | 000,000,000 | ---D | M] -- C:\Program Files\Apoint2K
[2008/08/21 13:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/01/19 12:16:52 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/09/28 14:40:40 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/10/01 19:25:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/01/12 12:50:08 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/04/09 23:35:11 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2008/01/12 13:16:55 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2008/01/12 13:18:50 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Line Detect
[2008/01/12 13:34:12 | 000,000,000 | ---D | M] -- C:\Program Files\Diskeeper Corporation
[2008/09/18 22:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Emergent Music LLC
[2009/04/22 20:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\Finale NotePad 2008
[2009/11/05 21:48:12 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2010/10/17 21:43:21 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/08/24 13:49:04 | 000,000,000 | ---D | M] -- C:\Program Files\Hercules
[2010/05/10 18:47:40 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/05/02 10:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\ID Vault
[2010/08/24 13:49:03 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/01/12 13:15:56 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/14 23:47:39 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/01/12 13:26:43 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/03/26 12:17:28 | 000,000,000 | ---D | M] -- C:\Program Files\IObit
[2010/09/28 14:51:47 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/28 14:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/03/28 09:21:10 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/01/01 12:47:59 | 000,000,000 | ---D | M] -- C:\Program Files\Lenovo
[2010/03/25 08:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/09/01 10:06:38 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/03/20 13:22:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/01/12 12:50:09 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/12/09 20:28:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/08/31 20:36:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/09/30 08:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/15 08:22:30 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/03/20 13:25:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2008/08/31 20:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/08/31 20:30:56 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/21 23:04:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/08/31 20:34:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/10 12:41:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/28 08:29:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/08/30 14:39:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mp3 My Mp3 2.0
[2008/08/31 20:36:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/01/12 12:50:10 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/01/12 12:50:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/01/12 13:15:35 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/07/30 01:53:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/01/12 13:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\Multimedia Center for Think Offerings
[2009/10/20 10:57:35 | 000,000,000 | ---D | M] -- C:\Program Files\mypoints
[2009/11/21 14:06:59 | 000,000,000 | ---D | M] -- C:\Program Files\MyPoints Toolbar 2.0
[2008/09/01 09:58:07 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/03/21 09:47:47 | 000,000,000 | ---D | M] -- C:\Program Files\NetRatingsNetSight
[2008/01/12 13:18:47 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2008/01/12 12:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/11 22:26:07 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/06/10 11:21:37 | 000,000,000 | ---D | M] -- C:\Program Files\PCDR5
[2010/07/07 09:36:31 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2009/01/20 14:37:25 | 000,000,000 | ---D | M] -- C:\Program Files\PixiePack Codec Pack
[2010/03/28 10:58:34 | 000,000,000 | ---D | M] -- C:\Program Files\Puran Defrag
[2010/09/28 14:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/01/20 14:35:28 | 000,000,000 | ---D | M] -- C:\Program Files\RapidSolution
[2009/01/06 14:18:39 | 000,000,000 | ---D | M] -- C:\Program Files\Ratajik Software
[2010/03/22 06:19:18 | 000,000,000 | ---D | M] -- C:\Program Files\real
[2009/08/21 00:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/07/31 02:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\Risk
[2008/08/24 20:11:31 | 000,000,000 | ---D | M] -- C:\Program Files\SAV1016
[2010/10/01 19:25:40 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/01/12 13:28:26 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/01/12 13:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Icons for Lenovo
[2010/06/18 08:51:28 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2009/01/03 09:31:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Online Entertainment
[2010/04/09 18:07:45 | 000,000,000 | ---D | M] -- C:\Program Files\StreamTorrent 1.0
[2008/08/24 20:14:05 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/11/16 15:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2008/01/12 13:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkPad
[2008/01/12 13:29:52 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkVantage
[2008/05/22 02:34:25 | 000,000,000 | ---D | M] -- C:\Program Files\ThinkVantage Fingerprint Software
[2010/09/14 16:07:00 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2010
[2010/10/01 19:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\TVAnts
[2010/11/15 19:21:43 | 000,000,000 | ---D | M] -- C:\Program Files\UnHackMe
[2008/01/12 12:50:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/07/28 12:16:46 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/04/05 14:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2008/07/16 17:23:08 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/02/14 14:24:28 | 000,000,000 | ---D | M] -- C:\Program Files\VodBurner
[2009/03/20 13:26:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/20 13:22:26 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/03/20 13:25:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live Toolbar
[2008/11/27 12:52:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008/11/27 12:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/09/01 09:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/12 12:50:17 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/01/12 12:50:17 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %systemroot%\system32\*.tso >

< %ALLUSERSPROFILE%\Documents\Server\*.* >

< %systemroot%\*.pif >
[2004/08/04 06:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif

< %systemroot%\system32\n7533\*.* >

< %systemroot%\Us18336\*.* >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.wgo >

< %systemroot%\system32\dllcache\*.com >

< %systemroot%\system32\dllchache\*.* >

< %systemroot%\system32\038840\*.* >

< %systemroot%\system32\13E92A\*.* >

< %systemroot%\system32\1CB5AD\*.* >

< %systemroot%\system32\52682A\*.* >

< %USERPROFILE%\My Documents\*.htm >

< %SYSTEMDRIVE%\Mr_CF\*.* >

< %USERPROFILE%\My Documents\*.dll >

< %USERPROFILE%\My Documents\*.ccc >

< %systemroot%\system32\Sis\*.* >

< %systemroot%\Microsft\*.* >

< %SYSTEMDRIVE%\driverwinx.exe\*.* >

< %systemroot%\BifroXx\*.* >

< %SYSTEMDRIVE%\TSTP\*.* >

< %systemroot%\winsn\*.* >

< %ProgramFiles%\windata\*.* >

< %SYSTEMDRIVE%\msixxxxxxx.exe\*.* >

< %systemroot%\system32\*.sao >

< %systemroot%\system32\*.iem >

< %systemroot%\system32\*.mdd >

< %systemroot%\system32\*.wlo >

< %systemroot%\system32\*.skn >

< %SYSTEMDRIVE%\Winup\*.* >

< %SYSTEMDRIVE%\test\*.* >

< %systemroot%\system32\med\*.* >

< %systemroot%\Bifrost\*.* >

< %systemroot%\system32\explorer.exe\*.* >

< %UserProfile%\UserData\*.dat /x >

< %SYSTEMDRIVE%\Arquivo de programas\*.* >

< %ProgramFiles%\tcpview\*.* >

< %systemroot%\system32\*.lyo >

< %ProgramFiles%\huanbang2\*.* >

< %systemroot%\winhuanbang\*.* >

< %systemroot%\minrsv.ini\*.* >

< %systemroot%\assembly\GAC\*.* >

< %AppData%\Adobe\crtmswin91\*.* >

< %ProgramFiles%\Windows NT\Accessories\*.exe >
[2010/07/12 06:55:03 | 000,218,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

< %systemroot%\system32\*.pdo >

< %SYSTEMDRIVE%\APPDATASH\*.* >

< %SYSTEMDRIVE%\sy\*.* >

< %systemroot%\*.cot >

< %systemroot%\system32\*.html >
[2008/01/12 13:34:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\AccConnAdvanced.html
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\win32.exe\*.* >

< %systemroot%\System32\9283\*.* >

< %systemroot%\System32\hardpol\*.* /s >

< %systemroot%\Fonts\*.dat >

< %ProgramFiles%\WinNTsystem operation\*.* >

< %SYSTEMDRIVE%\moneyxmexx.exe\*.* >

< %USERPROFILE%\Templates\*.exe >

< %SYSTEMDRIVE%\MSOCache\*.* >

< %systemroot%\inf\win\*.* >

< %SYSTEMDRIVE%\users\*.ini /x >

< %systemroot%\Media\*.exe >

< %systemroot%\Media\*.dll >

< %USERPROFILE%\Desktop\*.exe >
[2010/11/16 15:34:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\OTL.exe
[2007/09/05 15:21:35 | 001,803,968 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Quickstart Basic.exe

< %PROGRAMFILES%\*.* >

< %systemroot%\system\*.dat >

< %AppData%\AdobeUM\upldrvdrv2\*.* >

< %ProgramFiles%\wiselink\*.* >

< %systemroot%\*.wd >

< %systemroot%\boot\*.* >

< %systemroot%\ime\*.dll /x >

< %systemroot%\system32\GroupPolicy\User\Scripts\*.* /s >

< %systemroot%\system32\*.INS >

< %SYSTEMDRIVE%\Temporary\*.* >

< %AppData%\AdobeUM\vclvclupl66\*.* >

< %SYSTEMDRIVE%\KEY\*.* /s >

< %SYSTEMDRIVE%\INVRSO\*.* >

< %systemroot%\Config\Audit\*.* /s >

< %ProgramFiles%\facebook\*.* >

< %SystemRoot%\system32\___hptmp\*.* >

< %SystemRoot%\system32\Macromedia\*.* >

< %SystemRoot%\system32\Macrocmp\*.* >

< %systemroot%\ap0calypse_00CD1A40\*.* /s >

< %SYSTEMDRIVE%\bbotxxxxxx.exe\*.* >

< %systemroot%\cacher\*.* >

< %systemroot%\down\*.* >

< %systemroot%\up\*.* >

< %SYSTEMDRIVE%\bootstartx.exe\*.* >

< %systemroot%\system32\wbem\grpconv.exe >

< %SYSTEMDRIVE%\Zolander\*.* /s >

< %systemroot%\Media_\*.* >

< %systemroot%\SV1\*.* >

< %systemroot%\system32\Hotspot\*.* >

< %systemroot%\java\*.* >

< %systemroot%\system32\JAVA\*.* >

< %systemroot%\system32\syst\*.* >

< %systemroot%\msapps\*.* >

< %systemroot%\Fonts\*.html >

< %systemroot%\WinRecycleb\*.* >

< %systemroot%\system32\PassTools\*.* >

< %USERPROFILE%\Templates\*.txt >

< %systemroot%\system32\[bleep]\*.* >

< %systemroot%\system32\xmldm\*.* >

< %systemroot%\system32\ui\*.* /s >

< %SYSTEMDRIVE%\autorun.inf\*.* /s >

< %ProgramFiles%\autorun.inf\*.* /s >

< %ProgramFiles%\Windows Media Player\autorun.inf\*.* /s >

< %ProgramFiles%\Windows Media Player\c\*.* /s >

< %systemroot%\win\*.* >

< %systemroot%\system32\update_flash\*.* >

< %systemroot%\system32\dllcache\*.bak >

< %SYSTEMDRIVE%\wedfwefeee.exe\*.* >

< %SYSTEMDRIVE%\explorxxxx.exe\*.* >

< %USERPROFILE%\My Documents\Windows\*.* /s >

< %ProgramFiles%\Application\*.* >

< %systemroot%\Help\*.exe >

< %systemroot%\system32\dllcache\*.bat >

< %systemroot%\system32\User\*.* >

< %systemroot%\system32\eifrest\*.* >

< %SYSTEMDRIVE%\directory\*.* /s >

< %systemroot%\system32\programs\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main|DEPOff /rs >

< HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Driversx >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Driversx64 >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install /s >
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Change User Option]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run]
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Runonce]
"" =

< HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers >

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub)]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub)]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder)]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark)]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files]

< HKLM\Software\Policies\Microsoft\Windows\System\Scripts /s >

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download >
"CheckExeSignatures" = yes

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony\Providers|ProviderFileName6 /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-12 06:17:45

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFA9D961
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F664613B

< End of report >

Edited by Fourthand26, 16 November 2010 - 03:54 PM.

  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKU\S-1-5-21-3297437066-2062060420-1293268813-1009\..\URLSearchHook: - Reg Error: Key error. File not found
    O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
    O4 - HKLM..\RunOnceEx: [Title] File not found
    O32 - AutoRun File - [2006/06/06 04:58:36 | 000,000,198 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell - "" = AutoRun
    O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{469f3502-8f56-11dd-b9ea-001558ce1d79}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/05/23 09:04:24 | 000,921,600 | R--- | M] ()
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/05/23 09:04:24 | 000,921,600 | R--- | M] ()
    [2010/11/15 07:51:22 | 000,132,608 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Windows\SHELL.EXE.del
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.




Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#7
Fourthand26

Fourthand26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
TDSKiller

2010/11/17 11:35:18.0000 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12
2010/11/17 11:35:18.0000 ================================================================================
2010/11/17 11:35:18.0000 SystemInfo:
2010/11/17 11:35:18.0000
2010/11/17 11:35:18.0000 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/17 11:35:18.0000 Product type: Workstation
2010/11/17 11:35:18.0000 ComputerName: LENOVO-78548A51
2010/11/17 11:35:18.0000 UserName: Josh
2010/11/17 11:35:18.0000 Windows directory: C:\WINDOWS
2010/11/17 11:35:18.0000 System windows directory: C:\WINDOWS
2010/11/17 11:35:18.0000 Processor architecture: Intel x86
2010/11/17 11:35:18.0000 Number of processors: 2
2010/11/17 11:35:18.0000 Page size: 0x1000
2010/11/17 11:35:18.0000 Boot type: Normal boot
2010/11/17 11:35:18.0000 ================================================================================
2010/11/17 11:35:18.0468 Initialize success
2010/11/17 11:35:39.0968 ================================================================================
2010/11/17 11:35:39.0968 Scan started
2010/11/17 11:35:39.0968 Mode: Manual;
2010/11/17 11:35:39.0968 ================================================================================
2010/11/17 11:35:41.0500 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/17 11:35:41.0578 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2010/11/17 11:35:41.0671 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/17 11:35:41.0703 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/17 11:35:41.0750 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/17 11:35:41.0796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/17 11:35:41.0968 AegisP (a1ad1a4a9f18d900ca9c93fa3efdcb56) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/17 11:35:42.0046 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/17 11:35:42.0250 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/17 11:35:42.0328 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/17 11:35:42.0390 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/17 11:35:42.0468 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/17 11:35:43.0109 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/17 11:35:43.0187 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/17 11:35:43.0250 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/17 11:35:43.0296 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/17 11:35:43.0406 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/17 11:35:43.0515 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
2010/11/17 11:35:43.0546 ApfiltrService (bb53e21960498ebacb7d2e676f034083) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/11/17 11:35:43.0687 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/17 11:35:43.0734 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/17 11:35:43.0765 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/17 11:35:43.0812 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/17 11:35:43.0859 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/17 11:35:43.0937 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/17 11:35:43.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/17 11:35:44.0109 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
2010/11/17 11:35:44.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/17 11:35:44.0265 b57w2k (66dd574749c38153c6067ebba929befc) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/11/17 11:35:44.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/17 11:35:44.0500 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/17 11:35:44.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/17 11:35:44.0593 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/17 11:35:44.0640 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/17 11:35:44.0718 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/17 11:35:44.0828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/17 11:35:44.0875 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/17 11:35:45.0015 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/17 11:35:45.0062 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/17 11:35:45.0093 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/17 11:35:45.0140 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/17 11:35:45.0234 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/17 11:35:45.0281 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/17 11:35:45.0328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/17 11:35:45.0406 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/11/17 11:35:45.0437 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/11/17 11:35:45.0484 DLADResN (19e3db16de2bb3db81b172a78d140b03) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/11/17 11:35:45.0515 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/11/17 11:35:45.0546 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/11/17 11:35:45.0578 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/11/17 11:35:45.0609 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/11/17 11:35:45.0656 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/11/17 11:35:45.0718 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/11/17 11:35:45.0843 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/17 11:35:45.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/17 11:35:45.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/17 11:35:46.0000 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/17 11:35:46.0046 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/17 11:35:46.0187 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/17 11:35:46.0234 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/11/17 11:35:46.0265 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/11/17 11:35:46.0343 DsAudioDevice_282 (23020385d34e35dfc2d6503fa67d3ffc) C:\WINDOWS\system32\drivers\DsAudioDevice_282.sys
2010/11/17 11:35:46.0375 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/17 11:35:46.0703 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/11/17 11:35:46.0859 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/11/17 11:35:47.0359 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/17 11:35:47.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/17 11:35:47.0593 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/17 11:35:47.0625 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/17 11:35:47.0687 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/17 11:35:47.0781 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/17 11:35:47.0828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/17 11:35:47.0921 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/17 11:35:47.0968 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/17 11:35:48.0109 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/11/17 11:35:48.0250 HdAudAddService (8dc8b34992131eb4b4c71b1a47fdd21c) C:\WINDOWS\system32\drivers\CHDAudN.sys
2010/11/17 11:35:48.0421 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/17 11:35:48.0484 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/17 11:35:48.0546 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/17 11:35:48.0671 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/11/17 11:35:48.0718 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/11/17 11:35:48.0812 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/11/17 11:35:48.0906 HSFHWAZL (26d99cb5d30f79e4459d855af690decd) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/11/17 11:35:49.0015 HSF_DPV (491b8f394e56ff31d6740f7a34540716) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/11/17 11:35:49.0171 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/17 11:35:49.0265 hxctlflt (f02ea43ae8f936124debf5b87f12c795) C:\WINDOWS\system32\Drivers\hxctlflt.sys
2010/11/17 11:35:49.0328 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/17 11:35:49.0359 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/17 11:35:49.0453 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/17 11:35:49.0843 ialm (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/17 11:35:51.0343 iaStor (7abe4565144f6e9ac05547c998b6e518) C:\WINDOWS\system32\drivers\iaStor.sys
2010/11/17 11:35:51.0453 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
2010/11/17 11:35:51.0546 IBMTPCHK (083d095fed4b01fff9d501b98d50db68) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
2010/11/17 11:35:51.0687 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/17 11:35:51.0781 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/17 11:35:51.0828 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/17 11:35:51.0984 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/17 11:35:52.0046 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/17 11:35:52.0093 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/17 11:35:52.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/17 11:35:52.0250 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/17 11:35:52.0343 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/17 11:35:52.0390 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/17 11:35:52.0437 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/17 11:35:52.0515 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/11/17 11:35:52.0593 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/17 11:35:52.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/17 11:35:52.0781 km_filter (097ba59ba201c9270a704cc04670b553) C:\WINDOWS\system32\drivers\km_filter.sys
2010/11/17 11:35:52.0859 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/17 11:35:53.0093 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/17 11:35:53.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/17 11:35:53.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/17 11:35:53.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/17 11:35:53.0421 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/17 11:35:53.0531 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/17 11:35:53.0593 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/17 11:35:53.0703 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/17 11:35:53.0781 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/17 11:35:53.0921 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/17 11:35:53.0968 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/17 11:35:54.0000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/17 11:35:54.0109 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/17 11:35:54.0171 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/17 11:35:54.0328 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/17 11:35:54.0375 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/17 11:35:54.0500 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/17 11:35:54.0765 NAVENG (49d802531e5984cf1fe028c6c129b9d8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101115.002\naveng.sys
2010/11/17 11:35:54.0875 NAVEX15 (158676a5758c1fa519563b3e72fbf256) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101115.002\navex15.sys
2010/11/17 11:35:55.0234 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/17 11:35:55.0312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/17 11:35:55.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/17 11:35:55.0468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/17 11:35:55.0593 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/17 11:35:55.0671 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/17 11:35:55.0734 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/17 11:35:55.0781 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/17 11:35:55.0984 NETw4x32 (18b2d3e11ed7a3c898ade6a6692b6929) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2010/11/17 11:35:56.0593 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/17 11:35:56.0734 NielGfx (dc810d3a9c6ffa0d265776b72fe82cd1) C:\WINDOWS\system32\drivers\nielgfx.sys
2010/11/17 11:35:56.0859 nielprt (7cd1343788a92427f273ad5cc8bc272b) C:\WINDOWS\system32\DRIVERS\nielprt.sys
2010/11/17 11:35:56.0953 nnrnstdi (c6cd620d974e58bb5e93acb67d08db01) C:\WINDOWS\system32\drivers\nnrnstdi.sys
2010/11/17 11:35:57.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/17 11:35:57.0109 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/17 11:35:57.0296 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2010/11/17 11:35:57.0312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/17 11:35:57.0453 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/17 11:35:57.0578 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/17 11:35:57.0718 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/17 11:35:57.0796 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/17 11:35:57.0875 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/17 11:35:57.0921 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/17 11:35:58.0000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/17 11:35:58.0093 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/17 11:35:58.0140 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/17 11:35:58.0171 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/17 11:35:58.0359 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/17 11:35:58.0453 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/17 11:35:58.0562 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
2010/11/17 11:35:58.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/17 11:35:58.0750 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
2010/11/17 11:35:58.0812 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/11/17 11:35:58.0890 psadd (aac08defb15aaab00b30341c716efa35) C:\WINDOWS\system32\DRIVERS\psadd.sys
2010/11/17 11:35:58.0921 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/17 11:35:59.0000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/17 11:35:59.0109 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/17 11:35:59.0140 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/17 11:35:59.0187 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/17 11:35:59.0296 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/17 11:35:59.0343 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/17 11:35:59.0390 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/17 11:35:59.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/17 11:35:59.0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/17 11:35:59.0687 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/17 11:35:59.0734 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/17 11:35:59.0812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/17 11:35:59.0843 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/17 11:35:59.0875 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/17 11:35:59.0937 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/17 11:36:00.0015 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/17 11:36:00.0187 rimmptsk (c35ca13d3627ebd9dd12a23ce781bc3d) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2010/11/17 11:36:00.0234 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2010/11/17 11:36:00.0250 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2010/11/17 11:36:00.0359 s24trans (2220783b32a9f91df87f3e8315f091e7) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/17 11:36:00.0906 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2010/11/17 11:36:00.0953 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2010/11/17 11:36:01.0062 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/17 11:36:01.0156 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/17 11:36:01.0203 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/17 11:36:01.0281 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/17 11:36:01.0375 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/11/17 11:36:01.0453 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/11/17 11:36:01.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/11/17 11:36:01.0625 Shockprf (a3aee791db8c73882f4503bfaacd8c9e) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
2010/11/17 11:36:01.0765 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/17 11:36:01.0828 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/17 11:36:01.0921 smihlp (350483c5a139f8a39ed3191aff39bed0) C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys
2010/11/17 11:36:02.0171 SNP2UVC (a70f178299812dce4cc0e802d403be9b) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
2010/11/17 11:36:02.0421 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/17 11:36:02.0515 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/11/17 11:36:02.0593 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/17 11:36:02.0640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/17 11:36:02.0734 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/17 11:36:02.0843 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/17 11:36:02.0984 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/17 11:36:03.0015 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/17 11:36:03.0093 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/17 11:36:03.0171 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/17 11:36:03.0296 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/17 11:36:03.0406 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/11/17 11:36:03.0437 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/11/17 11:36:03.0500 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/17 11:36:03.0578 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/17 11:36:03.0640 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/17 11:36:03.0750 tbhsd (4a9525e7446c69b60903ffc1a44e96ca) C:\WINDOWS\system32\drivers\tbhsd.sys
2010/11/17 11:36:03.0890 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/17 11:36:03.0984 TcUsb (109d1f5cd9cc370a87901db3ddd533f1) C:\WINDOWS\system32\Drivers\tcusb.sys
2010/11/17 11:36:04.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/17 11:36:04.0125 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/17 11:36:04.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/17 11:36:04.0703 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/17 11:36:04.0812 TPDIGIMN (639ba7b37f25054cf5e82604e736d250) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
2010/11/17 11:36:04.0890 TPHKDRV (542770c8925e13b29b1ba63f05898058) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
2010/11/17 11:36:04.0984 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
2010/11/17 11:36:05.0062 TSMAPIP (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2010/11/17 11:36:05.0156 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
2010/11/17 11:36:05.0281 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys
2010/11/17 11:36:05.0343 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
2010/11/17 11:36:05.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/17 11:36:05.0468 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/17 11:36:05.0578 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/17 11:36:05.0656 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/17 11:36:05.0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/17 11:36:05.0906 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/17 11:36:06.0000 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/17 11:36:06.0046 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/17 11:36:06.0093 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/17 11:36:06.0156 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/17 11:36:06.0218 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/11/17 11:36:06.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/17 11:36:06.0328 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/17 11:36:06.0390 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/17 11:36:06.0453 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/17 11:36:06.0531 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/17 11:36:06.0625 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/11/17 11:36:06.0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/17 11:36:06.0906 winachsf (458b2e703b210683194158d639770588) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/17 11:36:07.0062 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/17 11:36:07.0140 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/17 11:36:07.0171 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/17 11:36:07.0281 ================================================================================
2010/11/17 11:36:07.0281 Scan finished
2010/11/17 11:36:07.0281 ================================================================================
  • 0

#8
Fourthand26

Fourthand26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Note: I wasn't able to install the Recovery Console, because I'm unable to access the internet on the infected computer.

ComboFix:

ComboFix 10-11-16.06 - Josh 11/17/2010 11:42:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1093 [GMT -6:00]
Running from: c:\documents and settings\Josh\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\Thumbs.db

----- BITS: Possible infected sites -----

hxxp://nexdef.mlb.com
hxxp://au.download.wij+|Cv+@J:NGD_DQ{zcxLJS@E9JJava Update
.
((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 17:20 . 2010-11-17 17:20 -------- d-----w- C:\_OTL
2010-11-15 22:30 . 2010-11-15 22:30 2 --shatr- c:\windows\winstart.bat
2010-11-15 22:30 . 2010-11-16 01:21 -------- d-----w- c:\program files\UnHackMe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 17:23 . 2006-04-30 06:55 974848 ------w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-04-30 06:55 974848 ------w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-04-30 06:55 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-04-30 06:55 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17 . 2010-09-08 16:17 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ------w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2006-04-30 06:55 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-04-30 06:55 1852800 ------w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-04-30 06:56 119808 ------w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-04-30 06:55 99840 ------w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-04-30 06:55 357248 ------w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-16 13:37 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-04-30 06:55 617472 ------w- c:\windows\system32\comctl32.dll
2010-03-11 22:41 . 2010-03-28 18:10 508672 ------w- c:\program files\mozilla firefox\components\IdVault.XPCOM.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{96b985b7-3cf9-456a-9db6-791710e60f5f}"= "c:\program files\MyPoints Toolbar 2.0\Helper.dll" [2009-11-21 242688]

[HKEY_CLASSES_ROOT\clsid\{96b985b7-3cf9-456a-9db6-791710e60f5f}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{9FEBEA6D-4801-4D23-97E7-A771B698E442}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A}]
2009-11-21 20:06 1440768 ------w- c:\program files\MyPoints Toolbar 2.0\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-21 1440768]

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{89A2510A-B4B6-4683-BEC9-1B96700BC7F1}"= "c:\program files\MyPoints Toolbar 2.0\Toolbar.dll" [2009-11-21 1440768]

[HKEY_CLASSES_ROOT\clsid\{89a2510a-b4b6-4683-bec9-1b96700bc7f1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{061ED138-E065-4356-82AA-578F7F1EEAF1}]
[HKEY_CLASSES_ROOT\FCTB000060497.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-15 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-12-06 200704]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-12-06 208896]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-11-29 59168]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-03-28 243248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-26 120368]
"AMSG"="c:\progra~1\THINKV~1\AMSG\amsg.exe" [2007-02-01 419376]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-19 196696]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-04 2630968]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"CamserviceOG"="c:\program files\Hercules\Deluxe Optical Glass\XtrCtrl.exe" [2009-10-19 2913576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-10-30 47456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - c:\documents and settings\Josh\Local Settings\Application Data\Autobahn\mlb-nexdef-autobahn.exe [2010-7-20 802960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-15 06:17 89600 ------w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim"="c:\program files\AIM\aim.exe" /d locale=en-US /HIDEBL
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"NielsenOnline"=c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\TroubleShooter.exe"=
"c:\\Program Files\\MyPoints Toolbar 2.0\\ToolbarUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Documents and Settings\\Josh\\Desktop\\Games\\zsnesw142\\zsnesw.exe"=
"c:\\Documents and Settings\\Josh\\Desktop\\Games\\Fusion.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\StreamTorrent 1.0\\StreamTorrent.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Hercules\\Deluxe Optical Glass\\XtrCtrl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [9/14/2010 4:58 PM 24192]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [10/16/2007 8:32 PM 19504]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [9/14/2010 4:59 PM 15360]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [3/15/2007 12:10 AM 11152]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 3:11 PM 569344]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/16/2008 5:23 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 11:20 AM 102448]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [9/14/2010 4:59 PM 10368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [5/22/2007 5:59 PM 30336]
S3 DsAudioDevice_282;DsAudioDevice_282;c:\windows\system32\drivers\DsAudioDevice_282.sys [1/20/2009 2:56 PM 16640]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [8/24/2010 1:53 PM 99968]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [9/14/2010 4:58 PM 9088]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 6:48 PM 116416]
S4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [3/28/2010 9:50 AM 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 21:04 8192 ------w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 17:34]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297437066-2062060420-1293268813-1009Core.job
- c:\documents and settings\Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-15 15:52]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3297437066-2062060420-1293268813-1009UA.job
- c:\documents and settings\Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-15 15:52]

2010-11-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2008-01-12 16:22]

2010-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3297437066-2062060420-1293268813-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-11-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3297437066-2062060420-1293268813-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=02-05-2010&tb_mrud=02-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxps://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q=
FF - component: c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Josh\Application Data\Mozilla\Firefox\Profiles\8e3a5gnp.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\program files\NetRatingsNetSight\NetSight\meter3\FFAddon\components\nsgkff36_meter3.dll
FF - plugin: c:\documents and settings\Josh\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Josh\Application Data\Move Networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Notify-ACNotify - ACNotify.dll
SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 11:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\SEPD.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(612)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\pscssint.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll

- - - - - - - > 'explorer.exe'(5032)
c:\windows\system32\WININET.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\program files\Lenovo\Client Security Solution\csswait.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\program files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Common Files\Lenovo\tvt_think_res.dll
c:\program files\Lenovo\Client Security Solution\css_think_res.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\wscntfy.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-11-17 11:58:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-17 17:58

Pre-Run: 9,699,409,920 bytes free
Post-Run: 9,519,607,808 bytes free

- - End Of File - - BE8E88563C96D451C051A9F7E85FB179
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
got your windows cd ?

any of these steps fix your internet ?

Please go to Start > Control Panel > Network and Internet Connections > Network Connections. Then right-click on your default connection, usually Local Area Connection or Dial-up Connection if you are using dial-up, and left-click on the Properties option. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says "Obtain DNS servers automatically". Click OK twice, and restart your computer.




Go to Start > Run.... In the Open: field type cmd and press the OK button. This will open a Command Prompt.
Type or copy & paste the entire contents inside the QUOTE box below into the command window:

ipconfig /flushdns

Hit Enter and exit the Command Prompt.



Go to Start then to run
type in Cmd and click Enter
Type in ipconfig /release all then click enter
Now type in ipconfig /renew all and click Enter
  • 0

#10
Fourthand26

Fourthand26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I'm sorry, I should have been more clear. I can't access the internet on that computer because I'm at school and the computer has been blocked from logging onto the internet system until I can get it cleaned up. The computer would be perfectly able to access the internet if it wasn't the university's system. So the virus hasn't caused a problem, it's just the system trying to protect itself. I've been transferring everything to/from it with a flash drive.
  • 0

#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
can you run a scan with mbam and post the results here

are you getting any more redirects ?

what is flagging cycbot ?
  • 0

#12
Fourthand26

Fourthand26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
The MBAM scan didn't find anything. It had showed up before on MBAM and on a Symantec AntiVirus scan (and doesn't show up on either now). I did quick scans with both of them. Is there still a problem, or do you think everything has been cleaned up?

Malwarebytes' Anti-Malware 1.44
Database version: 3911
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/17/2010 5:09:00 PM
mbam-log-2010-11-17 (17-09-00).txt

Scan type: Quick Scan
Objects scanned: 137845
Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#14
Fourthand26

Fourthand26

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thank you so much for helping me out. I really appreciate it.
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP