Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CoolWWW and Cycbot.B

Started by ZackPanda , Nov 17 2010 01:22 PM

  • Please log in to reply

#1
ZackPanda
Posted 17 November 2010 - 01:22 PM

ZackPanda

    New Member

  • Member
  • Pip
  • 5 posts
Last night (11/16/2010) around 10:27pm (give or take) my Windows Defender noticed a compromised file that was picked up from visiting a website I randomly wandered to that had the business address of a place I worked years back (I was making an incredibly complete CV and needed the address).
Windows defender tried to quarantine the files (see WinDef.jpg)

I noticed my internet browsers (after I had closed them) were tying to redirect to 127.0.0.1 for the http proxy. Just so I could get on the internet I switched it to "auto detect" and then ran Windows defender again and seemed satisfied.
This morning it happened again so I downloaded Spybot, ran that, and noticed that the registry key in software/microsoft/windows/currentversion/run/svchost was considered bad. I told spyware to get rid of it, but it came up in the next few scans anyway.
When I restarted the computer I had a warning that the dwm.exe file wasn't pointed to correctly, and Windows Def said this (see Windows Def Files.jpg)

Just so you know, I used spybot to disallow the changing of registry keys from the svchost thing and I quarantined the odd hijacking file in windows defender. But I still have the proxy problem when I go to get on the internet which means something is still around--and last time I started up my computer it had the dwm.exe error as well the Windows Defender warning of the need to clean the computer.

I downloaded HiJackThis! before I came on here, but that just confused me more. So I just ran the OTL scan and here are the results:

OTL logfile created on: 11/17/2010 1:15:31 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Zack\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 276.45 Gb Total Space | 114.56 Gb Free Space | 41.44% Space Free | Partition Type: NTFS

Computer Name: ZACK-VISTA | User Name: Zack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/17 12:43:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zack\Downloads\OTL.exe
PRC - [2010/10/28 10:51:14 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 10:51:13 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 00:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/01/07 10:08:50 | 000,019,456 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2007/11/22 17:09:26 | 000,181,536 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
PRC - [2007/11/19 13:23:04 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/10/16 20:33:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
PRC - [2007/08/09 12:45:36 | 000,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/08/09 12:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/09 14:40:30 | 001,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/07/05 17:49:18 | 000,128,296 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 17:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/07/05 17:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 17:48:54 | 000,206,120 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 17:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/05/31 04:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2007/03/08 23:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 22:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/01 23:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2007/02/05 16:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/01/29 21:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
PRC - [2007/01/08 22:03:26 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/01/08 22:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/01/08 21:49:46 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/15 18:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/11/15 18:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/11/07 04:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/09/06 01:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe


========== Modules (SafeList) ==========

MOD - [2010/11/17 12:43:29 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Zack\Downloads\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/22 11:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/31 12:36:04 | 000,326,792 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/01/07 10:08:50 | 000,019,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/11/19 13:23:04 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/10/16 20:33:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/08/09 12:45:36 | 000,722,232 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/08/09 12:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/05 17:48:54 | 000,206,120 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/07/05 17:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/05/31 04:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/03/29 15:11:46 | 000,441,136 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/03/01 23:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2007/02/05 16:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/29 21:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/08 22:03:26 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/01/08 22:01:46 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/15 18:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/08/04 12:15:36 | 000,033,736 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ymidusbw.sys -- (YMIDUSBW) Yamaha USB-MIDI Driver (WDM)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/06/09 12:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/05 17:43:32 | 000,223,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2008/02/11 13:11:58 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/01/19 01:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/18 23:53:39 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
DRV - [2007/12/06 11:11:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2007/10/24 23:19:00 | 000,153,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/16 20:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/10/16 20:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/10/04 14:14:44 | 000,348,160 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/08/08 05:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/29 20:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 19:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/31 04:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/05/22 17:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 01:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2007/04/29 15:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/03/29 12:46:00 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/03/13 18:13:54 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/03/13 18:13:32 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/03/13 18:13:30 | 000,098,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/03/13 18:13:30 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/03/13 18:13:28 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/03/13 18:13:26 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/03/13 18:13:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/03/13 18:13:24 | 000,104,824 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 03:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/26 23:20:00 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/02/26 23:20:00 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/02/16 17:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/02/11 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/09 14:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 22:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/12/21 20:50:00 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 20:49:00 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/21 20:48:00 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/28 01:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/06 02:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 03:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 03:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 01:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/10/18 20:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/08/30 04:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2005/07/19 17:42:22 | 000,073,152 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cur_serd.sys -- (cur_serd) Curitel Packet Service Diagnostic Serial Port (WDM)
DRV - [2005/07/19 17:40:56 | 000,093,328 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cur_mdm.sys -- (cur_mdm)
DRV - [2005/07/19 17:40:52 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cur_mdfl.sys -- (cur_mdfl)
DRV - [2005/07/19 17:39:24 | 000,057,744 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cur_bus.sys -- (cur_bus) Curitel USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...t&ltmplcache=2"
FF - prefs.js..extensions.enabledItems: {8EF3C9D8-C546-4A82-BDBB-7586CEE61714}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 22:05:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 22:05:35 | 000,000,000 | ---D | M]

[2009/08/08 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Mozilla\Extensions
[2009/08/08 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/11/16 18:08:18 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\xhuxnx5x.default\extensions
[2010/09/18 17:33:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\xhuxnx5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/02/27 13:23:26 | 000,001,068 | ---- | M] () -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\xhuxnx5x.default\searchplugins\wikipedia-english.xml
[2008/03/05 22:43:25 | 000,002,109 | ---- | M] () -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\xhuxnx5x.default\searchplugins\youtube-video-search.xml
[2010/10/16 23:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/28 20:21:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/24 14:35:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 23:00:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/14 14:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Digsby Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
F3 - HKCU WinNT: Load - (C:\Users\Zack\AppData\Local\Temp\dwm.exe) - C:\Users\Zack\AppData\Local\Temp\dwm.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Zack\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Zack\AppData\Roaming\Microsoft\Windows\shell.exe ()
O24 - Desktop WallPaper: C:\Users\Zack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4211b2af-df93-11de-ae6d-001e37231886}\Shell\AutoRun\command - "" = D:\FreeLoader.exe -- File not found
O33 - MountPoints2\{4c02b8e9-9d93-11df-8dee-001e37231886}\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{4c02b8e9-9d93-11df-8dee-001e37231886}\Shell\Shell00\Command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{4c02b8e9-9d93-11df-8dee-001e37231886}\Shell\Shell01\Command - "" = D:\Autorun.exe -- File not found
O33 - MountPoints2\{4c02b8e9-9d93-11df-8dee-001e37231886}\Shell\Shell02\Command - "" = D:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 11:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/17 11:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/03 16:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yamaha
[2010/11/03 16:18:02 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\Downloaded Installations
[2010/11/02 22:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/02 22:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/02 22:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/21 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\Zack\Desktop\Soccer_oct_2010
[2010/10/21 09:59:21 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\Windows Live
[2008/02/11 12:35:50 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/02/11 12:35:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/17 13:10:10 | 000,057,147 | ---- | M] () -- C:\Users\Zack\Desktop\WinDefFiles.jpg
[2010/11/17 13:06:10 | 000,181,361 | ---- | M] () -- C:\Users\Zack\Desktop\Registry pointing to dwv.docx
[2010/11/17 13:04:05 | 000,137,059 | ---- | M] () -- C:\Users\Zack\Desktop\WinDef.jpg
[2010/11/17 12:50:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 12:50:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 12:21:43 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2010/11/17 12:21:11 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2010/11/17 12:21:09 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/17 12:21:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/17 12:21:02 | 2145,697,792 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/17 11:00:36 | 000,001,065 | ---- | M] () -- C:\Users\Zack\Desktop\Spybot - Search & Destroy.lnk
[2010/11/17 01:06:14 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2010/11/16 21:20:08 | 001,504,312 | ---- | M] () -- C:\Users\Zack\Documents\ZackGauck_Horizon.zip
[2010/11/16 21:20:08 | 001,504,312 | ---- | M] () -- C:\Users\Zack\Desktop\ZackGauck_Horizon.zip
[2010/11/16 21:04:51 | 000,057,856 | ---- | M] () -- C:\Users\Zack\Desktop\Zack_CV.doc
[2010/11/16 18:02:27 | 000,660,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/16 18:02:27 | 000,126,222 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/09 18:15:17 | 000,012,225 | ---- | M] () -- C:\Users\Zack\Desktop\xmas2010.docx
[2010/11/02 22:08:15 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/01 20:54:59 | 000,547,840 | ---- | M] () -- C:\Users\Zack\Documents\2brhouseplans.doc
[2010/11/01 20:21:27 | 000,010,200 | ---- | M] () -- C:\Users\Zack\Documents\Jay from Horizon.docx
[2010/11/01 17:35:45 | 001,990,798 | ---- | M] () -- C:\Users\Zack\Documents\Planshouse.docx
[2010/10/31 18:20:12 | 000,005,043 | ---- | M] () -- C:\Users\Zack\Documents\GraphPaper1cm-1in.pdf
[2010/10/29 20:52:03 | 000,131,072 | ---- | M] () -- C:\Users\Zack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 23:08:36 | 000,019,207 | ---- | M] () -- C:\Users\Zack\Documents\Arbor Town.docx
[2010/10/26 20:02:44 | 000,011,410 | ---- | M] () -- C:\Users\Zack\Documents\ChinaInfo.docx
[2010/10/25 21:00:31 | 000,046,080 | ---- | M] () -- C:\Users\Zack\Desktop\Zack_Resume.doc
[2010/10/21 20:56:05 | 000,419,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/21 13:12:49 | 000,037,888 | ---- | M] () -- C:\Users\Zack\Desktop\CIEEAPP_Fin.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/17 13:10:07 | 000,057,147 | ---- | C] () -- C:\Users\Zack\Desktop\WinDefFiles.jpg
[2010/11/17 13:03:55 | 000,137,059 | ---- | C] () -- C:\Users\Zack\Desktop\WinDef.jpg
[2010/11/17 12:27:30 | 000,181,361 | ---- | C] () -- C:\Users\Zack\Desktop\Registry pointing to dwv.docx
[2010/11/17 11:00:36 | 000,001,065 | ---- | C] () -- C:\Users\Zack\Desktop\Spybot - Search & Destroy.lnk
[2010/11/16 21:20:24 | 001,504,312 | ---- | C] () -- C:\Users\Zack\Documents\ZackGauck_Horizon.zip
[2010/11/16 21:04:50 | 000,057,856 | ---- | C] () -- C:\Users\Zack\Desktop\Zack_CV.doc
[2010/11/16 18:02:12 | 001,504,312 | ---- | C] () -- C:\Users\Zack\Desktop\ZackGauck_Horizon.zip
[2010/11/08 23:44:44 | 000,012,225 | ---- | C] () -- C:\Users\Zack\Desktop\xmas2010.docx
[2010/11/02 22:08:15 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/01 20:54:58 | 000,547,840 | ---- | C] () -- C:\Users\Zack\Documents\2brhouseplans.doc
[2010/11/01 20:19:27 | 000,010,200 | ---- | C] () -- C:\Users\Zack\Documents\Jay from Horizon.docx
[2010/11/01 17:18:58 | 001,990,798 | ---- | C] () -- C:\Users\Zack\Documents\Planshouse.docx
[2010/10/31 18:20:12 | 000,005,043 | ---- | C] () -- C:\Users\Zack\Documents\GraphPaper1cm-1in.pdf
[2010/10/28 21:27:14 | 000,019,207 | ---- | C] () -- C:\Users\Zack\Documents\Arbor Town.docx
[2010/10/26 19:23:42 | 000,011,410 | ---- | C] () -- C:\Users\Zack\Documents\ChinaInfo.docx
[2010/10/25 21:00:45 | 000,046,080 | ---- | C] () -- C:\Users\Zack\Desktop\Zack_Resume.doc
[2010/09/28 20:23:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/18 21:29:12 | 000,000,120 | ---- | C] () -- C:\Users\Zack\AppData\Local\Igutadaj.dat
[2010/02/18 21:29:12 | 000,000,000 | ---- | C] () -- C:\Users\Zack\AppData\Local\Uwamoquq.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/11 11:28:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/05/22 16:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/11 13:04:14 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/03/11 13:04:14 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/02/22 21:20:31 | 000,131,072 | ---- | C] () -- C:\Users\Zack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 23:46:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/21 23:01:54 | 000,027,744 | ---- | C] () -- C:\Users\Zack\AppData\Roaming\nvModes.dat
[2008/02/21 23:01:54 | 000,027,744 | ---- | C] () -- C:\Users\Zack\AppData\Roaming\nvModes.001
[2008/02/21 21:51:41 | 000,001,356 | ---- | C] () -- C:\Users\Zack\AppData\Local\d3d9caps.dat
[2008/02/11 13:00:41 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/11 13:00:41 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/11 13:00:41 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/11 13:00:41 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/11 13:00:41 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/11 13:00:41 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/11 12:58:24 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/02/11 12:58:23 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/02/11 12:53:55 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/11 12:35:50 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/02/11 12:35:50 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/02/11 12:32:25 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2007/08/03 07:14:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/07/27 00:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2007/07/27 00:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2007/03/29 14:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/05 16:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2008/02/21 23:48:47 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\acccore
[2009/12/19 16:35:41 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Cakewalk
[2008/04/19 00:14:55 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Elluminate
[2010/09/01 11:52:06 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\GetRightToGo
[2009/12/30 16:18:39 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\IMVU
[2009/09/26 06:21:02 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\IMVUClient
[2010/08/31 22:45:42 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\InterVideo
[2008/02/21 22:44:38 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Leadertech
[2008/02/21 21:57:58 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Lenovo
[2008/08/25 11:47:44 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\LimeWire
[2009/02/09 22:19:54 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\NCH Swift Sound
[2009/01/04 22:54:23 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\NetMedia Providers
[2009/02/18 19:48:02 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Publish Providers
[2009/01/04 23:04:46 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Sony
[2009/10/03 15:02:25 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\WinFF
[2010/11/17 12:20:00 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/06/13 09:52:20 | 000,010,170 | ---- | M] ()(C:\Users\Zack\Documents\??.docx) -- C:\Users\Zack\Documents\雨衣.docx
[2010/06/13 09:50:47 | 000,010,170 | ---- | C] ()(C:\Users\Zack\Documents\??.docx) -- C:\Users\Zack\Documents\雨衣.docx

< End of report >


-Zack

Attached Thumbnails

  • WinDef.jpg
  • WinDefFiles.jpg

  • 0

Advertisements

#2
Rorschach112
Posted 17 November 2010 - 01:30 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

    Click me

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
ZackPanda
Posted 17 November 2010 - 02:31 PM

ZackPanda

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ComboFix Log:

ComboFix 10-11-17.01 - Zack 11/17/2010 14:08:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1006 [GMT -6:00]
Running from: c:\users\Zack\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Zack\AppData\Local\{8EF3C9D8-C546-4A82-BDBB-7586CEE61714}
c:\users\Zack\AppData\Local\{8EF3C9D8-C546-4A82-BDBB-7586CEE61714}\chrome.manifest
c:\users\Zack\AppData\Local\{8EF3C9D8-C546-4A82-BDBB-7586CEE61714}\chrome\content\_cfg.js
c:\users\Zack\AppData\Local\{8EF3C9D8-C546-4A82-BDBB-7586CEE61714}\chrome\content\overlay.xul
c:\users\Zack\AppData\Local\{8EF3C9D8-C546-4A82-BDBB-7586CEE61714}\install.rdf
c:\users\Zack\AppData\Roaming\Microsoft\stor.cfg
c:\users\Zack\AppData\Roaming\Microsoft\svchost.exe
c:\users\Zack\AppData\Roaming\Microsoft\Windows\shell.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))
.

2010-11-17 20:19 . 2010-11-17 20:19 -------- d-----w- C:\C
2010-11-17 20:16 . 2010-11-17 20:16 -------- d-----w- C:\Device
2010-11-17 20:15 . 2010-11-17 20:19 -------- d-----w- c:\users\Zack\AppData\Local\temp
2010-11-17 17:00 . 2010-11-17 19:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-17 17:00 . 2010-11-17 17:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-17 00:09 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{036589A7-3D7A-4FF6-8DEC-77F4EDF96C63}\mpengine.dll
2010-11-10 02:18 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-03 22:18 . 2010-11-03 22:18 -------- d-----w- c:\program files\Yamaha
2010-11-03 22:18 . 2010-11-03 22:18 -------- d-----w- c:\users\Zack\AppData\Local\Downloaded Installations
2010-11-03 04:07 . 2010-11-03 04:07 -------- d-----w- c:\program files\iPod
2010-11-03 04:01 . 2010-11-03 04:01 -------- d-----w- c:\program files\Bonjour
2010-10-26 20:42 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 20:42 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 20:42 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-21 16:00 . 2010-10-21 16:00 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\12f89a601cb713904\InstallManager_WLE_WLE.exe
2010-10-21 15:59 . 2010-10-31 21:17 -------- d-----w- c:\users\Zack\AppData\Local\Windows Live
2010-10-21 15:57 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-10-03 17:02 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-02-20 17:03 6146896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-23 05:47 . 2010-09-23 05:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-15 09:50 . 2010-07-24 20:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-14 05:20 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 17:23 . 2010-10-14 05:15 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 17:07 . 2010-10-14 05:15 834048 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:23 . 2010-10-14 05:15 389632 ----a-w- c:\windows\system32\html.iec
2010-09-06 16:20 . 2010-10-14 05:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19 . 2010-10-14 05:20 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-06 13:45 . 2010-10-14 05:20 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-09-06 13:45 . 2010-10-14 05:20 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-09-06 13:45 . 2010-10-14 05:20 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-08-31 15:46 . 2010-10-14 05:19 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46 . 2010-10-14 05:19 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44 . 2010-10-14 05:15 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27 . 2010-10-14 05:19 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37 . 2010-10-14 05:19 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:33 . 2010-10-26 20:42 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 20:42 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 20:42 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-26 20:42 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05 . 2010-10-14 05:20 867328 ----a-w- c:\windows\system32\wmpmde.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-05 172032]
"CameraApplicationLauncher"="c:\program files\Lenovo\Camera Center\bin\CameraApplicationLaunchpadLauncher.exe" [2007-08-23 16384]
"TpShocks"="TpShocks.exe" [2007-11-22 181536]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-09 2630968]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 124200]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 419112]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-11-16 217176]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2007-12-06 324896]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-09 1282048]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMSG]
2007-02-01 18:00 419376 ----a-w- c:\program files\ThinkVantage\AMSG\Amsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
2007-12-06 17:11 214576 ------w- c:\progra~1\ThinkPad\UTILIT~1\BTVLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
2007-03-28 17:32 243248 ------w- c:\progra~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 07:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LenovoOobeOffers]
2007-09-25 19:53 28672 ----a-w- c:\swtools\LenovoWelcome\LenovoOobeOffers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]
2007-04-26 17:10 120368 ------w- c:\progra~1\THINKV~1\PrdCtr\LPMGR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-06-09 18:23 13543968 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-09 18:23 92704 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2008-06-09 18:23 608800 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Prolific_OneButton]
2006-04-03 21:38 32768 ----a-r- c:\program files\Prolific\One Button\OneBtn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2007-03-13 17:05 1116920 ----a-w- c:\program files\Lenovo\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-01-31 18:35 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-02-22 09:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]
2007-11-29 18:04 59168 ------w- c:\program files\Lenovo\NPDIRECT\tpfnf7sp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
2007-11-19 19:23 487424 ----a-w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\cur_bus.sys [2005-07-19 57744]
R3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\DRIVERS\cur_mdfl.sys [2005-07-19 8336]
R3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\DRIVERS\cur_mdm.sys [2005-07-19 93328]
R3 cur_serd;Curitel Packet Service Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\cur_serd.sys [2005-07-19 73152]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2009-08-04 33736]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2007-10-17 19504]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2006-08-30 13744]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2007-03-02 55936]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-01-09 569344]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\xhuxnx5x.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-vptray - c:\progra~1\SYMANT~1\VPTray.exe
AddRemove-HijackThis - c:\users\Zack\Desktop\HijackThis.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5684)
c:\windows\system32\btncopy.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\conime.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft Security Essentials\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2010-11-17 14:28:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-17 20:27

Pre-Run: 122,225,573,888 bytes free
Post-Run: 120,755,494,912 bytes free

- - End Of File - - A096B928C460CA7D6F5208AB305A755F
  • 0

#4
Rorschach112
Posted 17 November 2010 - 02:35 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
open otl paste this in the custom scan box


c:\users\Zack\AppData\Roaming\Microsoft\*.* /s
C:\C\*.* /s
C:\Device\*.* /s


click run scan, post that log
  • 0

#5
ZackPanda
Posted 17 November 2010 - 02:43 PM

ZackPanda

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OTL logfile created on: 11/17/2010 2:39:10 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Zack\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 276.45 Gb Total Space | 112.58 Gb Free Space | 40.72% Space Free | Partition Type: NTFS

Computer Name: ZACK-VISTA | User Name: Zack | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Zack\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\TpShocks.exe (Lenovo.)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Windows\System32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Windows\System32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe ()
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)


========== Modules (SafeList) ==========

MOD - C:\Users\Zack\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TPHDEXLGSVC) -- C:\Windows\System32\TPHDEXLG.exe (Lenovo.)
SRV - (TSSCoreService) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe (IBM)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo)
SRV - (IBMPMSVC) -- C:\Windows\System32\ibmpmsvc.exe (Lenovo)
SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe ()
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (IPSSVC) -- C:\Windows\System32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (YMIDUSBW) Yamaha USB-MIDI Driver (WDM) -- C:\Windows\System32\drivers\ymidusbw.sys (Yamaha Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (tvtfilter) -- C:\Windows\System32\drivers\tvtfilter.sys (Lenovo)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (TPPWRIF) -- C:\Windows\System32\drivers\TPPWR32V.SYS ()
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Shockprf) -- C:\Windows\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\Windows\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (IBMPMDRV) -- C:\Windows\System32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (PROCDD) -- C:\Windows\System32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ialm) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (cur_serd) Curitel Packet Service Diagnostic Serial Port (WDM) -- C:\Windows\System32\drivers\cur_serd.sys (MCCI)
DRV - (cur_mdm) -- C:\Windows\System32\drivers\cur_mdm.sys (MCCI)
DRV - (cur_mdfl) -- C:\Windows\System32\drivers\cur_mdfl.sys (MCCI)
DRV - (cur_bus) Curitel USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\cur_bus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.c...t&ltmplcache=2"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 22:05:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 22:05:35 | 000,000,000 | ---D | M]

[2009/08/08 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Mozilla\Extensions
[2009/08/08 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/11/16 18:08:18 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\xhuxnx5x.default\extensions
[2010/09/18 17:33:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\xhuxnx5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/02/27 13:23:26 | 000,001,068 | ---- | M] () -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\xhuxnx5x.default\searchplugins\wikipedia-english.xml
[2008/03/05 22:43:25 | 000,002,109 | ---- | M] () -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\xhuxnx5x.default\searchplugins\youtube-video-search.xml
[2010/10/16 23:26:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/28 20:21:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/24 14:35:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 23:00:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/14 14:39:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/11/17 14:19:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\Windows\System32\TpShocks.exe (Lenovo.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/17 14:28:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/17 14:28:28 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\temp
[2010/11/17 14:19:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/17 14:16:49 | 000,000,000 | ---D | C] -- C:\Device
[2010/11/17 14:06:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/17 14:06:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/17 14:06:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/17 14:06:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/17 14:05:59 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/17 14:05:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/17 14:04:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/17 11:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/17 11:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/03 16:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Yamaha
[2010/11/03 16:18:02 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\Downloaded Installations
[2010/11/02 22:07:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/11/02 22:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/11/02 22:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/10/26 14:42:31 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/26 14:42:29 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/26 14:42:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/21 21:18:49 | 000,000,000 | ---D | C] -- C:\Users\Zack\Desktop\Soccer_oct_2010
[2010/10/21 09:59:21 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\Windows Live
[2010/10/21 09:57:12 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll
[2008/02/11 12:35:50 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/02/11 12:35:50 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/17 14:19:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/17 14:18:47 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2010/11/17 14:18:26 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2010/11/17 14:18:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 14:18:24 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/17 14:18:23 | 000,027,744 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/11/17 14:18:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/17 14:18:15 | 2143,641,600 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/17 14:17:22 | 000,039,410 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2010/11/17 13:10:10 | 000,057,147 | ---- | M] () -- C:\Users\Zack\Desktop\WinDefFiles.jpg
[2010/11/17 13:06:10 | 000,181,361 | ---- | M] () -- C:\Users\Zack\Desktop\Registry pointing to dwv.docx
[2010/11/17 13:04:05 | 000,137,059 | ---- | M] () -- C:\Users\Zack\Desktop\WinDef.jpg
[2010/11/17 11:00:36 | 000,001,065 | ---- | M] () -- C:\Users\Zack\Desktop\Spybot - Search & Destroy.lnk
[2010/11/16 21:20:08 | 001,504,312 | ---- | M] () -- C:\Users\Zack\Documents\ZackGauck_Horizon.zip
[2010/11/16 21:20:08 | 001,504,312 | ---- | M] () -- C:\Users\Zack\Desktop\ZackGauck_Horizon.zip
[2010/11/16 21:04:51 | 000,057,856 | ---- | M] () -- C:\Users\Zack\Desktop\Zack_CV.doc
[2010/11/16 18:02:27 | 000,660,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/16 18:02:27 | 000,126,222 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/09 18:15:17 | 000,012,225 | ---- | M] () -- C:\Users\Zack\Desktop\xmas2010.docx
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/02 22:08:15 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/01 20:54:59 | 000,547,840 | ---- | M] () -- C:\Users\Zack\Documents\2brhouseplans.doc
[2010/11/01 20:21:27 | 000,010,200 | ---- | M] () -- C:\Users\Zack\Documents\Jay from Horizon.docx
[2010/11/01 17:35:45 | 001,990,798 | ---- | M] () -- C:\Users\Zack\Documents\Planshouse.docx
[2010/10/31 18:20:12 | 000,005,043 | ---- | M] () -- C:\Users\Zack\Documents\GraphPaper1cm-1in.pdf
[2010/10/29 20:52:03 | 000,131,072 | ---- | M] () -- C:\Users\Zack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/28 23:08:36 | 000,019,207 | ---- | M] () -- C:\Users\Zack\Documents\Arbor Town.docx
[2010/10/26 20:02:44 | 000,011,410 | ---- | M] () -- C:\Users\Zack\Documents\ChinaInfo.docx
[2010/10/25 21:00:31 | 000,046,080 | ---- | M] () -- C:\Users\Zack\Desktop\Zack_Resume.doc
[2010/10/21 20:56:05 | 000,419,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/21 13:12:49 | 000,037,888 | ---- | M] () -- C:\Users\Zack\Desktop\CIEEAPP_Fin.doc
[2010/10/19 14:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/17 14:06:06 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/17 14:06:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/17 14:06:06 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/17 14:06:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/17 14:06:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/17 13:10:07 | 000,057,147 | ---- | C] () -- C:\Users\Zack\Desktop\WinDefFiles.jpg
[2010/11/17 13:03:55 | 000,137,059 | ---- | C] () -- C:\Users\Zack\Desktop\WinDef.jpg
[2010/11/17 12:27:30 | 000,181,361 | ---- | C] () -- C:\Users\Zack\Desktop\Registry pointing to dwv.docx
[2010/11/17 11:00:36 | 000,001,065 | ---- | C] () -- C:\Users\Zack\Desktop\Spybot - Search & Destroy.lnk
[2010/11/16 21:20:24 | 001,504,312 | ---- | C] () -- C:\Users\Zack\Documents\ZackGauck_Horizon.zip
[2010/11/16 21:04:50 | 000,057,856 | ---- | C] () -- C:\Users\Zack\Desktop\Zack_CV.doc
[2010/11/16 18:02:12 | 001,504,312 | ---- | C] () -- C:\Users\Zack\Desktop\ZackGauck_Horizon.zip
[2010/11/08 23:44:44 | 000,012,225 | ---- | C] () -- C:\Users\Zack\Desktop\xmas2010.docx
[2010/11/02 22:08:15 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/11/01 20:54:58 | 000,547,840 | ---- | C] () -- C:\Users\Zack\Documents\2brhouseplans.doc
[2010/11/01 20:19:27 | 000,010,200 | ---- | C] () -- C:\Users\Zack\Documents\Jay from Horizon.docx
[2010/11/01 17:18:58 | 001,990,798 | ---- | C] () -- C:\Users\Zack\Documents\Planshouse.docx
[2010/10/31 18:20:12 | 000,005,043 | ---- | C] () -- C:\Users\Zack\Documents\GraphPaper1cm-1in.pdf
[2010/10/28 21:27:14 | 000,019,207 | ---- | C] () -- C:\Users\Zack\Documents\Arbor Town.docx
[2010/10/26 19:23:42 | 000,011,410 | ---- | C] () -- C:\Users\Zack\Documents\ChinaInfo.docx
[2010/10/25 21:00:45 | 000,046,080 | ---- | C] () -- C:\Users\Zack\Desktop\Zack_Resume.doc
[2010/09/28 20:23:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/18 21:29:12 | 000,000,120 | ---- | C] () -- C:\Users\Zack\AppData\Local\Igutadaj.dat
[2010/02/18 21:29:12 | 000,000,000 | ---- | C] () -- C:\Users\Zack\AppData\Local\Uwamoquq.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/11 11:28:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/05/22 16:22:18 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/11 13:04:14 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/03/11 13:04:14 | 000,027,744 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/02/22 21:20:31 | 000,131,072 | ---- | C] () -- C:\Users\Zack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/21 23:46:44 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/02/21 23:01:54 | 000,027,744 | ---- | C] () -- C:\Users\Zack\AppData\Roaming\nvModes.dat
[2008/02/21 23:01:54 | 000,027,744 | ---- | C] () -- C:\Users\Zack\AppData\Roaming\nvModes.001
[2008/02/21 21:51:41 | 000,001,356 | ---- | C] () -- C:\Users\Zack\AppData\Local\d3d9caps.dat
[2008/02/11 13:00:41 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/11 13:00:41 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/11 13:00:41 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/11 13:00:41 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/11 13:00:41 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/11 13:00:41 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/11 12:58:24 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2008/02/11 12:58:23 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2008/02/11 12:53:55 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/02/11 12:35:50 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/02/11 12:35:50 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2008/02/11 12:32:25 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS
[2007/08/03 07:14:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/07/27 00:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI
[2007/07/27 00:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI
[2007/03/29 14:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/14 01:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/05 16:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< c:\users\Zack\AppData\Roaming\Microsoft\*.* /s >
[2008/02/21 21:59:24 | 000,021,768 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\CLR Security Config\v1.1.4322\security.config
[2008/08/04 13:36:44 | 000,027,814 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\CLR Security Config\v1.1.4322\security.config.cch
[2008/11/17 20:08:43 | 000,000,050 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\146482325737612d5fbcd71839d49d49_961fa1be-9746-45f8-94ff-78960939bc36
[2010/10/21 10:03:44 | 000,001,332 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\2cbbd98b8a8a9e09b3d314e4d7c029ab_961fa1be-9746-45f8-94ff-78960939bc36
[2009/12/13 10:47:21 | 000,002,075 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\533145ef011ddf5ca3983e2545a902b4_961fa1be-9746-45f8-94ff-78960939bc36
[2008/02/21 22:07:39 | 000,000,045 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\542fcf00b048713ed8b4621e08af77ae_961fa1be-9746-45f8-94ff-78960939bc36
[2008/03/25 12:02:16 | 000,000,045 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\62a45886e06c7d046ea8b819bec0598a_961fa1be-9746-45f8-94ff-78960939bc36
[2008/03/16 21:01:46 | 000,000,053 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\6b29ae44e85efac3c72ff4d1865d73f1_961fa1be-9746-45f8-94ff-78960939bc36
[2010/10/21 20:56:50 | 000,001,332 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\73e58fd42bf18ca9a26c004462ce31ee_961fa1be-9746-45f8-94ff-78960939bc36
[2008/08/24 10:10:25 | 000,000,045 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\83aa4cc77f591dfc2374580bbd95f6ba_961fa1be-9746-45f8-94ff-78960939bc36
[2008/02/22 00:23:45 | 000,000,054 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\8f71098770f72c7a67cd8f1151619865_961fa1be-9746-45f8-94ff-78960939bc36
[2009/11/27 16:33:17 | 000,000,059 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\8f96978fc46d9f00d8780351026924d7_961fa1be-9746-45f8-94ff-78960939bc36
[2010/10/21 10:03:30 | 000,001,332 | --S- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4046671286-1094577586-2582663489-1005\a3a8bdb85de8a99162bfdb73e0d80d82_961fa1be-9746-45f8-94ff-78960939bc36
[2009/09/08 19:45:04 | 000,004,138 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\digital locker\Urls.bin
[2006/10/27 10:32:32 | 000,322,380 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Document Building Blocks\1033\Building Blocks.dotx
[2010/11/17 11:38:24 | 000,008,810 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\HTML Help\hh.dat
[2010/05/09 10:57:40 | 000,000,163 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\IdentityCRL\Production\MetaConfig.xml
[2008/08/09 13:32:39 | 000,020,040 | ---- | M] (Microsoft Corporation) -- c:\Users\Zack\AppData\Roaming\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
[2010/01/31 14:25:24 | 000,190,528 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Ime\IMSC5\PLearnL.DAT
[2010/10/26 22:01:22 | 000,067,648 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Ime\IMSC5\PLearnS.DAT
[2010/11/03 16:18:37 | 000,009,728 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{271A659B-A7D3-405E-AE31-3086133BE0B7}\1033.MST
[2010/11/03 16:18:37 | 000,004,286 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{271A659B-A7D3-405E-AE31-3086133BE0B7}\ARPPRODUCTICON.exe
[2008/02/22 13:07:20 | 000,003,310 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
[2008/02/22 13:07:20 | 000,001,078 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
[2008/02/22 13:07:20 | 000,001,078 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
[2008/02/22 13:07:20 | 000,001,078 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
[2008/02/22 13:07:20 | 000,001,078 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
[2008/02/22 13:07:20 | 000,001,078 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
[2008/03/07 03:16:42 | 000,081,408 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{9580813D-94B1-4C28-9426-A441E2BB29A5}\Icon9580813D.ico
[2008/03/07 03:16:42 | 000,056,832 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{9580813D-94B1-4C28-9426-A441E2BB29A5}\Icon9580813D1.ico
[2010/02/12 15:12:38 | 000,010,134 | R--- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2009/07/11 12:31:59 | 000,000,286 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/03/20 17:01:51 | 000,000,910 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Digsby.lnk
[2009/07/11 12:31:59 | 000,000,953 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/14 13:59:52 | 000,001,758 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2008/02/11 12:20:40 | 000,000,258 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2008/02/11 12:20:40 | 000,000,240 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2008/02/22 03:05:55 | 000,000,948 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2008/04/02 14:44:32 | 000,032,768 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
[2008/04/02 14:44:41 | 000,014,494 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Internet Explorer\UserData\9RGSQVBN\www[1].xml
[2010/03/02 23:33:03 | 000,032,768 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat
[2009/07/26 08:17:47 | 000,087,181 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MMC\eventvwr
[2010/10/31 15:29:26 | 000,002,572 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt00.sqm
[2010/10/31 15:29:28 | 000,000,664 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt01.sqm
[2009/07/31 21:56:52 | 000,000,580 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt00.sqm
[2009/07/31 21:56:52 | 000,000,244 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt01.sqm
[2009/08/23 13:26:44 | 000,000,692 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt02.sqm
[2009/08/23 13:26:44 | 000,000,244 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt03.sqm
[2009/09/13 13:39:36 | 000,000,580 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt04.sqm
[2009/09/13 13:39:36 | 000,000,244 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt05.sqm
[2009/09/29 18:37:19 | 000,001,344 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt06.sqm
[2009/09/29 18:37:19 | 000,000,244 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt07.sqm
[2009/10/16 17:07:46 | 000,000,876 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt08.sqm
[2009/10/16 17:07:46 | 000,000,244 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt09.sqm
[2009/11/14 23:58:42 | 000,000,328 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt10.sqm
[2009/11/14 23:58:57 | 000,000,328 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt11.sqm
[2009/11/14 23:59:03 | 000,000,328 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt12.sqm
[2009/11/15 00:00:43 | 000,000,328 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt13.sqm
[2009/11/15 00:05:46 | 000,000,244 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt14.sqm
[2009/06/28 10:14:18 | 000,000,416 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt15.sqm
[2009/06/28 11:26:57 | 000,001,676 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt16.sqm
[2009/06/28 11:26:57 | 000,000,244 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt17.sqm
[2009/07/16 22:53:58 | 000,000,656 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt18.sqm
[2009/07/16 22:53:58 | 000,000,244 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\MSN Messenger\2387658947\sqmnoopt19.sqm
[2008/11/08 16:43:22 | 000,000,144 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Office\CLView12.pip
[2010/11/12 21:22:57 | 000,001,548 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Office\Excel12.pip
[2008/03/02 23:42:51 | 000,037,832 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Office\MSO1033.acl
[2010/10/27 23:59:39 | 000,043,712 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Office\MSO1036.acl
[2010/09/29 13:42:55 | 000,001,724 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Office\MSOut12.pip
[2010/09/13 18:12:18 | 000,001,468 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Office\PowerP12.pip
[2010/11/17 10:42:24 | 000,001,696 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Office\Word12.pip
[1 c:\users\Zack\AppData\Roaming\Microsoft\Office\*.tmp files -> c:\users\Zack\AppData\Roaming\Microsoft\Office\*.tmp -> ]
[2010/11/17 10:42:20 | 000,000,872 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\2007_lonely hearts.LNK
[2010/11/12 20:57:03 | 000,001,071 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\AdventureTime.LNK
[2010/03/11 21:25:20 | 000,000,886 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Ben Gibbard.LNK
[2010/09/06 14:14:29 | 000,000,801 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Chinese Lit.LNK
[2010/07/28 08:32:51 | 000,000,915 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Clear Docs.LNK
[2010/10/19 19:40:57 | 000,000,950 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\CompletedPOs_2010.LNK
[2010/11/17 12:43:54 | 000,000,677 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Desktop (2).LNK
[2010/11/17 13:17:46 | 000,000,677 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
[2010/11/01 17:27:48 | 000,000,705 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Documents (2).LNK
[2010/11/01 20:55:20 | 000,000,705 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Documents.LNK
[2010/11/17 10:42:20 | 000,000,689 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Downloads.LNK
[2010/07/30 15:54:53 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\FS_GE0501199.LNK
[2010/07/30 15:56:31 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\FS_GE0501212.LNK
[2010/08/16 15:00:26 | 000,000,881 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\GE_Z.LNK
[2010/07/28 08:43:10 | 000,000,796 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\GiantEagle.LNK
[2010/11/12 20:57:32 | 000,001,061 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Honey Bees.LNK
[2010/11/17 13:17:46 | 000,000,977 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Office\Recent\index.dat
[2010/11/12 21:01:15 | 000,000,913 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Lyrics.LNK
[2010/11/12 21:01:15 | 000,001,061 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\mikerap2009.LNK
[2010/11/12 20:43:28 | 000,000,829 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\NewWritings.LNK
[2010/11/12 20:52:54 | 000,000,816 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Recorded Songs.LNK
[2010/11/17 12:43:54 | 000,000,895 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Registry pointing to dwv (2).LNK
[2010/11/17 13:17:46 | 000,000,895 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Registry pointing to dwv.docx.LNK
[2010/11/17 13:06:10 | 000,000,895 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Registry pointing to dwv.LNK
[2010/10/25 20:50:57 | 000,000,839 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\ResumeAndWork.LNK
[2010/11/16 19:00:09 | 000,000,835 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\resumesample2.LNK
[2010/11/16 18:59:59 | 000,000,835 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\resumesample4.LNK
[2010/11/12 20:44:26 | 000,000,791 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\REV Poems.LNK
[2010/03/27 14:21:53 | 000,000,834 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\SchoolPapers.LNK
[2010/08/10 21:52:49 | 000,000,811 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Song Concepts.LNK
[2010/07/04 14:31:07 | 000,001,037 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\SongsForPpl.LNK
[2010/10/19 19:40:57 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\TG_GE0505424.LNK
[2010/10/19 19:40:02 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\TG_GE0505430.LNK
[2010/07/30 15:19:25 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\TG_GE0505431.LNK
[2010/07/30 15:20:10 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\TG_GE0505432.LNK
[2010/07/30 15:43:40 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\TG_GE0505433.LNK
[2010/07/30 15:51:46 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\TG_GE0505435.LNK
[2010/10/19 19:40:39 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\TG_GE0505437.LNK
[2010/07/30 15:50:31 | 000,001,103 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\TG_GE0505439.LNK
[2010/11/12 20:43:28 | 000,001,097 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\We sat atop the rooftop archipelago.LNK
[2010/11/12 20:44:26 | 000,001,084 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\We sat atop the rooftop archipelago_rev2.LNK
[2010/10/25 21:00:31 | 000,000,924 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Work.LNK
[2010/11/16 21:05:19 | 000,000,803 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Zack_CV.LNK
[2010/11/16 21:07:33 | 000,000,845 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Zack_CV_Horizon.LNK
[2010/11/16 19:07:34 | 000,000,825 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\Zack_Resume.LNK
[2006/11/02 07:03:45 | 000,000,024 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\CREDHIST
[2006/11/02 07:03:46 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\95da33f4-6655-4faf-86fe-5159865c990d
[2006/11/02 07:03:46 | 000,000,024 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-2152478756-3922319563-605102323-500\Preferred
[2010/10/21 10:03:29 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\2c4dcaba-44f5-4d9b-a5a3-23d06ce136ef
[2008/05/22 19:38:07 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\4b3ffe8d-fa9c-4b4e-a099-a05d4c9a8240
[2009/05/19 21:33:23 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\642386e6-4688-4877-a407-cc0bfe0e0b07
[2008/11/19 17:49:47 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\6c568c31-29fc-4e1f-a85c-22d9bebf808f
[2010/07/03 11:03:23 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\8fff81c6-33cb-41ad-918d-2bf9c9c946f4
[2008/02/21 22:07:39 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\9b17ebaf-c8d1-4f06-a11a-b354741b22ed
[2009/11/22 01:26:52 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\a7e60765-aacd-4233-aa8d-50ebb721ae82
[2009/08/21 16:17:22 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\aaf270fc-b5bf-407a-9987-d129b9a98bf6
[2010/07/03 10:08:34 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\b5e381f1-caee-41d9-a65a-a4ea8580039f
[2009/02/17 22:36:15 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\b92735e8-823f-42db-98c0-9b2189245d93
[2008/08/21 14:17:45 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\e739e459-f062-41b8-a5a4-b79020f2743e
[2010/05/23 11:03:01 | 000,000,388 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\fd2ae18b-1702-4602-998a-8ea1d25818d8
[2010/10/21 10:03:29 | 000,000,024 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Protect\S-1-5-21-4046671286-1094577586-2582663489-1005\Preferred
[2008/02/22 01:25:12 | 000,000,940 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_F609283504514A74B8A228646E3E6BCB.dat
[2008/02/22 01:25:12 | 000,000,940 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Speech\Files\UserShortcuts\SP_6F99AF7C00994ED7BA621FF99BFFA72E.dat
[2008/02/22 14:14:14 | 000,015,733 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Templates\Normal.BAK
[2010/02/13 23:05:08 | 000,015,516 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Templates\Normal.dotm
[2008/08/07 12:46:31 | 000,000,162 | -H-- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
[2008/02/21 22:33:54 | 000,000,002 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
[2008/02/23 21:23:26 | 000,000,002 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
[2010/10/27 23:59:39 | 000,000,002 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryFR040c.lex
[2010/03/02 23:32:45 | 000,001,046 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\toolbar.config
[2007/10/24 10:10:04 | 000,006,289 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Custom Buttons\bv2btn.translator.btn\button.xml
[2007/10/03 12:40:22 | 000,000,822 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Custom Buttons\bv2btn.translator.btn\translateps.bmp
[2007/02/27 18:15:32 | 000,000,845 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Custom Buttons\Lenovo.Lenovo.btn\button.xml
[2007/01/09 08:01:58 | 000,000,824 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Custom Buttons\Lenovo.Lenovo.btn\LenovoBlogsIcon.bmp
[2007/01/08 13:47:10 | 000,000,824 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Custom Buttons\Lenovo.Lenovo.btn\LenToolbarIcon.bmp
[2009/02/06 17:33:24 | 000,031,451 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Custom Buttons\microsoft.windowslive.news.btn\button.xml
[2009/01/30 15:55:44 | 000,001,078 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Custom Buttons\microsoft.windowslive.news.btn\news.bmp
[2009/02/06 17:33:22 | 000,013,134 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Custom Buttons\microsoft.windowslive.translator.btn\button.xml
[2009/01/30 15:55:44 | 000,000,624 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Custom Buttons\microsoft.windowslive.translator.btn\translator.png
[2010/09/19 20:41:08 | 000,000,207 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Feeds\index.xml
[1 c:\users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Feeds\*.tmp files -> c:\users\Zack\AppData\Roaming\Microsoft\Windows Live\Toolbar\Feeds\*.tmp -> ]
[2008/08/04 13:36:24 | 000,001,536 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Media Encoder\~AppFile.dps
[2008/12/01 22:08:23 | 000,121,523 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
[2010/03/02 23:33:04 | 000,000,067 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\desktop.ini
[2010/11/17 14:30:09 | 000,049,152 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
[2010/10/25 19:29:19 | 000,000,108 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\zack@atdmt[1].txt
[2010/09/14 18:34:41 | 000,000,107 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\zack@bing[2].txt
[2010/10/25 19:28:07 | 000,000,068 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
[2010/10/25 19:28:07 | 000,000,067 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
[2010/08/16 17:35:29 | 000,000,086 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
[2010/10/25 19:29:19 | 000,000,172 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\zack@live[1].txt
[2010/10/21 21:11:48 | 000,000,170 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\zack@msn[1].txt
[2010/10/25 19:29:19 | 000,000,118 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\zack@windowsmarketplace[1].txt
[2010/10/25 19:29:19 | 000,000,104 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\zack@zune[1].txt
[2010/03/02 23:33:04 | 000,000,067 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\Low\desktop.ini
[2010/11/17 14:30:19 | 000,098,304 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
[2010/11/12 19:46:02 | 000,000,727 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\1 - Slumber Party_Lumpy Space.lnk
[2010/11/09 20:59:13 | 000,000,677 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\10 - The Duke_Donny.lnk
[2010/11/16 21:19:14 | 000,000,681 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\1019101237.lnk
[2010/11/09 20:59:41 | 000,000,687 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\11 - Henchmen_Dungeon.lnk
[2010/11/16 23:52:13 | 000,000,450 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\123.lnk
[2010/11/09 21:20:35 | 000,000,633 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\12a - Raindy Day Daydream2.lnk
[2010/11/09 21:42:48 | 000,000,613 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\12b What have you done.lnk
[2010/11/09 22:04:18 | 000,000,563 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\13a His Hero.lnk
[2010/11/09 22:28:22 | 000,000,578 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\13b Gut Grinder.lnk
[2010/11/09 20:58:52 | 000,000,682 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\15a - Loyalty to the.lnk
[2010/11/17 00:16:31 | 000,000,578 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\16b - Slow Love.lnk
[2010/11/17 10:42:20 | 000,000,593 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\2007_lonely hearts.lnk
[2010/11/03 23:10:15 | 000,000,512 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\3br_efficient_house.lnk
[2010/11/12 20:12:25 | 000,000,757 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\5 - My Two Fav People_Boom Boom Mtn.lnk
[2010/11/12 20:57:03 | 000,000,786 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\AdventureTime.lnk
[2010/11/03 16:42:53 | 000,001,310 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\AllYourBase.speech.lnk
[2010/11/16 20:19:51 | 000,000,755 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\andriapt 003.lnk
[2010/11/03 16:43:20 | 000,001,305 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Arpegiator.speech.lnk
[2010/11/12 20:12:25 | 000,000,435 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\AT.lnk
[2010/11/01 17:36:50 | 000,000,576 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Bests.lnk
[2010/11/16 20:18:40 | 000,000,740 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Bored 001.lnk
[2010/11/16 20:18:40 | 000,000,534 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Bored.lnk
[2010/11/12 20:56:45 | 000,000,781 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Breakingice.lnk
[2010/11/03 16:44:30 | 000,001,117 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Choirs.lnk
[2010/11/03 16:44:30 | 000,001,392 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\CHR_Aah_A3.lnk
[2010/11/17 14:31:10 | 000,000,496 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\ComboFixLog.lnk
[2010/11/02 21:41:33 | 000,000,711 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Cool2brhouse.lnk
[2010/11/02 21:42:44 | 000,000,716 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Cool2brhouse2.lnk
[2010/11/02 21:43:01 | 000,000,716 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Cool2brhouse3.lnk
[2010/11/01 17:34:30 | 000,000,854 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Coolhouse11.lnk
[2010/11/01 17:36:37 | 000,000,808 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\coolhouse17.lnk
[2010/11/01 17:36:50 | 000,000,808 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\coolhouse21.lnk
[2010/11/01 17:34:30 | 000,000,610 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\CouldBeGood.lnk
[2008/02/21 21:56:21 | 000,000,432 | -HS- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
[2010/11/11 13:00:49 | 000,000,568 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Diploma_sized.lnk
[2010/11/16 20:19:51 | 000,000,534 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Dorms.lnk
[2010/11/17 13:29:12 | 000,000,362 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Downloads.lnk
[2010/11/03 16:45:56 | 000,001,122 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Effects.lnk
[2010/11/09 22:03:08 | 000,000,464 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\ExpediaTrip.lnk
[2010/11/17 14:04:03 | 000,000,373 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Extras.Txt.lnk
[2010/11/16 20:18:16 | 000,000,663 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\FacialHair 001.lnk
[2010/10/31 18:55:33 | 000,000,536 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\furniture cut outs.lnk
[2010/11/03 16:45:56 | 000,001,404 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\FX_Toilings.lnk
[2010/11/16 20:19:01 | 000,000,638 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Ghost 002.lnk
[2010/10/31 18:20:11 | 000,000,500 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\GraphPaper1cm-1in.lnk
[2010/11/12 20:56:36 | 000,000,665 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\hallelujah.lnk
[2010/11/17 12:35:45 | 000,000,438 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\hijackthis_1235pm.lnk
[2010/11/12 21:01:07 | 000,000,776 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Honey Bees.lnk
[2010/11/02 21:43:01 | 000,000,486 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\House Plans.lnk
[2010/11/16 21:08:19 | 000,000,599 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\IMG_9365.lnk
[2010/11/01 20:27:43 | 000,000,588 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Jay from Horizon.lnk
[2010/11/08 17:04:10 | 000,000,600 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\letmeknowifthesecomethroughok.lnk
[2010/11/12 21:01:15 | 000,000,540 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Lyrics.lnk
[2010/11/16 21:08:19 | 000,000,406 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\MadRoom.lnk
[2010/11/01 15:06:16 | 000,000,564 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Meh.lnk
[2010/11/01 23:31:07 | 000,001,063 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\metal.lnk
[2010/11/12 20:42:59 | 000,000,716 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\MidwestPoems.lnk
[2010/11/12 21:01:15 | 000,000,776 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\mikerap2009.lnk
[2010/11/16 20:19:01 | 000,000,444 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Misc.lnk
[2010/11/03 23:20:04 | 000,000,459 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\morehouses.lnk
[2010/11/12 20:43:28 | 000,000,486 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\NewWritings.lnk
[2010/11/17 13:18:24 | 000,000,354 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\OTL.lnk
[2010/11/17 13:29:12 | 000,000,440 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\OTL_min.lnk
[2010/11/01 17:35:45 | 000,000,558 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Planshouse.lnk
[2010/11/01 23:31:07 | 000,000,937 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Projects.lnk
[2010/11/12 20:56:36 | 000,000,443 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Recorded Songs.lnk
[2010/11/17 13:26:40 | 000,000,566 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Registry pointing to dwv.lnk
[2010/11/16 19:00:03 | 000,000,506 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\resumesample2.lnk
[2010/11/16 18:59:47 | 000,000,506 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\resumesample4.lnk
[2010/11/12 20:44:26 | 000,000,418 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\REV Poems.lnk
[2010/11/12 20:52:38 | 000,000,486 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\santeria.lnk
[2010/11/17 12:42:57 | 000,000,519 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\scan.lnk
[2010/11/03 16:43:20 | 000,001,027 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Speech.lnk
[2010/11/17 12:13:53 | 000,000,521 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\SpybotSD.Results.lnk
[2010/11/03 16:13:01 | 000,000,495 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\um304x64.lnk
[2010/11/16 18:04:06 | 000,000,794 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\um304x86.lnk
[2010/11/12 20:43:28 | 000,000,826 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\We sat atop the rooftop archipelago.lnk
[2010/11/12 20:44:26 | 000,000,775 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\We sat atop the rooftop archipelago_rev2.lnk
[2010/11/17 13:21:58 | 000,000,469 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\WinDef.lnk
[2010/11/17 13:22:13 | 000,000,496 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\WinDefFiles.lnk
[2010/11/09 18:23:28 | 000,000,486 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\xmas2010.lnk
[2010/11/16 21:19:14 | 000,000,458 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\ZackGauck_Horizon (2).lnk
[2010/11/16 21:19:57 | 000,000,482 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\ZackGauck_Horizon.lnk
[2010/11/16 21:05:19 | 000,000,474 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Zack_CV.lnk
[2010/11/16 21:07:33 | 000,000,516 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Zack_CV_Horizon.lnk
[2010/11/16 19:07:34 | 000,000,496 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\Zack_Resume.lnk
[2010/11/17 11:41:51 | 000,000,476 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Recent\ZhongZhou-Job.lnk
[2008/02/21 21:56:36 | 000,000,825 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer Wizard.LNK
[2006/09/18 15:35:15 | 000,000,003 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
[2006/09/18 15:33:39 | 000,000,007 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
[2008/02/21 21:56:36 | 000,000,588 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
[2006/11/02 07:03:38 | 000,000,000 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs
[2008/04/02 17:07:43 | 000,000,191 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\SendTo\Drag-to-Disc Drive (E).lnk
[2006/09/18 15:33:39 | 000,000,004 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
[2010/09/28 20:21:05 | 000,001,866 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk
[2008/02/21 21:56:21 | 000,000,174 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[2009/07/11 12:31:59 | 000,000,592 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[2009/07/11 12:31:59 | 000,000,959 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2009/07/11 12:31:54 | 000,000,925 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2008/02/22 03:05:55 | 000,000,954 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2006/11/02 06:54:26 | 000,001,659 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
[2008/02/11 12:20:39 | 000,000,678 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
[2006/11/02 06:54:36 | 000,001,699 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
[2008/02/11 12:20:39 | 000,000,230 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
[2008/02/11 12:20:39 | 000,001,537 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
[2006/11/02 06:54:19 | 000,000,704 | -HS- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
[2006/11/02 06:53:51 | 000,001,753 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
[2006/11/02 06:53:50 | 000,001,653 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
[2006/11/02 06:53:50 | 000,001,662 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
[2006/11/02 06:54:19 | 000,001,629 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
[2008/02/11 12:20:39 | 000,000,230 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
[2008/02/11 12:20:39 | 000,000,230 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
[2009/07/11 12:31:58 | 000,000,594 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
[2009/07/11 12:31:58 | 000,000,989 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[2008/02/21 21:56:21 | 000,000,174 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
[2008/02/22 12:49:11 | 000,000,945 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Caesar3.lnk
[2008/08/24 11:15:39 | 000,001,896 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\FL Studio 8 (3GB).lnk
[2008/08/24 11:15:31 | 000,000,984 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\FL Studio 8.lnk
[2008/08/24 11:15:31 | 000,001,298 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\FL Studio online.lnk
[2008/08/24 11:15:31 | 000,001,079 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Help.lnk
[2008/08/24 11:15:39 | 000,001,369 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Image-Line website.lnk
[2008/08/24 11:15:39 | 000,001,919 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Uninstall.lnk
[2008/08/24 11:15:31 | 000,001,020 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\What's new.lnk
[2008/08/24 11:15:39 | 000,001,420 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Additional\Download Deckadance.lnk
[2008/08/24 11:15:39 | 000,000,466 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Additional\SynthMaker website.lnk
[2008/08/24 11:15:39 | 000,001,405 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Advanced\Diagnostic.lnk
[2008/08/24 11:15:39 | 000,002,441 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Advanced\Graphics Tester.lnk
[2008/08/24 11:15:31 | 000,001,016 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Advanced\Install plugin version.lnk
[2008/08/24 11:15:31 | 000,001,004 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Advanced\Reset settings.lnk
[2008/08/24 11:15:31 | 000,001,012 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Advanced\Uninstall DXi plugin.lnk
[2008/08/24 11:15:31 | 000,001,018 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 8\Advanced\Unregister ReWire client.lnk
[2008/08/24 11:15:41 | 000,001,966 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\IL Download Manager.lnk
[2008/08/24 11:15:41 | 000,001,910 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\IL Download Manager\Uninstall.lnk
[2008/08/24 11:15:14 | 000,001,865 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\PoiZone\Help.lnk
[2008/08/24 11:15:14 | 000,001,865 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\PoiZone\PoiZone.lnk
[2008/08/24 11:15:14 | 000,001,881 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\PoiZone\Uninstall.lnk
[2008/08/24 11:15:28 | 000,001,997 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\Toxic Biohazard\Help.lnk
[2008/08/24 11:15:28 | 000,001,743 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\Toxic Biohazard\Toxic Biohazard Online.lnk
[2008/08/24 11:15:28 | 000,001,955 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\Toxic Biohazard\Uninstall.lnk
[2009/09/26 06:21:06 | 000,000,067 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\About IMVU.url
[2009/09/26 06:21:06 | 000,000,077 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Forgot my password.url
[2009/09/26 06:21:05 | 000,000,066 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Help.url
[2009/09/26 06:21:05 | 000,001,780 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
[2009/09/26 06:21:05 | 000,001,745 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Uninstall.lnk
[2008/02/11 12:20:39 | 000,000,318 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
[2008/02/11 12:20:39 | 000,000,230 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
[2008/02/22 13:07:20 | 000,002,831 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software\Power Tab Editor\Help File.lnk
[2008/02/22 13:07:20 | 000,002,927 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software\Power Tab Editor\License.lnk
[2008/02/22 13:07:20 | 000,002,927 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software\Power Tab Editor\PDF Help File.lnk
[2008/07/21 15:23:12 | 000,002,657 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software\Power Tab Editor\Power Tab Editor 1.7.lnk
[2008/02/22 13:07:20 | 000,002,927 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software\Power Tab Editor\Readme.lnk
[2008/02/22 13:07:20 | 000,002,927 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Power Tab Software\Power Tab Editor\What's New.lnk
[2008/02/21 21:56:21 | 000,000,174 | -HS- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[2008/03/07 03:16:41 | 000,001,617 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Counter-Strike Source.lnk
[2008/03/07 03:16:41 | 000,001,619 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Day of Defeat Source.lnk
[2008/03/07 03:16:41 | 000,001,617 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Half-Life 2 Deathmatch.lnk
[2008/03/07 03:26:02 | 000,001,748 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Half-Life 2 Lost Coast.lnk
[2008/03/07 03:16:41 | 000,000,633 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Uninstall\Uninstall Counter-Strike Source.lnk
[2008/07/28 19:33:41 | 000,000,841 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk
[2008/07/28 19:33:41 | 000,000,860 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk
[2008/07/28 19:33:41 | 000,000,860 | ---- | M] () -- c:\users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk
[2010/11/12 21:30:37 | 000,006,065 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Windows\Themes\Custom.theme
[2010/11/08 17:51:22 | 000,012,941 | ---- | M] () -- c:\Users\Zack\AppData\Roaming\Microsoft\Word\ListGal.dat

< C:\C\*.* /s >

< C:\Device\*.* /s >
[2010/11/17 14:15:32 | 000,016,384 | ---- | M] () -- C:\Device\HarddiskVolume1\boot\BCD

========== Files - Unicode (All) ==========
[2010/06/13 09:52:20 | 000,010,170 | ---- | M] ()(C:\Users\Zack\Documents\??.docx) -- C:\Users\Zack\Documents\雨衣.docx
[2010/06/13 09:52:20 | 000,000,887 | ---- | M] ()(c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\??.LNK) -- c:\users\Zack\AppData\Roaming\Microsoft\Office\Recent\雨衣.LNK
[2010/06/13 09:50:47 | 000,010,170 | ---- | C] ()(C:\Users\Zack\Documents\??.docx) -- C:\Users\Zack\Documents\雨衣.docx

< End of report >
  • 0

#6
Rorschach112
Posted 17 November 2010 - 02:54 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
do you recognise these folders ?

C:\C
C:\Device


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/02/18 21:29:12 | 000,000,120 | ---- | C] () -- C:\Users\Zack\AppData\Local\Igutadaj.dat
[2010/02/18 21:29:12 | 000,000,000 | ---- | C] () -- C:\Users\Zack\AppData\Local\Uwamoquq.bin
:Services

:Reg

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
ZackPanda
Posted 17 November 2010 - 04:36 PM

ZackPanda

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
To start, I didn't see C:\C as a folder or anything, but that would be out of the ordinary.
C:\Device is, oddly enough, what I was asked about before restarting the OTL with the initial parameters you gave me. I wasn't sure what it was so I clicked "restore" since I was worried it might be my own harddisk (it asked if I wanted to restore harddiskvol1 which is under that Device folder, let me know if that was a mistake).

As for the other aspects, here is what OTL came up with after those second parameters went through and it restarted:

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Users\Zack\AppData\Local\Igutadaj.dat moved successfully.
C:\Users\Zack\AppData\Local\Uwamoquq.bin moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Zack\Downloads\Comptuer Fixers\cmd.bat deleted successfully.
C:\Users\Zack\Downloads\Comptuer Fixers\cmd.txt deleted successfully.
C:\Windows\prefetch\A.EXE-0049190B.pf moved successfully.
C:\Windows\prefetch\ACFNF5.EXE-300DEF06.pf moved successfully.
C:\Windows\prefetch\ACRORD32.EXE-DE3ACCC1.pf moved successfully.
C:\Windows\prefetch\AgAppLaunch.db moved successfully.
C:\Windows\prefetch\AgCx_SC1.db moved successfully.
C:\Windows\prefetch\AgCx_SC1.db.trx moved successfully.
C:\Windows\prefetch\AgCx_SC2.db moved successfully.
C:\Windows\prefetch\AgGlFaultHistory.db moved successfully.
C:\Windows\prefetch\AgGlFgAppHistory.db moved successfully.
C:\Windows\prefetch\AgGlGlobalHistory.db moved successfully.
C:\Windows\prefetch\AgGlUAD_P_S-1-5-21-4046671286-1094577586-2582663489-1005.db moved successfully.
C:\Windows\prefetch\AgGlUAD_S-1-5-21-4046671286-1094577586-2582663489-1005.db moved successfully.
C:\Windows\prefetch\AgRobust.db moved successfully.
C:\Windows\prefetch\AM_DELTA.EXE-B7261F63.pf moved successfully.
C:\Windows\prefetch\APNTEX.EXE-2802497E.pf moved successfully.
C:\Windows\prefetch\APPLEMOBILEDEVICEHELPER.EXE-96A367D7.pf moved successfully.
C:\Windows\prefetch\ASPELL.EXE-5EDF94E6.pf moved successfully.
C:\Windows\prefetch\AURORA.SCR-082F40F8.pf moved successfully.
C:\Windows\prefetch\BCDEDIT.EXE-10FC5AAB.pf moved successfully.
C:\Windows\prefetch\BMGR32.EXE-59CB7A22.pf moved successfully.
C:\Windows\prefetch\BR_FUNCS.EXE-7BBADB58.pf moved successfully.
C:\Windows\prefetch\CLEANMGR.EXE-E3C5E89D.pf moved successfully.
C:\Windows\prefetch\CMD.EXE-4A81B364.pf moved successfully.
C:\Windows\prefetch\COMBOFIX.EXE-E0688D5C.pf moved successfully.
C:\Windows\prefetch\CONIME.EXE-9781FD5F.pf moved successfully.
C:\Windows\prefetch\CONSENT.EXE-531BD9EA.pf moved successfully.
C:\Windows\prefetch\CONTROL.EXE-817F8F1D.pf moved successfully.
C:\Windows\prefetch\DFRGNTFS.EXE-86067410.pf moved successfully.
C:\Windows\prefetch\DIGSBY-APP.EXE-CA4EB7B7.pf moved successfully.
C:\Windows\prefetch\DISTNOTED.EXE-BFFB20F1.pf moved successfully.
C:\Windows\prefetch\DKICON.EXE-17C09162.pf moved successfully.
C:\Windows\prefetch\DLLHOST.EXE-03FAC23C.pf moved successfully.
C:\Windows\prefetch\DLLHOST.EXE-4F28A26F.pf moved successfully.
C:\Windows\prefetch\DLLHOST.EXE-5E46FA0D.pf moved successfully.
C:\Windows\prefetch\DLLHOST.EXE-6A473D35.pf moved successfully.
C:\Windows\prefetch\DLLHOST.EXE-766398D2.pf moved successfully.
C:\Windows\prefetch\DLLHOST.EXE-7ED62AA2.pf moved successfully.
C:\Windows\prefetch\DLLHOST.EXE-CF2B07FC.pf moved successfully.
C:\Windows\prefetch\DWM.EXE-722949B6.pf moved successfully.
C:\Windows\prefetch\EXPLORER.EXE-A80E4F97.pf moved successfully.
C:\Windows\prefetch\EXPORTCONTROLLER.EXE-A523F29E.pf moved successfully.
C:\Windows\prefetch\FIREFOX.EXE-A606B53C.pf moved successfully.
C:\Windows\prefetch\GRPCONV.EXE-B823222B.pf moved successfully.
C:\Windows\prefetch\HELPPANE.EXE-FEDC965B.pf moved successfully.
C:\Windows\prefetch\HIDEC.EXE-0F1FADFA.pf moved successfully.
C:\Windows\prefetch\HIJACKTHIS.EXE-51E7A3F3.pf moved successfully.
C:\Windows\prefetch\IEUSER.EXE-7C0FE221.pf moved successfully.
C:\Windows\prefetch\IEXPLORE.EXE-812AD5F1.pf moved successfully.
C:\Windows\prefetch\IEXPLORE.EXE-8F1B6CBC.pf moved successfully.
C:\Windows\prefetch\IEXPLORE.EXE-908C99F8.pf moved successfully.
C:\Windows\prefetch\IPODSCROBBLER.EXE-E57D2AA1.pf moved successfully.
C:\Windows\prefetch\IPODSERVICE.EXE-37C43D64.pf moved successfully.
C:\Windows\prefetch\ITUNES.EXE-2A42B776.pf moved successfully.
C:\Windows\prefetch\ITUNESPLUGINWINSETUP_3.0.4.0.-29F3F0F6.pf moved successfully.
C:\Windows\prefetch\ITUNESPLUGINWINSETUP_3.0.4.0.-777F4C5C.pf moved successfully.
C:\Windows\prefetch\ITUNESPLUGINWINSETUP_3.0.4.0.-BA2D32FE.pf moved successfully.
C:\Windows\prefetch\JAUCHECK.EXE-7E60136B.pf moved successfully.
C:\Windows\prefetch\JAVA.EXE-264CA9D2.pf moved successfully.
C:\Windows\prefetch\JAVA.EXE-E27B75C2.pf moved successfully.
C:\Windows\prefetch\JAVACPL.EXE-D623213D.pf moved successfully.
C:\Windows\prefetch\JAVAW.EXE-91B81925.pf moved successfully.
C:\Windows\prefetch\JAVAWS.EXE-5FA6EB7C.pf moved successfully.
C:\Windows\prefetch\JP2LAUNCHER.EXE-7C1F11C1.pf moved successfully.
C:\Windows\prefetch\JUCHECK.EXE-C527D46E.pf moved successfully.
C:\Windows\prefetch\LASTFM.EXE-CB596DEA.pf moved successfully.
C:\Windows\prefetch\LAUNCHEG.EXE-F105FED1.pf moved successfully.
C:\Windows\prefetch\Layout.ini moved successfully.
C:\Windows\prefetch\LOGMON.EXE-AAD8911D.pf moved successfully.
C:\Windows\prefetch\LOGONUI.EXE-09140401.pf moved successfully.
C:\Windows\prefetch\MOBSYNC.EXE-C5E2284F.pf moved successfully.
C:\Windows\prefetch\MOVIETHUMB.EXE-031195FF.pf moved successfully.
C:\Windows\prefetch\MPCMDRUN.EXE-8791CC49.pf moved successfully.
C:\Windows\prefetch\MPSIGSTUB.EXE-6CB27A06.pf moved successfully.
C:\Windows\prefetch\MSCONFIG.EXE-3A52734E.pf moved successfully.
C:\Windows\prefetch\MSCORSVW.EXE-C3C515BD.pf moved successfully.
C:\Windows\prefetch\N.PIF-2BD32828.pf moved successfully.
C:\Windows\prefetch\NET.EXE-DF44F913.pf moved successfully.
C:\Windows\prefetch\NET1.EXE-849DA590.pf moved successfully.
C:\Windows\prefetch\NOTEPAD.EXE-86E0E9B9.pf moved successfully.
C:\Windows\prefetch\NOTEPAD.EXE-D8414F97.pf moved successfully.
C:\Windows\prefetch\NSPECT.EXE-9A5FCD06.pf moved successfully.
C:\Windows\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\Windows\prefetch\OSE.EXE-533D8AC9.pf moved successfully.
C:\Windows\prefetch\OTL.EXE-AA217B5C.pf moved successfully.
C:\Windows\prefetch\PEV.EXE-CD23FA68.pf moved successfully.
C:\Windows\prefetch\PfSvPerfStats.bin moved successfully.
C:\Windows\prefetch\PHOTOSHOP.EXE-0857968A.pf moved successfully.
C:\Windows\prefetch\PICASA3.EXE-AE331ECB.pf moved successfully.
C:\Windows\prefetch\PICASAUPDATER.EXE-B960F285.pf moved successfully.
C:\Windows\prefetch\PLUGIN-CONTAINER.EXE-7226D1F8.pf moved successfully.
C:\Windows\prefetch\QUICKTIMEPLAYER.EXE-C28F236F.pf moved successfully.
C:\Windows\prefetch\REG.EXE-E7E8BD26.pf moved successfully.
C:\Windows\prefetch\REGEDIT.EXE-90FEEA06.pf moved successfully.
C:\Windows\prefetch\REGEDT32.EXE-A7083228.pf moved successfully.
C:\Windows\prefetch\RUNDLL32.EXE-20030262.pf moved successfully.
C:\Windows\prefetch\RUNDLL32.EXE-230FC512.pf moved successfully.
C:\Windows\prefetch\RUNDLL32.EXE-45A0A71E.pf moved successfully.
C:\Windows\prefetch\RUNDLL32.EXE-70A53FFC.pf moved successfully.
C:\Windows\prefetch\RUNDLL32.EXE-B197135C.pf moved successfully.
C:\Windows\prefetch\RUNONCE.EXE-D0649312.pf moved successfully.
C:\Windows\prefetch\SCSERVER.EXE-01390C45.pf moved successfully.
C:\Windows\prefetch\SDWINSEC.EXE-97872DD2.pf moved successfully.
C:\Windows\prefetch\SEARCHFILTERHOST.EXE-77482212.pf moved successfully.
C:\Windows\prefetch\SEARCHINDEXER.EXE-4A6353B9.pf moved successfully.
C:\Windows\prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf moved successfully.
C:\Windows\prefetch\SHADOW.EXE-1F7FE9EC.pf moved successfully.
C:\Windows\prefetch\SHELL.EXE-E2D2D603.pf moved successfully.
C:\Windows\prefetch\SKYPE.EXE-4929A84C.pf moved successfully.
C:\Windows\prefetch\SKYPENAMES2.EXE-FAE920B5.pf moved successfully.
C:\Windows\prefetch\SKYPEPM.EXE-EECA8925.pf moved successfully.
C:\Windows\prefetch\SOFTWAREUPDATE.EXE-631B74E4.pf moved successfully.
C:\Windows\prefetch\SPYBOTSD.EXE-DC433942.pf moved successfully.
C:\Windows\prefetch\SPYBOTSD162.EXE-64836146.pf moved successfully.
C:\Windows\prefetch\SPYBOTSD162.TMP-2F047006.pf moved successfully.
C:\Windows\prefetch\SPYBOTSD162.TMP-4F26488D.pf moved successfully.
C:\Windows\prefetch\SPYBOTSD_INCLUDES.EXE-30078EA1.pf moved successfully.
C:\Windows\prefetch\SVCHOST.EXE-3F555D99.pf moved successfully.
C:\Windows\prefetch\SVCHOST.EXE-7CFEDEA3.pf moved successfully.
C:\Windows\prefetch\SVCHOST.EXE-80F4A784.pf moved successfully.
C:\Windows\prefetch\SVCHOST.EXE-CFF8C7D9.pf moved successfully.
C:\Windows\prefetch\SWREG.EXE-68FA10C1.pf moved successfully.
C:\Windows\prefetch\TASKENG.EXE-48D4E289.pf moved successfully.
C:\Windows\prefetch\TASKMGR.EXE-5F5F473D.pf moved successfully.
C:\Windows\prefetch\TEATIMER.EXE-F32D0BF9.pf moved successfully.
C:\Windows\prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf moved successfully.
C:\Windows\prefetch\TVTSCHED.EXE-49498E45.pf moved successfully.
C:\Windows\prefetch\VERCLSID.EXE-7C52E31C.pf moved successfully.
C:\Windows\prefetch\VIEWPOINTSERVICE.EXE-BFD6D3DE.pf moved successfully.
C:\Windows\prefetch\VSSVC.EXE-B8AFC319.pf moved successfully.
C:\Windows\prefetch\WERCON.EXE-E36BD04E.pf moved successfully.
C:\Windows\prefetch\WERFAULT.EXE-E69F695A.pf moved successfully.
C:\Windows\prefetch\WERMGR.EXE-0F2AC88C.pf moved successfully.
C:\Windows\prefetch\WINRAR.EXE-94E7D80C.pf moved successfully.
C:\Windows\prefetch\WINWORD.EXE-C91725A1.pf moved successfully.
C:\Windows\prefetch\WLIDSVC.EXE-5514E75E.pf moved successfully.
C:\Windows\prefetch\WLIDSVCM.EXE-A6EF5B2F.pf moved successfully.
C:\Windows\prefetch\WMIADAP.EXE-F8DFDFA2.pf moved successfully.
C:\Windows\prefetch\WMIPRVSE.EXE-1628051C.pf moved successfully.
C:\Windows\prefetch\WMPNSCFG.EXE-FC0D39BF.pf moved successfully.
C:\Windows\prefetch\WSQMCONS.EXE-118B52B7.pf moved successfully.
C:\Windows\prefetch\WUAUCLT.EXE-70318591.pf moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Ninja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Zack
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 3416319 bytes
->Java cache emptied: 805017 bytes
->FireFox cache emptied: 41539678 bytes
->Google Chrome cache emptied: 390032854 bytes
->Flash cache emptied: 1298645 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1674 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 417.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mcx1

User: Mcx2

User: Ninja

User: Public

User: Zack
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.17.3 log created on 11172010_150326

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...






TFC Scan:

Getting user folders.

Stopping running processes.

Emptying Temp folders.


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ninja
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Zack
->Temp folder emptied: 32233 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3823567 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 790 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 0 bytes
Process complete!

Total Files Cleaned = 4.00 mb






Then I did the Malwarebytes program and nothing new showed up, no infections in other words:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5140

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11/17/2010 3:51:19 PM
mbam-log-2010-11-17 (15-51-19).txt

Scan type: Quick scan
Objects scanned: 174999
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




And Finally, the Kapersky scan kept erroring, saying the license had expired, I will try it again after I close the web browser, but here is all of the other information.
  • 0

#8
Rorschach112
Posted 17 November 2010 - 04:39 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
try this instead

* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic


also tell me how its running
  • 0

#9
ZackPanda
Posted 17 November 2010 - 09:16 PM

ZackPanda

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry about that, I kept typing my password incorrectly, all that said:
The computer seems to be running well thus far, the internet no longer has the port issue and nothing came up on start-up.

The eset thing found these two items:

C:\ProgramData\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Zack\AppData\Roaming\Microsoft\Windows\shell.exe.vir a variant of Win32/Kryptik.IFL trojan cleaned by deleting - quarantined


Though they were quarantined items so it makes sense that it found it.

P.s. all the log said in that directory you pointed to was this:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Edited by ZackPanda, 17 November 2010 - 09:17 PM.

  • 0

#10
Rorschach112
Posted 18 November 2010 - 06:42 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.



  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
[clearallrestorepoints]
  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES



  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes



  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP