Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google search redirects, xsoftspyware

Started by rapsfan , Apr 25 2010 04:51 PM

Please log in to reply

#1
rapsfan

Posted 25 April 2010 - 04:51 PM

New Member

Member
8 posts

Hi,
I finally took the plunge and decided to ask someone who actually knows what they're doing to help me specifically rather than me just reading posts directed at others.

Here's the situation of what happened to me. Clicked on a link to a South park episode about a week ago, and since then became infected with a variety of malware/spyware/what have you.

The first thing I noticed were the pop-ups for what I believe was "XSoft Spyware Removal". It's the one that pops up fake security warnings, makes itself look like windows, etc. After that almost completely shut down my computer, I ended up buying spyware doctor in hopes it would root out all that spyware might have installed. Evidently not. It removed some, but not all.

To this day, I have removed what I thought was everything, but still get the following:
- redirects on google searches to ad sites
- new tabs popping up on firefox for similar ad sites (yieldmanager was one)
- xsoft spyware trojan trying to re-install itself (but being blocked by both spyware doctor and McAfee)
- google chrome not loading websites (why I'm using Firefox again)
- failure message coming up saying: Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience." If I click "don't send" or "send error report" on that, the toolbar freezes. If I just drag it out of the way, things tend to be fine.

N.B. - I have used superantispyware and it found a rootkit issue and got rid of it. I have also run malwarebytes, and pretty much everything else that is usually suggested. Running in safe mode tends to give me the blue screen, so I've been unable to do scans with all of my various programs in safest possible way, so I thought that was relevant to mention.

ANY help is appreciated as I keep thinking I've solved it, but sure enough something else seems to stick around every time.

Thanks SO MUCH to anyone who can help me.

Sincerely,
rapsfan

#2
RKinner

Posted 25 April 2010 - 05:01 PM

Malware Expert

Expert
24,625 posts

Can you do the stuff in

http://www.geekstogo...uide-t2852.html

and post your logs (copy and paste- do not attach). Would at least like to see the OTL logs (Step 5).

Ron

#3
rapsfan

Posted 26 April 2010 - 10:46 AM

New Member

Topic Starter
Member
8 posts

Hi RKinner - Thanks so much for getting back so quickly.

I tried to do the Gmer stuff, but it shut down my computer both times - very strange. Have you ever heard of that? I did manage to complete the OTL scans, here are the results.

Looking forward to hearing back from you. Thanks again.

Extras.txt
OTL Extras logfile created on: 4/26/2010 12:19:07 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Richie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.30 Gb Total Space | 96.84 Gb Free Space | 67.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARD
Current User Name: Richie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\SoulseekNS\slsk.exe" = C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D9B400-F721-437B-B4A5-4FE2F3F2431E}" = BlackBerry Device Software v4.6.0 for the BlackBerry 9000 smartphone
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{2FAAD1C5-2D9D-4EDB-BCD1-FF6573986439}" = Mobile Broadband Connect
"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F963A06-7C18-4039-9789-9644B3266AE7}" = Verizon Wireless BroadbandAccess Self Activation
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EF140A7-B1D6-464E-82B4-C8925202FE54}" = Lenovo Fingerprint Software
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ONENOTER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ONENOTER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ONENOTER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ONENOTER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ONENOTER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ONENOTER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{91120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel® PROSet/Wireless WiFi Software
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"17D5EDB8CF9DBD67DDA7675D6772B06BA5809565" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (05/01/2008 8.0.26.3)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.4
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DraftDominator_is1" = DraftDominator Version 6.1e Full
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ITPM" = Intel® Trusted Platform Module
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MP4 Player" = MP4 Player
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"ONENOTER" = Microsoft Office OneNote 2007
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"RegTweaker_is1" = RegTweaker version 3.1.1
"Soulseek2" = SoulSeek 157 NS 13e
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/26/2010 11:49:53 AM | Computer Name = RICHARD | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 4/26/2010 12:02:56 PM | Computer Name = RICHARD | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .

Error - 4/26/2010 12:02:56 PM | Computer Name = RICHARD | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 4/26/2010 12:10:20 PM | Computer Name = RICHARD | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .

Error - 4/26/2010 12:10:20 PM | Computer Name = RICHARD | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 4/26/2010 12:17:40 PM | Computer Name = RICHARD | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .

Error - 4/26/2010 12:17:40 PM | Computer Name = RICHARD | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

Error - 4/26/2010 12:19:27 PM | Computer Name = RICHARD | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a5523.

Error - 4/26/2010 12:42:57 PM | Computer Name = RICHARD | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.HistoryHandler cannot be loaded. Error description:
The system cannot find the file specified. .

Error - 4/26/2010 12:42:57 PM | Computer Name = RICHARD | Source = Windows Search Service | ID = 3083
Description = The protocol handler IEPH.RSSHandler cannot be loaded. Error description:
MAPI: Logon failed. .

[ System Events ]
Error - 4/24/2010 10:09:52 AM | Computer Name = RICHARD | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 4/24/2010 10:22:10 AM | Computer Name = RICHARD | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.79.1745.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5605.0 Error
code: 0x80072efe Error description: The connection with the server was terminated
abnormally

Error - 4/24/2010 11:24:19 AM | Computer Name = RICHARD | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147607809

User:
NT AUTHORITY\SYSTEM Name: Trojan:Win32/FakeRean ID: 2147607809 Severity: High Category:
Trojan Path: Action: %%808 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.81.331.0, AS: 1.81.331.0 Engine Version: 1.1.5703.0

Error - 4/24/2010 12:08:03 PM | Computer Name = RICHARD | Source = Microsoft Antimalware | ID = 1008
Description = %%861 has encountered an error when taking action on spyware or other
potentially unwanted software. For more information please see the following: http://go.microsoft....atid=2147632576

User:
NT AUTHORITY\SYSTEM Name: Virus:Win32/Alureon.H ID: 2147632576 Severity: Severe Category:
Virus Path: Action: %%810 Error Code: 0x80508023 Error description: The program could
not find the spyware and other potentially unwanted software on this computer.
Status: Signature Version: AV: 1.81.331.0, AS: 1.81.331.0 Engine Version: 1.1.5703.0

< End of report >

OTL.txt

OTL logfile created on: 4/26/2010 12:19:07 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Richie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.30 Gb Total Space | 96.84 Gb Free Space | 67.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARD
Current User Name: Richie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/26 12:17:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
PRC - [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/03/09 09:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/29 10:43:34 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/29 10:40:40 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/29 10:35:18 | 000,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/07/28 12:43:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/06/13 20:42:54 | 000,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/06/08 14:00:00 | 000,165,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2008/06/08 14:00:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/06/06 21:21:04 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2008/06/04 13:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/05/14 19:42:40 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/05/14 19:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/05/14 19:32:28 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/14 19:25:12 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/05/10 10:24:04 | 000,102,400 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2008/05/10 10:11:06 | 001,160,440 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/05/09 08:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2008/04/25 03:38:34 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/24 01:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/03/23 21:15:04 | 000,068,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/02/20 05:58:26 | 000,036,128 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/12/05 03:14:34 | 000,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/03 21:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/04/26 12:17:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2008/03/13 05:46:24 | 000,079,224 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
MOD - [2007/12/05 03:14:30 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2008/07/28 12:43:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/06/13 20:42:54 | 000,779,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/05/14 19:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/14 19:32:28 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/14 19:25:12 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/05/10 10:24:04 | 000,102,400 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2008/05/10 10:11:06 | 001,160,440 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/05/09 08:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/02/20 05:58:26 | 000,036,128 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

========== Driver Services (SafeList) ==========

DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/10 15:18:15 | 000,319,000 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/21 21:45:30 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2009/07/21 21:45:30 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/14 02:25:41 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2009/07/14 02:25:23 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2009/07/14 02:24:43 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/03/04 10:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/30 15:00:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2008/07/28 12:43:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2008/06/10 22:15:38 | 006,021,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/05/22 01:01:50 | 000,754,176 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/05/14 19:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 19:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 09:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/10 10:28:10 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/09 08:50:48 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/09 06:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 06:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 06:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 22:42:00 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/03/26 01:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 01:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 18:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/20 05:57:46 | 000,022,696 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/12/05 03:11:56 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 04:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 15:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/09 13:52:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:40:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 19:40:48 | 000,000,000 | ---D | M]

[2009/07/13 23:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Mozilla\Extensions
[2010/04/25 11:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Mozilla\Firefox\Profiles\ewlac0ql.default\extensions
[2009/07/14 03:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Richie\Application Data\Mozilla\Firefox\Profiles\ewlac0ql.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/25 11:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/10 15:37:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Richie\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1251307414031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/04/29 20:12:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (75167429533106176)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 12:17:38 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
[2010/04/26 11:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\4-26-2010
[2010/04/26 11:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/26 11:37:12 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Richie\Desktop\erunt_setup.exe
[2010/04/25 23:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\ThinkVantage Access Connections
[2010/04/25 00:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\down
[2010/04/24 10:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/24 10:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\SUPERAntiSpyware.com
[2010/04/24 10:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/24 10:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/16 16:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/16 16:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/16 14:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\avG
[2010/04/13 20:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/13 20:16:30 | 000,359,656 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Richie\Desktop\msicuu2.exe
[2010/04/13 20:11:46 | 000,701,752 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Richie\My Documents\WindowsXP-KB921883-x86-ENU.exe
[2010/04/13 20:10:33 | 000,648,560 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Richie\My Documents\WindowsXP-KB958644-x86-ENU.exe
[2010/04/13 13:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/13 13:30:33 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Richie\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/04/13 13:01:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richie\Recent
[2010/04/13 12:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/13 04:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/12 23:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/04/12 23:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/04/12 23:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/12 23:53:00 | 034,596,344 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Richie\Desktop\7.0.0.538f-sdasetup.exe
[2010/04/12 20:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/04/12 19:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\avG
[2010/04/12 19:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/12 19:06:46 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/12 19:06:46 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/12 19:06:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/12 19:02:59 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/12 19:02:54 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/12 19:02:54 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/12 19:02:48 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/12 19:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/12 19:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/12 19:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\PC Tools
[2010/04/12 19:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/12 19:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/12 19:01:33 | 036,590,872 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Richie\Desktop\sdsetup.exe
[2010/04/12 18:53:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRAGMAtpethemueq
[2010/04/12 18:53:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRAGMAkidibchwhe
[2010/04/12 18:53:34 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/04/12 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\92082B924A90F598C1F8AE0BB5EA5370
[2010/04/11 18:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\Any Video Converter
[2010/04/11 18:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\AnvSoft
[2010/04/11 18:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/04/11 18:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\OJOsoft Corporation
[2010/04/11 18:06:39 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2010/04/11 18:06:39 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010/04/11 18:06:39 | 000,351,744 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010/04/11 18:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share
[2010/04/11 18:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\OJOsoft
[2010/04/11 14:44:50 | 101,483,407 | ---- | C] (Research In Motion Ltd. ) -- C:\Documents and Settings\Richie\Desktop\9000M_PBr4[1].6.0_rel477_PL4.0.0.235_A4.6.0.282_Rogers_Wireless_Inc.exe
[2010/04/11 14:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\Research In Motion
[2010/04/11 14:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/11 14:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/04/11 14:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/04/11 14:09:26 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2010/04/10 14:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/04/09 16:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Desktop\ADR Project Video Clips
[2010/04/09 16:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2010/04/09 16:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/09 16:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\Roxio
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\Documents and Settings\Richie\My Documents\*.tmp files -> C:\Documents and Settings\Richie\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/26 12:17:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
[2010/04/26 12:14:21 | 000,550,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/26 12:14:21 | 000,462,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/26 12:14:21 | 000,078,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/26 12:13:37 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/26 12:11:19 | 000,018,275 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/04/26 12:10:50 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 12:08:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 12:08:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 12:07:58 | 2072,010,752 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 12:06:58 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Richie\NTUSER.DAT
[2010/04/26 11:43:15 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\gmer.zip
[2010/04/26 11:42:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005UA.job
[2010/04/26 11:39:04 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\ERUNT.lnk
[2010/04/26 11:37:18 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Richie\Desktop\erunt_setup.exe
[2010/04/26 00:31:34 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Richie\ntuser.ini
[2010/04/25 10:23:18 | 000,001,120 | -HS- | M] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\on75462e0FD8
[2010/04/25 10:23:18 | 000,001,120 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\on75462e0FD8
[2010/04/25 10:23:17 | 000,223,744 | -HS- | M] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\MSASCui.exe
[2010/04/25 10:23:13 | 000,001,028 | -HS- | M] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\q1D4024dr1AC
[2010/04/25 10:23:13 | 000,001,028 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q1D4024dr1AC
[2010/04/25 00:06:59 | 000,000,831 | ---- | M] () -- C:\WINDOWS\System32\drivers\down\25641109.exe
[2010/04/25 00:06:54 | 000,000,886 | -HS- | M] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\f1pKdvbneJkm
[2010/04/25 00:06:54 | 000,000,886 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\f1pKdvbneJkm
[2010/04/24 10:42:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005Core.job
[2010/04/24 10:36:44 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/24 10:35:37 | 007,899,168 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\SUPERAntiSpyware.exe
[2010/04/16 15:33:59 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\Google Chrome.lnk
[2010/04/16 14:56:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 14:34:50 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\exefix.reg
[2010/04/16 14:32:31 | 000,011,062 | -HS- | M] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\3HNF5q0
[2010/04/16 14:32:31 | 000,011,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3HNF5q0
[2010/04/16 14:13:52 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2010/04/16 10:58:11 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/14 15:05:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Richie\My Documents\~$uben - Child Support Problems .doc
[2010/04/14 14:59:56 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Richie\My Documents\~$nna's Family Law Summary.doc
[2010/04/14 11:18:21 | 000,308,224 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\MY Updated Fam Summary.doc
[2010/04/13 20:16:33 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richie\Desktop\msicuu2.exe
[2010/04/13 20:11:47 | 000,701,752 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richie\My Documents\WindowsXP-KB921883-x86-ENU.exe
[2010/04/13 20:10:37 | 000,648,560 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richie\My Documents\WindowsXP-KB958644-x86-ENU.exe
[2010/04/13 19:42:14 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Richie\My Documents\TDSSKiller.exe
[2010/04/13 18:32:14 | 000,743,424 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\jess' fam summary.doc
[2010/04/13 17:05:18 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Richie\My Documents\~$mily summary.doc
[2010/04/13 15:26:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/13 13:31:30 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/13 13:30:56 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Richie\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/04/13 13:22:17 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\HiJackThis.lnk
[2010/04/13 13:04:02 | 000,272,858 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\registry backup changes.reg
[2010/04/13 12:54:52 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/13 12:54:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/13 12:54:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/13 11:08:58 | 000,000,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/04/13 11:08:14 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/04/13 00:03:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/04/12 23:54:24 | 034,596,344 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Richie\Desktop\7.0.0.538f-sdasetup.exe
[2010/04/12 23:16:35 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\123myapp.zip
[2010/04/12 19:53:42 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\rkill.com
[2010/04/12 19:08:29 | 000,013,516 | -HS- | M] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\4T227ly4
[2010/04/12 19:08:29 | 000,013,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\4T227ly4
[2010/04/12 19:02:50 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/12 19:01:58 | 036,590,872 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Richie\Desktop\sdsetup.exe
[2010/04/12 18:54:42 | 000,001,181 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
[2010/04/12 18:53:17 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\MY Family Summary.doc
[2010/04/12 13:14:29 | 000,271,872 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\FamilySummary_-_from_Dave.doc
[2010/04/12 11:50:16 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR Project.doc
[2010/04/12 11:32:34 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR TABLE OF CONTENTS.doc
[2010/04/12 09:37:38 | 000,411,648 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR Presentation.ppt
[2010/04/11 21:43:44 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\biblio for ADR.doc
[2010/04/11 18:40:25 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 18:39:28 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\mpg adr project.ROXIO
[2010/04/11 18:30:31 | 248,903,680 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR better quality_mpeg1video.mpg
[2010/04/11 18:12:37 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Data_041110_180458.roxio
[2010/04/11 14:46:17 | 101,483,407 | ---- | M] (Research In Motion Ltd. ) -- C:\Documents and Settings\Richie\Desktop\9000M_PBr4[1].6.0_rel477_PL4.0.0.235_A4.6.0.282_Rogers_Wireless_Inc.exe
[2010/04/11 14:42:45 | 043,387,103 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Backup-(2010-04-11) - WKC.cab
[2010/04/11 14:42:18 | 016,007,607 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Backup-(2010-04-11) - WKC.ipd
[2010/04/11 14:22:26 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/04/09 09:50:51 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\advanced crim paper.doc
[2010/04/08 14:13:41 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR Short Paper - Social Justice.doc
[2010/04/07 19:23:50 | 002,115,573 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\08palm_road.mp3
[2010/04/07 18:42:09 | 002,704,320 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\10fast_ballad.mp3
[2010/04/07 18:41:32 | 002,851,200 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\12pobodys.mp3
[2010/04/07 18:40:56 | 002,567,731 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\02beyonce.mp3
[2010/04/06 12:05:35 | 001,328,131 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Cappelletti Article.pdf
[2010/04/06 12:04:57 | 000,339,410 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\ADR Evaluation Criteria.pdf
[2010/04/05 16:12:30 | 000,042,690 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\RichardProjectEvaluationCriteria (1).pdf
[2010/04/04 21:39:59 | 000,012,494 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\rich crazy hair.jpg
[2010/04/03 12:50:42 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\truepimps picks.xls
[2010/03/31 22:14:35 | 000,034,710 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Rubenstein article.pdf
[2010/03/31 18:47:55 | 000,483,917 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Delgado article.pdf
[2010/03/31 17:11:42 | 001,416,263 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\MenkelMeadow article.pdf
[2010/03/31 16:51:32 | 000,039,491 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Winkler article.pdf
[2010/03/30 10:35:04 | 000,042,648 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\2008 Fam Law Exam.pdf
[2010/03/29 13:50:23 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Nomination for Mouna Hanna.doc
[2010/03/28 15:03:31 | 000,494,080 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Auction_Rosters_2010.xls
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[17 C:\Documents and Settings\Richie\My Documents\*.tmp files -> C:\Documents and Settings\Richie\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 11:43:07 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\gmer.zip
[2010/04/26 11:39:04 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\ERUNT.lnk
[2010/04/26 00:31:36 | 000,117,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/25 10:23:18 | 000,001,120 | -HS- | C] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\on75462e0FD8
[2010/04/25 10:23:18 | 000,001,120 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\on75462e0FD8
[2010/04/25 10:23:13 | 000,001,028 | -HS- | C] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\q1D4024dr1AC
[2010/04/25 10:23:13 | 000,001,028 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q1D4024dr1AC
[2010/04/25 00:06:59 | 000,000,831 | ---- | C] () -- C:\WINDOWS\System32\drivers\down\25641109.exe
[2010/04/25 00:06:54 | 000,000,886 | -HS- | C] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\f1pKdvbneJkm
[2010/04/25 00:06:54 | 000,000,886 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f1pKdvbneJkm
[2010/04/25 00:06:53 | 000,223,744 | -HS- | C] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\MSASCui.exe
[2010/04/24 10:36:44 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/24 10:34:54 | 007,899,168 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\SUPERAntiSpyware.exe
[2010/04/16 15:33:59 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\Google Chrome.lnk
[2010/04/16 14:30:31 | 000,011,062 | -HS- | C] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\3HNF5q0
[2010/04/16 14:30:31 | 000,011,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3HNF5q0
[2010/04/14 14:59:56 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Richie\My Documents\~$nna's Family Law Summary.doc
[2010/04/14 11:20:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 18:32:14 | 000,743,424 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\jess' fam summary.doc
[2010/04/13 15:54:19 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Richie\My Documents\~$uben - Child Support Problems .doc
[2010/04/13 14:03:16 | 000,308,224 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\MY Updated Fam Summary.doc
[2010/04/13 13:36:40 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/13 13:31:30 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/13 13:03:55 | 000,272,858 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\registry backup changes.reg
[2010/04/13 11:08:39 | 000,000,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2010/04/13 11:08:14 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/04/12 23:16:33 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\123myapp.zip
[2010/04/12 19:53:42 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\rkill.com
[2010/04/12 19:06:49 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/12 19:06:46 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/12 19:06:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/12 19:06:46 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/12 19:06:46 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/12 19:02:59 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/12 19:02:54 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/12 19:02:54 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/12 19:02:50 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/12 19:02:48 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/12 18:59:50 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\exefix.reg
[2010/04/12 18:54:42 | 000,001,181 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
[2010/04/12 18:53:24 | 000,013,516 | -HS- | C] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\4T227ly4
[2010/04/12 18:53:24 | 000,013,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4T227ly4
[2010/04/12 15:22:53 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\MY Family Summary.doc
[2010/04/12 14:54:46 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Richie\My Documents\~$mily summary.doc
[2010/04/12 11:30:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR TABLE OF CONTENTS.doc
[2010/04/11 21:38:57 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\biblio for ADR.doc
[2010/04/11 18:39:28 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\mpg adr project.ROXIO
[2010/04/11 18:19:25 | 248,903,680 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR better quality_mpeg1video.mpg
[2010/04/11 18:12:37 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Data_041110_180458.roxio
[2010/04/11 14:42:43 | 043,387,103 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Backup-(2010-04-11) - WKC.cab
[2010/04/11 14:42:18 | 016,007,607 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Backup-(2010-04-11) - WKC.ipd
[2010/04/11 14:23:46 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/04/11 14:22:26 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/04/11 14:11:00 | 000,411,648 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR Presentation.ppt
[2010/04/10 16:53:34 | 000,271,872 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\FamilySummary_-_from_Dave.doc
[2010/04/08 19:53:06 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR Project.doc
[2010/04/07 19:17:03 | 002,115,573 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\08palm_road.mp3
[2010/04/07 18:42:04 | 002,704,320 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\10fast_ballad.mp3
[2010/04/07 18:41:26 | 002,851,200 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\12pobodys.mp3
[2010/04/07 18:38:02 | 002,567,731 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\02beyonce.mp3
[2010/04/06 12:05:35 | 001,328,131 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Cappelletti Article.pdf
[2010/04/06 12:04:57 | 000,339,410 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\ADR Evaluation Criteria.pdf
[2010/04/06 11:56:08 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR Short Paper - Social Justice.doc
[2010/04/05 16:12:30 | 000,042,690 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\RichardProjectEvaluationCriteria (1).pdf
[2010/04/04 21:39:59 | 000,012,494 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\rich crazy hair.jpg
[2010/04/02 22:05:19 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\truepimps picks.xls
[2010/03/31 22:14:35 | 000,034,710 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Rubenstein article.pdf
[2010/03/31 18:47:55 | 000,483,917 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Delgado article.pdf
[2010/03/31 17:11:42 | 001,416,263 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\MenkelMeadow article.pdf
[2010/03/31 16:51:32 | 000,039,491 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Winkler article.pdf
[2010/03/30 10:35:04 | 000,042,648 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\2008 Fam Law Exam.pdf
[2010/03/29 13:50:23 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Nomination for Mouna Hanna.doc
[2010/03/11 17:38:06 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/02 13:27:50 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2009/08/26 12:51:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/26 12:51:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/08/26 12:51:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/07/15 02:55:43 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/15 02:55:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/14 02:29:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/14 02:24:31 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/07/14 02:23:43 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2009/07/14 02:21:03 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/07/14 02:21:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/14 02:18:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/07/14 02:18:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/07/14 02:18:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/07/14 02:18:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/07/14 02:18:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/07/14 02:18:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/14 02:10:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2009/07/14 02:07:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009/07/14 02:04:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:45:50 | 000,319,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/07/14 00:09:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/07/14 00:09:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/07/14 00:09:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/07/14 00:09:24 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/04/03 06:39:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/22 02:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\drivers\other\IaStor.sys
[2008/07/22 02:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys
[2010/02/10 15:18:15 | 000,319,000 | ---- | M] () MD5=D3CBBA6833606838A8690A18CB660125 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2006/04/29 20:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 20:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 20:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/24 17:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2010/02/02 14:03:32 | 000,015,944 | ---- | M] () -- C:\WINDOWS\system32\drivers\hitmanpro35.sys
[2010/02/10 15:18:15 | 000,319,000 | ---- | M] () -- C:\WINDOWS\system32\drivers\iaStor.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\PCTCore.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctgntdi.sys
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\pctplsg.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[1 C:\WINDOWS\system32\drivers\*.tmp files -> C:\WINDOWS\system32\drivers\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#4
RKinner

Posted 26 April 2010 - 11:42 AM

Malware Expert

Expert
24,625 posts

It's not uncommon for gmer to crash. A lot of rootkits know about it and will crash the system if they see it.

Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

:Files
C:\Documents and Settings\Richie\Local Settings\Application Data\on75462e0FD8
C:\Documents and Settings\All Users\Application Data\on75462e0FD8
C:\Documents and Settings\Richie\Local Settings\Application Data\q1D4024dr1AC
C:\Documents and Settings\All Users\Application Data\q1D4024dr1AC
C:\WINDOWS\System32\drivers\down\25641109.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\f1pKdvbneJkm
C:\Documents and Settings\All Users\Application Data\f1pKdvbneJkm
C:\Documents and Settings\Richie\Local Settings\Application Data\MSASCui.exe
C:\Documents and Settings\Richie\Local Settings\Application Data\3HNF5q0
C:\Documents and Settings\All Users\Application Data\3HNF5q0
C:\Documents and Settings\Richie\Local Settings\Application Data\4T227ly4
C:\Documents and Settings\All Users\Application Data\4T227ly4
C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll
C:\WINDOWS\PRAGMAtpethemueq
C:\WINDOWS\PRAGMAkidibchwhe
C:\WINDOWS\System32\drivers\kgpfr2.cfg
C:\WINDOWS\System32\drivers\kgpcpy.cfg

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malwarebytes' Anti-Malware

Run MBAM. Click the Update button.

* If an update is found, it will download and install the latest version.
* Select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

You are running two or maybe three antiviruses (I'm not sure what Spyware Doctor 7.0 is). More is not better as they fight each other. Unless McAfee is a paid up subscription uninstall it then run the McAfee removal tool:
http://service.mcafe...spx?id=TS100507.

If you want to keep McAfee then uninstall Microsoft Security Essentials and Spyware Doctor 7.0 (if it's the one with anti-virus). If Spyware Doctor 7.0 is providing anti-virus services then uninstall it too unless you have paid for it then uninstall McAfee and Microsoft Security Essentials.

Whichever anti-virus you keep has to be paused or disabled for the next step:

While you are uninstalling things, also uninstall Microsoft Search Enhancement Pack which appears to have major problems.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Reboot now, please :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron

#5
rapsfan

Posted 01 May 2010 - 10:45 PM

New Member

Topic Starter
Member
8 posts

Hi Ron,
Sorry I have not written back sooner - not that you are waiting for me to, but I thought I'd let you know that I'm still working on this. Here's my OTL Log. I will post the other two after this.

OTL logfile created on: 5/2/2010 12:36:23 AM - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Richie\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.30 Gb Total Space | 97.17 Gb Free Space | 67.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RICHARD
Current User Name: Richie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/26 12:17:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
PRC - [2010/04/02 19:40:41 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 12:28:36 | 002,010,864 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/03/09 09:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/07/29 10:43:34 | 000,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/07/29 10:40:40 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/07/29 10:35:18 | 000,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/07/28 12:43:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/06/13 20:42:54 | 000,779,576 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/06/08 14:00:00 | 000,165,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2008/06/08 14:00:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/06/06 21:21:04 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2008/06/04 13:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2008/05/14 19:42:40 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/05/14 19:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/05/14 19:32:28 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/14 19:25:12 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/05/10 10:24:04 | 000,102,400 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2008/05/10 10:11:06 | 001,160,440 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\AtService.exe
PRC - [2008/05/09 08:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2008/04/25 03:38:34 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/24 01:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/03/23 21:15:04 | 000,068,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/02/20 05:58:26 | 000,036,128 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/12/05 03:14:34 | 000,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/03 21:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/04/26 12:17:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2007/12/05 03:14:30 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/12/08 15:25:28 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/11/04 17:53:34 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/11/04 16:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/10/29 07:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/10/28 12:50:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/07/29 10:42:32 | 000,221,184 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/07/29 10:42:28 | 000,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/07/08 12:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 20:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/02/27 07:54:22 | 000,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 06:55:20 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/02/27 06:38:38 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2008/07/28 12:43:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/06/13 20:42:54 | 000,779,576 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/24 18:52:50 | 000,032,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/05/14 19:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/14 19:32:28 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/14 19:25:12 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/14 19:21:16 | 000,037,416 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/05/10 10:24:04 | 000,102,400 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2008/05/10 10:11:06 | 001,160,440 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\WINDOWS\system32\AtService.exe -- (ATService)
SRV - [2008/05/09 08:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/02/20 05:58:26 | 000,036,128 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)

========== Driver Services (SafeList) ==========

DRV - [2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/10 15:18:15 | 000,319,000 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/11/04 17:54:12 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/04 17:54:12 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/04 17:54:12 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/04 17:54:12 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/04 17:53:40 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/21 21:45:30 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2009/07/21 21:45:30 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2009/07/16 13:32:26 | 000,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/14 02:25:41 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2009/07/14 02:25:23 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2009/07/14 02:24:43 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/03/04 10:31:32 | 004,202,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/30 15:00:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2008/07/28 12:43:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2008/06/10 22:15:38 | 006,021,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/05/22 01:01:50 | 000,754,176 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/05/14 19:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 19:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 09:14:16 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/10 10:28:10 | 000,475,136 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/09 08:50:48 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/09 06:16:48 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/04/09 06:16:48 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/04/09 06:16:48 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/26 22:42:00 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2008/03/26 01:21:06 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2008/03/26 01:12:56 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2008/02/22 18:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2008/02/20 05:57:46 | 000,022,696 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/12/05 03:11:56 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/03/12 04:25:28 | 000,099,848 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/02/09 15:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/09 13:52:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/02 19:40:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/02 19:40:48 | 000,000,000 | ---D | M]

[2009/07/13 23:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Mozilla\Extensions
[2010/05/01 23:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Mozilla\Firefox\Profiles\ewlac0ql.default\extensions
[2009/07/14 03:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Richie\Application Data\Mozilla\Firefox\Profiles\ewlac0ql.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/01 23:55:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/10 15:37:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Richie\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1251307414031 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/02 00:29:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/01 23:52:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/26 12:17:38 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
[2010/04/26 11:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\4-26-2010
[2010/04/26 11:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/26 11:37:12 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Richie\Desktop\erunt_setup.exe
[2010/04/25 23:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\ThinkVantage Access Connections
[2010/04/25 00:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\down
[2010/04/24 10:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/24 10:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\SUPERAntiSpyware.com
[2010/04/24 10:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/24 10:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/16 16:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/16 16:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/16 14:30:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\avG
[2010/04/13 20:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/04/13 13:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/13 13:01:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Richie\Recent
[2010/04/13 12:53:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/13 04:29:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/12 23:59:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2010/04/12 23:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/04/12 23:58:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/04/12 23:53:00 | 034,596,344 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Richie\Desktop\7.0.0.538f-sdasetup.exe
[2010/04/12 20:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/04/12 19:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\avG
[2010/04/12 19:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/12 19:06:46 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/04/12 19:06:46 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/04/12 19:06:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/04/12 19:02:59 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/04/12 19:02:54 | 000,217,032 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/04/12 19:02:54 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/04/12 19:02:48 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/04/12 19:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/12 19:02:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/12 19:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\PC Tools
[2010/04/12 19:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/04/12 19:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/12 19:01:33 | 036,590,872 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Richie\Desktop\sdsetup.exe
[2010/04/12 18:53:34 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/04/12 18:53:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\92082B924A90F598C1F8AE0BB5EA5370
[2010/04/11 18:18:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\Any Video Converter
[2010/04/11 18:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\AnvSoft
[2010/04/11 18:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/04/11 18:06:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\My Documents\OJOsoft Corporation
[2010/04/11 18:06:39 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010/04/11 18:06:39 | 000,351,744 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010/04/11 18:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Common Share
[2010/04/11 18:06:38 | 000,000,000 | ---D | C] -- C:\Program Files\OJOsoft
[2010/04/11 14:44:50 | 101,483,407 | ---- | C] (Research In Motion Ltd. ) -- C:\Documents and Settings\Richie\Desktop\9000M_PBr4[1].6.0_rel477_PL4.0.0.235_A4.6.0.282_Rogers_Wireless_Inc.exe
[2010/04/11 14:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\Research In Motion
[2010/04/11 14:22:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/11 14:22:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/04/11 14:22:10 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/04/10 14:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/04/09 16:29:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Desktop\ADR Project Video Clips
[2010/04/09 16:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2010/04/09 16:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\WMTools Downloaded Files
[2010/04/09 16:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\Roxio
[2010/03/27 11:10:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Tracing
[2010/03/27 11:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/03/27 11:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/03/27 11:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/03/27 11:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/03/27 11:08:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/03/27 10:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/03/22 10:43:42 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Richie\My Documents\TDSSKiller.exe
[2010/03/11 17:38:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/02/11 16:08:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/10 15:28:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/10 15:26:43 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/10 15:26:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/10 15:26:43 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/10 15:26:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/10 15:26:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/03 15:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/02/02 16:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\Temp
[2010/02/02 16:27:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Local Settings\Application Data\Google
[2010/02/02 16:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/02/02 15:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/02 15:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/02 15:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Desktop\TMVIRUSCAN
[2010/02/02 14:03:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Richie\IETldCache
[2010/02/02 14:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/02 13:59:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/02 13:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/02/02 13:27:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/02/02 13:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/02/02 13:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\RegTweaker
[2010/02/02 12:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richie\Application Data\Malwarebytes
[2010/02/02 12:07:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/02 12:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/02 12:07:48 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/02 12:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[17 C:\Documents and Settings\Richie\My Documents\*.tmp files -> C:\Documents and Settings\Richie\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/02 00:42:13 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005UA.job
[2010/05/02 00:37:28 | 000,462,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/02 00:37:27 | 000,550,988 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/02 00:37:27 | 000,078,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/02 00:36:31 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/02 00:34:11 | 000,018,275 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/02 00:33:31 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/02 00:31:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/02 00:31:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/02 00:31:17 | 2072,010,752 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/02 00:30:15 | 003,932,160 | -H-- | M] () -- C:\Documents and Settings\Richie\NTUSER.DAT
[2010/05/02 00:30:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Richie\ntuser.ini
[2010/05/01 23:44:55 | 000,002,300 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\Google Chrome.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/27 15:25:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/27 11:58:54 | 001,406,936 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Barrister.zip
[2010/04/27 11:57:29 | 002,426,138 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Solicitor.zip
[2010/04/26 23:38:31 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\Taylor Casement Bio.DOC
[2010/04/26 12:17:59 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Richie\Desktop\OTL.exe
[2010/04/26 11:43:15 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\gmer.zip
[2010/04/26 11:39:04 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\ERUNT.lnk
[2010/04/26 11:37:18 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Richie\Desktop\erunt_setup.exe
[2010/04/24 10:42:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005Core.job
[2010/04/24 10:36:44 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/24 10:35:37 | 007,899,168 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\SUPERAntiSpyware.exe
[2010/04/16 14:56:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/16 14:34:50 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\exefix.reg
[2010/04/16 14:13:52 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
[2010/04/16 10:58:11 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/04/14 15:05:21 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Richie\My Documents\~$uben - Child Support Problems .doc
[2010/04/14 14:59:56 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Richie\My Documents\~$nna's Family Law Summary.doc
[2010/04/14 11:18:21 | 000,308,224 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\MY Updated Fam Summary.doc
[2010/04/13 19:42:14 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Richie\My Documents\TDSSKiller.exe
[2010/04/13 18:32:14 | 000,743,424 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\jess' fam summary.doc
[2010/04/13 17:05:18 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Richie\My Documents\~$mily summary.doc
[2010/04/13 13:31:30 | 000,000,827 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/13 13:22:17 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\HiJackThis.lnk
[2010/04/13 13:04:02 | 000,272,858 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\registry backup changes.reg
[2010/04/13 12:54:52 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/13 12:54:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/13 12:54:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/13 00:03:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/04/12 23:54:24 | 034,596,344 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Richie\Desktop\7.0.0.538f-sdasetup.exe
[2010/04/12 23:16:35 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\123myapp.zip
[2010/04/12 19:53:42 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\rkill.com
[2010/04/12 19:02:50 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/12 19:01:58 | 036,590,872 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Richie\Desktop\sdsetup.exe
[2010/04/12 18:53:17 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\MY Family Summary.doc
[2010/04/12 13:14:29 | 000,271,872 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\FamilySummary_-_from_Dave.doc
[2010/04/12 11:50:16 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR Project.doc
[2010/04/12 11:32:34 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR TABLE OF CONTENTS.doc
[2010/04/12 09:37:38 | 000,411,648 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR Presentation.ppt
[2010/04/11 21:43:44 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\biblio for ADR.doc
[2010/04/11 18:40:25 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Richie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/11 18:39:28 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\mpg adr project.ROXIO
[2010/04/11 18:30:31 | 248,903,680 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR better quality_mpeg1video.mpg
[2010/04/11 18:12:37 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Data_041110_180458.roxio
[2010/04/11 14:46:17 | 101,483,407 | ---- | M] (Research In Motion Ltd. ) -- C:\Documents and Settings\Richie\Desktop\9000M_PBr4[1].6.0_rel477_PL4.0.0.235_A4.6.0.282_Rogers_Wireless_Inc.exe
[2010/04/11 14:42:45 | 043,387,103 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Backup-(2010-04-11) - WKC.cab
[2010/04/11 14:42:18 | 016,007,607 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Backup-(2010-04-11) - WKC.ipd
[2010/04/11 14:22:26 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/04/09 09:50:51 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\advanced crim paper.doc
[2010/04/08 14:13:41 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR Short Paper - Social Justice.doc
[2010/04/07 19:23:50 | 002,115,573 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\08palm_road.mp3
[2010/04/07 18:42:09 | 002,704,320 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\10fast_ballad.mp3
[2010/04/07 18:41:32 | 002,851,200 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\12pobodys.mp3
[2010/04/07 18:40:56 | 002,567,731 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\02beyonce.mp3
[2010/04/06 12:05:35 | 001,328,131 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Cappelletti Article.pdf
[2010/04/06 12:04:57 | 000,339,410 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\ADR Evaluation Criteria.pdf
[2010/04/05 16:12:30 | 000,042,690 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\RichardProjectEvaluationCriteria (1).pdf
[2010/04/04 21:39:59 | 000,012,494 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\rich crazy hair.jpg
[2010/04/03 12:50:42 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\truepimps picks.xls
[2010/03/31 22:14:35 | 000,034,710 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Rubenstein article.pdf
[2010/03/31 18:47:55 | 000,483,917 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Delgado article.pdf
[2010/03/31 17:11:42 | 001,416,263 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\MenkelMeadow article.pdf
[2010/03/31 16:51:32 | 000,039,491 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Winkler article.pdf
[2010/03/30 10:35:04 | 000,042,648 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\2008 Fam Law Exam.pdf
[2010/03/29 13:50:23 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Nomination for Mouna Hanna.doc
[2010/03/28 15:03:31 | 000,494,080 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Auction_Rosters_2010.xls
[2010/03/24 16:58:15 | 000,206,036 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\Mixeddeep.pdf
[2010/03/23 10:45:09 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Family Law Lecture 11 Spousal Support & Property.ppt
[2010/03/21 18:57:32 | 000,067,584 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Good Cop.doc
[2010/03/17 11:37:10 | 000,754,688 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Family summary.doc
[2010/03/16 19:05:50 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR participation essay.doc
[2010/03/11 17:38:06 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/10 11:36:36 | 000,217,032 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/03/09 13:19:44 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Paul Lambert (1).doc
[2010/03/09 13:16:18 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VPN Client.LNK
[2010/03/09 13:16:13 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
[2010/03/07 19:29:18 | 000,887,808 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Auction Rosters 2010.xls
[2010/03/06 20:00:04 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Moneyball rules.xls
[2010/03/04 17:11:49 | 000,736,256 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Family Law class notes.doc
[2010/03/03 15:04:40 | 000,498,176 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\t-case Exam Framework AG.doc
[2010/03/01 21:47:40 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Gruben - Child Support Problems .doc
[2010/02/23 12:02:56 | 000,478,720 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Kenna's Family Law Summary.doc
[2010/02/19 16:00:54 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR Project Proposal.doc
[2010/02/19 09:47:26 | 011,411,456 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\vpnclient501.exe
[2010/02/11 16:08:25 | 000,062,923 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\ADR updated schedule.pdf
[2010/02/10 15:37:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/10 15:25:35 | 003,853,266 | R--- | M] () -- C:\Documents and Settings\Richie\My Documents\Combo-Fix.exe
[2010/02/10 15:18:15 | 000,319,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2010/02/05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/02/04 15:32:19 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\ADR activity 1.doc
[2010/02/03 15:53:43 | 000,538,112 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Con II Summary.doc
[2010/02/02 15:53:49 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Richie\Desktop\Spybot - Search & Destroy.lnk
[2010/02/02 14:03:32 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/01 14:49:16 | 000,329,728 | ---- | M] () -- C:\Documents and Settings\Richie\My Documents\Con II class notes.doc
[17 C:\Documents and Settings\Richie\My Documents\*.tmp files -> C:\Documents and Settings\Richie\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/27 11:58:54 | 001,406,936 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Barrister.zip
[2010/04/27 11:57:24 | 002,426,138 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Solicitor.zip
[2010/04/26 23:38:31 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\Taylor Casement Bio.DOC
[2010/04/26 11:43:07 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\gmer.zip
[2010/04/26 11:39:04 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\ERUNT.lnk
[2010/04/26 00:31:36 | 000,117,728 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/24 10:36:44 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/24 10:34:54 | 007,899,168 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\SUPERAntiSpyware.exe
[2010/04/16 15:33:59 | 000,002,300 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\Google Chrome.lnk
[2010/04/14 14:59:56 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Richie\My Documents\~$nna's Family Law Summary.doc
[2010/04/14 11:20:46 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/13 18:32:14 | 000,743,424 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\jess' fam summary.doc
[2010/04/13 15:54:19 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Richie\My Documents\~$uben - Child Support Problems .doc
[2010/04/13 14:03:16 | 000,308,224 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\MY Updated Fam Summary.doc
[2010/04/13 13:36:40 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/13 13:31:30 | 000,000,827 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/13 13:03:55 | 000,272,858 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\registry backup changes.reg
[2010/04/12 23:16:33 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\123myapp.zip
[2010/04/12 19:53:42 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\rkill.com
[2010/04/12 19:06:49 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/04/12 19:06:46 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/04/12 19:06:46 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/04/12 19:06:46 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/04/12 19:06:46 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/04/12 19:02:59 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/04/12 19:02:54 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/04/12 19:02:54 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/04/12 19:02:50 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/04/12 19:02:48 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/04/12 18:59:50 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\exefix.reg
[2010/04/12 15:22:53 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\MY Family Summary.doc
[2010/04/12 14:54:46 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Richie\My Documents\~$mily summary.doc
[2010/04/12 11:30:52 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR TABLE OF CONTENTS.doc
[2010/04/11 21:38:57 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\biblio for ADR.doc
[2010/04/11 18:39:28 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\mpg adr project.ROXIO
[2010/04/11 18:19:25 | 248,903,680 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR better quality_mpeg1video.mpg
[2010/04/11 18:12:37 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Data_041110_180458.roxio
[2010/04/11 14:42:43 | 043,387,103 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Backup-(2010-04-11) - WKC.cab
[2010/04/11 14:42:18 | 016,007,607 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Backup-(2010-04-11) - WKC.ipd
[2010/04/11 14:23:46 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/04/11 14:22:26 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/04/11 14:11:00 | 000,411,648 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR Presentation.ppt
[2010/04/10 16:53:34 | 000,271,872 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\FamilySummary_-_from_Dave.doc
[2010/04/08 19:53:06 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR Project.doc
[2010/04/07 19:17:03 | 002,115,573 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\08palm_road.mp3
[2010/04/07 18:42:04 | 002,704,320 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\10fast_ballad.mp3
[2010/04/07 18:41:26 | 002,851,200 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\12pobodys.mp3
[2010/04/07 18:38:02 | 002,567,731 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\02beyonce.mp3
[2010/04/06 12:05:35 | 001,328,131 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Cappelletti Article.pdf
[2010/04/06 12:04:57 | 000,339,410 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\ADR Evaluation Criteria.pdf
[2010/04/06 11:56:08 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR Short Paper - Social Justice.doc
[2010/04/05 16:12:30 | 000,042,690 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\RichardProjectEvaluationCriteria (1).pdf
[2010/04/04 21:39:59 | 000,012,494 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\rich crazy hair.jpg
[2010/04/02 22:05:19 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\truepimps picks.xls
[2010/03/31 22:14:35 | 000,034,710 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Rubenstein article.pdf
[2010/03/31 18:47:55 | 000,483,917 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Delgado article.pdf
[2010/03/31 17:11:42 | 001,416,263 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\MenkelMeadow article.pdf
[2010/03/31 16:51:32 | 000,039,491 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Winkler article.pdf
[2010/03/30 10:35:04 | 000,042,648 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\2008 Fam Law Exam.pdf
[2010/03/29 13:50:23 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Nomination for Mouna Hanna.doc
[2010/03/24 16:58:15 | 000,206,036 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\Mixeddeep.pdf
[2010/03/23 10:45:09 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Family Law Lecture 11 Spousal Support & Property.ppt
[2010/03/22 10:48:22 | 000,494,080 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Auction_Rosters_2010.xls
[2010/03/21 18:57:31 | 000,067,584 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Good Cop.doc
[2010/03/16 11:37:30 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR participation essay.doc
[2010/03/11 17:38:06 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/09 13:19:43 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Paul Lambert (1).doc
[2010/03/06 20:00:04 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Moneyball rules.xls
[2010/03/06 19:04:05 | 000,887,808 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Auction Rosters 2010.xls
[2010/03/04 17:01:46 | 000,736,256 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Family Law class notes.doc
[2010/03/03 15:04:39 | 000,498,176 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\t-case Exam Framework AG.doc
[2010/03/01 21:10:23 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\advanced crim paper.doc
[2010/03/01 20:41:32 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Gruben - Child Support Problems .doc
[2010/02/23 11:57:25 | 000,478,720 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Kenna's Family Law Summary.doc
[2010/02/19 13:34:48 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR Project Proposal.doc
[2010/02/19 09:48:37 | 000,000,751 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VPN Client.LNK
[2010/02/17 14:47:12 | 011,411,456 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\vpnclient501.exe
[2010/02/11 16:08:25 | 000,062,923 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\ADR updated schedule.pdf
[2010/02/10 15:28:42 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/02/10 15:28:39 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/10 15:26:43 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/10 15:26:43 | 000,212,480 | ---- | C] () -- C:\WINDOWS\SWXCACLS.exe
[2010/02/10 15:26:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/10 15:26:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/10 15:26:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/10 15:26:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/10 15:25:35 | 003,853,266 | R--- | C] () -- C:\Documents and Settings\Richie\My Documents\Combo-Fix.exe
[2010/02/04 15:13:26 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\ADR activity 1.doc
[2010/02/03 15:21:49 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\HiJackThis.lnk
[2010/02/02 16:27:50 | 000,000,982 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005UA.job
[2010/02/02 16:27:49 | 000,000,930 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005Core.job
[2010/02/02 15:53:49 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Richie\Desktop\Spybot - Search & Destroy.lnk
[2010/02/02 13:27:50 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/02 12:06:54 | 000,754,688 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Family summary.doc
[2010/02/01 14:49:25 | 000,538,112 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Con II Summary.doc
[2010/02/01 14:49:15 | 000,329,728 | ---- | C] () -- C:\Documents and Settings\Richie\My Documents\Con II class notes.doc
[2009/08/26 12:51:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/26 12:51:53 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/08/26 12:51:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/07/15 02:55:43 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/07/15 02:55:43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/07/14 02:29:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/07/14 02:24:31 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/07/14 02:23:43 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2009/07/14 02:21:03 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/07/14 02:21:03 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/14 02:18:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/07/14 02:18:41 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/07/14 02:18:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/07/14 02:18:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/07/14 02:18:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/07/14 02:18:41 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/07/14 02:10:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2009/07/14 02:07:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009/07/14 02:04:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:45:50 | 000,319,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\iaStor.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/04/12 19:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avG
[2010/04/11 15:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2010/02/02 13:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/07/14 02:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/07/14 02:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/04/11 14:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/04/12 23:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/07/16 23:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2010/04/13 11:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/05/02 00:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/14 02:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2010/01/12 16:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/14 12:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/04/12 20:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\92082B924A90F598C1F8AE0BB5EA5370
[2010/04/11 18:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\AnvSoft
[2009/07/14 02:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\CachedFiles
[2010/01/05 17:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\InterVideo
[2009/07/14 02:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Lenovo
[2010/04/11 14:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Research In Motion
[2009/09/08 16:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Windows Desktop Search
[2009/10/05 19:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richie\Application Data\Windows Search
[2009/12/15 02:24:13 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2010/01/01 02:00:05 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2010/05/02 00:36:31 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/04/13 00:03:14 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#6
rapsfan

Posted 02 May 2010 - 07:54 AM

New Member

Topic Starter
Member
8 posts

mbam log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4058

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/2/2010 9:53:37 AM
mbam-log-2010-05-02 (09-53-37).txt

Scan type: Full scan (C:\|)
Objects scanned: 189231
Time elapsed: 1 hour(s), 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Richie\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\drivers\down (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.

#7
RKinner

Posted 02 May 2010 - 08:06 AM

Malware Expert

Expert
24,625 posts

You are going to have trouble with combofix unless you get rid of your extra anti-viruses and pause or disable the one you keep. I know mcafee will eat key parts of combofix. Don't know much about MSE and am not sure which version of pctools you have.

Ron

#8
rapsfan

Posted 02 May 2010 - 08:19 AM

New Member

Topic Starter
Member
8 posts

ok, I'm working on getting rid of the extra antivirus programs.

one quick question before I do the combofix - the restart froze after it closed all the programs on the automatic MBAM reboot. so I manually pushed down the reset/power button. will that be an issue?

#9
RKinner

Posted 02 May 2010 - 08:38 AM

Malware Expert

Expert
24,625 posts

I don't think it will be a problem.

Ron

#10
rapsfan

Posted 02 May 2010 - 08:39 AM

New Member

Topic Starter
Member
8 posts

OK, cool. My latest issue is trying to remove the microsoft search enhancement pack. can't find it in add/remove programs and have tried a couple other manual searches and it has turned up nothing. any ideas?

#11
RKinner

Posted 02 May 2010 - 08:54 AM

Malware Expert

Expert
24,625 posts

Microsoft Security Essentials is what you want to remove.

Ron

#12
rapsfan

Posted 02 May 2010 - 09:27 AM

New Member

Topic Starter
Member
8 posts

Hi Ron, here's my combofix log. I can tell you that one thing is already working better - Google Chrome is completely running now! Let me know if you see anything here that I should address. Thank you SO MUCH.

ComboFix 10-05-01.04 - Richie 05/02/2010 11:09:25.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1336 [GMT -4:00]
Running from: c:\documents and settings\Richie\Desktop\george.exe
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

Infected copy of c:\windows\system32\drivers\dmload.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((( Files Created from 2010-04-02 to 2010-05-02 )))))))))))))))))))))))))))))))
.

2010-05-02 06:39 . 2010-05-02 06:39 5888 ----a-w- c:\windows\system32\drivers\euzwipma.sys
2010-05-02 04:38 . 2010-05-02 04:38 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-02 04:29 . 2010-05-02 04:29 -------- d-----w- C:\_OTL
2010-04-26 15:39 . 2010-04-26 15:39 -------- d-----w- c:\program files\ERUNT
2010-04-26 04:31 . 2010-04-26 04:31 117728 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-24 14:37 . 2010-04-24 14:37 52224 ----a-w- c:\documents and settings\Richie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-24 14:37 . 2010-04-24 14:37 117760 ----a-w- c:\documents and settings\Richie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-24 14:36 . 2010-04-24 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 14:36 . 2010-04-24 14:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 14:36 . 2010-04-24 14:36 -------- d-----w- c:\documents and settings\Richie\Application Data\SUPERAntiSpyware.com
2010-04-24 14:35 . 2010-04-24 14:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-16 18:30 . 2010-04-16 18:30 -------- d-----w- c:\documents and settings\Richie\Local Settings\Application Data\avG
2010-04-14 00:17 . 2010-04-14 00:17 3584 ----a-r- c:\documents and settings\Richie\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-14 00:17 . 2010-04-14 00:17 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-13 08:29 . 2010-04-13 08:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-13 03:59 . 2010-04-13 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-04-13 03:58 . 2010-04-13 03:58 -------- d-----w- c:\program files\Common Files\iS3
2010-04-13 03:58 . 2010-04-13 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-04-12 23:13 . 2010-04-12 23:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\avG
2010-04-12 23:13 . 2010-04-12 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-12 23:06 . 2010-01-22 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-12 23:06 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-12 23:06 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-12 23:06 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-12 23:06 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-12 23:06 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-04-12 23:02 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-12 23:02 . 2010-03-10 15:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-12 23:02 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-12 23:02 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-12 23:02 . 2010-05-02 04:42 -------- d-----w- c:\program files\Spyware Doctor
2010-04-12 23:02 . 2010-04-12 23:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-12 23:02 . 2010-04-12 23:02 -------- d-----w- c:\documents and settings\Richie\Application Data\PC Tools
2010-04-12 23:02 . 2010-04-12 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-12 23:02 . 2010-05-02 04:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-12 22:53 . 2010-04-12 22:53 -------- d-----w- C:\spoolerlogs
2010-04-12 22:53 . 2010-04-13 00:21 -------- d-----w- c:\documents and settings\Richie\Application Data\92082B924A90F598C1F8AE0BB5EA5370
2010-04-11 22:18 . 2010-04-11 22:18 -------- d-----w- c:\documents and settings\Richie\Application Data\AnvSoft
2010-04-11 22:18 . 2010-04-11 22:18 -------- d-----w- c:\program files\AnvSoft
2010-04-11 22:06 . 2010-04-11 22:06 -------- d-----w- c:\program files\Common Files\Common Share
2010-04-11 22:06 . 2008-12-18 17:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-04-11 22:06 . 2008-12-18 17:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-04-11 22:06 . 2008-12-18 17:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-11 22:06 . 2010-04-11 22:06 -------- d-----w- c:\program files\OJOsoft
2010-04-11 18:48 . 2010-04-11 18:48 26694 ----a-r- c:\documents and settings\Richie\Application Data\Microsoft\Installer\{15D9B400-F721-437B-B4A5-4FE2F3F2431E}\BlackBerry.exe
2010-04-11 18:23 . 2010-04-16 14:58 256 ----a-w- c:\windows\system32\pool.bin
2010-04-11 18:23 . 2010-04-11 18:23 -------- d-----w- c:\documents and settings\Richie\Application Data\Research In Motion
2010-04-11 18:23 . 2009-01-09 20:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-04-11 18:22 . 2010-04-11 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-04-11 18:22 . 2010-04-11 18:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-04-11 18:22 . 2010-04-11 18:22 -------- d-----w- c:\program files\Research In Motion
2010-04-11 18:09 . 2008-04-13 15:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-11 18:09 . 2008-04-13 15:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-04-10 19:03 . 2010-04-10 19:03 59904 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\zlib1.dll
2010-04-10 19:03 . 2010-04-10 19:03 507904 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\rcSBridge.dll
2010-04-10 19:03 . 2010-04-10 19:03 126976 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\CAWinExF.dll
2010-04-10 19:03 . 2010-04-10 19:03 421376 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Sharing.Client.dll
2010-04-10 19:03 . 2010-04-10 19:03 29696 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Sharing.Client_rc.dll
2010-04-10 18:59 . 2010-04-10 18:59 544768 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Scripting.Client.dll
2010-04-10 18:59 . 2010-04-10 18:59 22016 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Scripting.Client_rc.dll
2010-04-10 18:58 . 2010-04-11 19:06 70920 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Customer_rc.dll
2010-04-10 18:58 . 2010-04-10 18:58 626440 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Customer.exe
2010-04-10 18:58 . 2010-04-10 18:58 599304 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Controller.exe
2010-04-10 18:58 . 2010-04-10 18:58 353544 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
2010-04-10 18:58 . 2010-04-11 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-04-10 18:58 . 2010-04-10 18:58 632072 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
2010-04-09 20:24 . 2010-04-09 20:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-04-09 20:24 . 2010-04-11 22:03 -------- d-----w- c:\documents and settings\Richie\Local Settings\Application Data\WMTools Downloaded Files
2010-04-09 20:23 . 2010-04-11 21:16 -------- d-----w- c:\documents and settings\Richie\Application Data\Roxio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 14:06 . 2006-04-30 06:55 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-05-02 04:39 . 2010-02-02 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 19:39 . 2010-02-02 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-02-02 16:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 19:23 . 2010-02-02 17:56 -------- d-----w- c:\program files\Google
2010-04-16 14:11 . 2009-08-26 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-14 00:16 . 2009-10-15 18:21 -------- d-----w- c:\program files\MSECache
2010-04-13 17:02 . 2010-02-02 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 01:37 . 2009-07-14 06:13 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-04-11 22:40 . 2009-07-15 07:04 -------- d-----w- c:\documents and settings\Richie\Application Data\vlc
2010-04-11 18:22 . 2009-07-14 06:19 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-27 15:09 . 2010-03-27 15:08 -------- d-----w- c:\program files\Windows Live
2010-03-27 15:09 . 2009-07-14 06:35 -------- d-----w- c:\program files\Windows Live Toolbar
2010-03-27 15:09 . 2010-03-27 15:09 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-03-27 15:08 . 2010-03-27 15:08 -------- d-----w- c:\program files\Microsoft
2010-03-27 15:08 . 2010-03-27 15:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-27 14:57 . 2010-03-27 14:57 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-09 11:09 . 2006-04-30 06:56 430080 ------w- c:\windows\system32\vbscript.dll
2010-03-06 20:15 . 2009-07-14 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-05 13:33 . 2009-07-14 07:51 -------- d-----w- c:\program files\McAfee
2010-02-24 14:16 . 2010-01-30 18:22 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11 . 2006-04-30 06:55 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2006-04-30 06:55 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2006-04-30 06:55 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-04-30 06:56 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 19:18 . 2006-04-30 06:45 319000 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-03 19:21 . 2010-02-03 19:21 388096 ------r- c:\documents and settings\Richie\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-02 18:03 . 2010-02-02 17:27 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-07-14 03:41 . 2009-07-14 03:41 8114720 ------w- c:\program files\Firefox Setup 3.5.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ------w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ------w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-02 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\Richie\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-7-14 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-05-10 14:24 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 07:02 34080 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/12/2010 7:02 PM 217032]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 7:21 PM 19496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 8:50 AM 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [5/10/2008 10:11 AM 1160440]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [5/10/2008 10:24 AM 102400]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/15/2009 3:54 AM 93320]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [7/14/2009 2:23 AM 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 7:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 AM 253952]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [7/14/2009 2:13 AM 475136]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/14/2009 1:49 AM 244368]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]
S1 ajekuqby;ajekuqby;\??\c:\windows\system32\drivers\ajekuqby.sys --> c:\windows\system32\drivers\ajekuqby.sys [?]
S1 aqgwzpbu;aqgwzpbu;\??\c:\windows\system32\drivers\aqgwzpbu.sys --> c:\windows\system32\drivers\aqgwzpbu.sys [?]
S1 awrhbeow;awrhbeow;\??\c:\windows\system32\drivers\awrhbeow.sys --> c:\windows\system32\drivers\awrhbeow.sys [?]
S1 bbfbfmwf;bbfbfmwf;\??\c:\windows\system32\drivers\bbfbfmwf.sys --> c:\windows\system32\drivers\bbfbfmwf.sys [?]
S1 bdiehswv;bdiehswv;\??\c:\windows\system32\drivers\bdiehswv.sys --> c:\windows\system32\drivers\bdiehswv.sys [?]
S1 bdlqtwif;bdlqtwif;\??\c:\windows\system32\drivers\bdlqtwif.sys --> c:\windows\system32\drivers\bdlqtwif.sys [?]
S1 birknpjb;birknpjb;\??\c:\windows\system32\drivers\birknpjb.sys --> c:\windows\system32\drivers\birknpjb.sys [?]
S1 bnowkaid;bnowkaid;\??\c:\windows\system32\drivers\bnowkaid.sys --> c:\windows\system32\drivers\bnowkaid.sys [?]
S1 bnttbctc;bnttbctc;\??\c:\windows\system32\drivers\bnttbctc.sys --> c:\windows\system32\drivers\bnttbctc.sys [?]
S1 brmmwrnm;brmmwrnm;\??\c:\windows\system32\drivers\brmmwrnm.sys --> c:\windows\system32\drivers\brmmwrnm.sys [?]
S1 brmulfpw;brmulfpw;\??\c:\windows\system32\drivers\brmulfpw.sys --> c:\windows\system32\drivers\brmulfpw.sys [?]
S1 bttnavpk;bttnavpk;\??\c:\windows\system32\drivers\bttnavpk.sys --> c:\windows\system32\drivers\bttnavpk.sys [?]
S1 bveekgxe;bveekgxe;\??\c:\windows\system32\drivers\bveekgxe.sys --> c:\windows\system32\drivers\bveekgxe.sys [?]
S1 cinbhlqu;cinbhlqu;\??\c:\windows\system32\drivers\cinbhlqu.sys --> c:\windows\system32\drivers\cinbhlqu.sys [?]
S1 cphemwrw;cphemwrw;\??\c:\windows\system32\drivers\cphemwrw.sys --> c:\windows\system32\drivers\cphemwrw.sys [?]
S1 csuztpvm;csuztpvm;\??\c:\windows\system32\drivers\csuztpvm.sys --> c:\windows\system32\drivers\csuztpvm.sys [?]
S1 csxgikup;csxgikup;\??\c:\windows\system32\drivers\csxgikup.sys --> c:\windows\system32\drivers\csxgikup.sys [?]
S1 cucjrwfn;cucjrwfn;\??\c:\windows\system32\drivers\cucjrwfn.sys --> c:\windows\system32\drivers\cucjrwfn.sys [?]
S1 cvbjhzax;cvbjhzax;\??\c:\windows\system32\drivers\cvbjhzax.sys --> c:\windows\system32\drivers\cvbjhzax.sys [?]
S1 cyyqelau;cyyqelau;\??\c:\windows\system32\drivers\cyyqelau.sys --> c:\windows\system32\drivers\cyyqelau.sys [?]
S1 czmdykwq;czmdykwq;\??\c:\windows\system32\drivers\czmdykwq.sys --> c:\windows\system32\drivers\czmdykwq.sys [?]
S1 dbwrrrsg;dbwrrrsg;\??\c:\windows\system32\drivers\dbwrrrsg.sys --> c:\windows\system32\drivers\dbwrrrsg.sys [?]
S1 deqlvdlf;deqlvdlf;\??\c:\windows\system32\drivers\deqlvdlf.sys --> c:\windows\system32\drivers\deqlvdlf.sys [?]
S1 dmrcicpn;dmrcicpn;\??\c:\windows\system32\drivers\dmrcicpn.sys --> c:\windows\system32\drivers\dmrcicpn.sys [?]
S1 doulmfll;doulmfll;\??\c:\windows\system32\drivers\doulmfll.sys --> c:\windows\system32\drivers\doulmfll.sys [?]
S1 drvaxaai;drvaxaai;\??\c:\windows\system32\drivers\drvaxaai.sys --> c:\windows\system32\drivers\drvaxaai.sys [?]
S1 drzfadmo;drzfadmo;\??\c:\windows\system32\drivers\drzfadmo.sys --> c:\windows\system32\drivers\drzfadmo.sys [?]
S1 dsjsnoje;dsjsnoje;\??\c:\windows\system32\drivers\dsjsnoje.sys --> c:\windows\system32\drivers\dsjsnoje.sys [?]
S1 dusmcymi;dusmcymi;\??\c:\windows\system32\drivers\dusmcymi.sys --> c:\windows\system32\drivers\dusmcymi.sys [?]
S1 dzhquzue;dzhquzue;\??\c:\windows\system32\drivers\dzhquzue.sys --> c:\windows\system32\drivers\dzhquzue.sys [?]
S1 ehrvhjzt;ehrvhjzt;\??\c:\windows\system32\drivers\ehrvhjzt.sys --> c:\windows\system32\drivers\ehrvhjzt.sys [?]
S1 ekuvaxzh;ekuvaxzh;\??\c:\windows\system32\drivers\ekuvaxzh.sys --> c:\windows\system32\drivers\ekuvaxzh.sys [?]
S1 eujabbwm;eujabbwm;\??\c:\windows\system32\drivers\eujabbwm.sys --> c:\windows\system32\drivers\eujabbwm.sys [?]
S1 fabptgcw;fabptgcw;\??\c:\windows\system32\drivers\fabptgcw.sys --> c:\windows\system32\drivers\fabptgcw.sys [?]
S1 felgdqzn;felgdqzn;\??\c:\windows\system32\drivers\felgdqzn.sys --> c:\windows\system32\drivers\felgdqzn.sys [?]
S1 fewnhtdi;fewnhtdi;\??\c:\windows\system32\drivers\fewnhtdi.sys --> c:\windows\system32\drivers\fewnhtdi.sys [?]
S1 fkahehah;fkahehah;\??\c:\windows\system32\drivers\fkahehah.sys --> c:\windows\system32\drivers\fkahehah.sys [?]
S1 fmsyesvi;fmsyesvi;\??\c:\windows\system32\drivers\fmsyesvi.sys --> c:\windows\system32\drivers\fmsyesvi.sys [?]
S1 fooukcaw;fooukcaw;\??\c:\windows\system32\drivers\fooukcaw.sys --> c:\windows\system32\drivers\fooukcaw.sys [?]
S1 frduvekw;frduvekw;\??\c:\windows\system32\drivers\frduvekw.sys --> c:\windows\system32\drivers\frduvekw.sys [?]
S1 frfvmvzs;frfvmvzs;\??\c:\windows\system32\drivers\frfvmvzs.sys --> c:\windows\system32\drivers\frfvmvzs.sys [?]
S1 fzuynigr;fzuynigr;\??\c:\windows\system32\drivers\fzuynigr.sys --> c:\windows\system32\drivers\fzuynigr.sys [?]
S1 gdeucgeh;gdeucgeh;\??\c:\windows\system32\drivers\gdeucgeh.sys --> c:\windows\system32\drivers\gdeucgeh.sys [?]
S1 ggsxiahv;ggsxiahv;\??\c:\windows\system32\drivers\ggsxiahv.sys --> c:\windows\system32\drivers\ggsxiahv.sys [?]
S1 gngzgzss;gngzgzss;\??\c:\windows\system32\drivers\gngzgzss.sys --> c:\windows\system32\drivers\gngzgzss.sys [?]
S1 gotmvsft;gotmvsft;\??\c:\windows\system32\drivers\gotmvsft.sys --> c:\windows\system32\drivers\gotmvsft.sys [?]
S1 gqtzdaed;gqtzdaed;\??\c:\windows\system32\drivers\gqtzdaed.sys --> c:\windows\system32\drivers\gqtzdaed.sys [?]
S1 gskxolin;gskxolin;\??\c:\windows\system32\drivers\gskxolin.sys --> c:\windows\system32\drivers\gskxolin.sys [?]
S1 gysmkgsv;gysmkgsv;\??\c:\windows\system32\drivers\gysmkgsv.sys --> c:\windows\system32\drivers\gysmkgsv.sys [?]
S1 gytepqrb;gytepqrb;\??\c:\windows\system32\drivers\gytepqrb.sys --> c:\windows\system32\drivers\gytepqrb.sys [?]
S1 hiewriuy;hiewriuy;\??\c:\windows\system32\drivers\hiewriuy.sys --> c:\windows\system32\drivers\hiewriuy.sys [?]
S1 hnajdyuh;hnajdyuh;\??\c:\windows\system32\drivers\hnajdyuh.sys --> c:\windows\system32\drivers\hnajdyuh.sys [?]
S1 hqnieoli;hqnieoli;\??\c:\windows\system32\drivers\hqnieoli.sys --> c:\windows\system32\drivers\hqnieoli.sys [?]
S1 hvxqcfve;hvxqcfve;\??\c:\windows\system32\drivers\hvxqcfve.sys --> c:\windows\system32\drivers\hvxqcfve.sys [?]
S1 ihhpqgjs;ihhpqgjs;\??\c:\windows\system32\drivers\ihhpqgjs.sys --> c:\windows\system32\drivers\ihhpqgjs.sys [?]
S1 ikahyrnq;ikahyrnq;\??\c:\windows\system32\drivers\ikahyrnq.sys --> c:\windows\system32\drivers\ikahyrnq.sys [?]
S1 ilbakkpj;ilbakkpj;\??\c:\windows\system32\drivers\ilbakkpj.sys --> c:\windows\system32\drivers\ilbakkpj.sys [?]
S1 iqbnqmjt;iqbnqmjt;\??\c:\windows\system32\drivers\iqbnqmjt.sys --> c:\windows\system32\drivers\iqbnqmjt.sys [?]
S1 iqqcymwp;iqqcymwp;\??\c:\windows\system32\drivers\iqqcymwp.sys --> c:\windows\system32\drivers\iqqcymwp.sys [?]
S1 isrestvi;isrestvi;\??\c:\windows\system32\drivers\isrestvi.sys --> c:\windows\system32\drivers\isrestvi.sys [?]
S1 itqtddni;itqtddni;\??\c:\windows\system32\drivers\itqtddni.sys --> c:\windows\system32\drivers\itqtddni.sys [?]
S1 iulrlxcu;iulrlxcu;\??\c:\windows\system32\drivers\iulrlxcu.sys --> c:\windows\system32\drivers\iulrlxcu.sys [?]
S1 iwweooot;iwweooot;\??\c:\windows\system32\drivers\iwweooot.sys --> c:\windows\system32\drivers\iwweooot.sys [?]
S1 ixldjamc;ixldjamc;\??\c:\windows\system32\drivers\ixldjamc.sys --> c:\windows\system32\drivers\ixldjamc.sys [?]
S1 jligwtut;jligwtut;\??\c:\windows\system32\drivers\jligwtut.sys --> c:\windows\system32\drivers\jligwtut.sys [?]
S1 jmwzkmbg;jmwzkmbg;\??\c:\windows\system32\drivers\jmwzkmbg.sys --> c:\windows\system32\drivers\jmwzkmbg.sys [?]
S1 jxpuwuiv;jxpuwuiv;\??\c:\windows\system32\drivers\jxpuwuiv.sys --> c:\windows\system32\drivers\jxpuwuiv.sys [?]
S1 jzdqfvdr;jzdqfvdr;\??\c:\windows\system32\drivers\jzdqfvdr.sys --> c:\windows\system32\drivers\jzdqfvdr.sys [?]
S1 kcxeplgg;kcxeplgg;\??\c:\windows\system32\drivers\kcxeplgg.sys --> c:\windows\system32\drivers\kcxeplgg.sys [?]
S1 kenbhfyy;kenbhfyy;\??\c:\windows\system32\drivers\kenbhfyy.sys --> c:\windows\system32\drivers\kenbhfyy.sys [?]
S1 kfmgtjwt;kfmgtjwt;\??\c:\windows\system32\drivers\kfmgtjwt.sys --> c:\windows\system32\drivers\kfmgtjwt.sys [?]
S1 kjlkciwm;kjlkciwm;\??\c:\windows\system32\drivers\kjlkciwm.sys --> c:\windows\system32\drivers\kjlkciwm.sys [?]
S1 kqyxrqyg;kqyxrqyg;\??\c:\windows\system32\drivers\kqyxrqyg.sys --> c:\windows\system32\drivers\kqyxrqyg.sys [?]
S1 kscfxgof;kscfxgof;\??\c:\windows\system32\drivers\kscfxgof.sys --> c:\windows\system32\drivers\kscfxgof.sys [?]
S1 lcssdlff;lcssdlff;\??\c:\windows\system32\drivers\lcssdlff.sys --> c:\windows\system32\drivers\lcssdlff.sys [?]
S1 lltqgclq;lltqgclq;\??\c:\windows\system32\drivers\lltqgclq.sys --> c:\windows\system32\drivers\lltqgclq.sys [?]
S1 lryfhbbc;lryfhbbc;\??\c:\windows\system32\drivers\lryfhbbc.sys --> c:\windows\system32\drivers\lryfhbbc.sys [?]
S1 lvduueic;lvduueic;\??\c:\windows\system32\drivers\lvduueic.sys --> c:\windows\system32\drivers\lvduueic.sys [?]
S1 mawizavq;mawizavq;\??\c:\windows\system32\drivers\mawizavq.sys --> c:\windows\system32\drivers\mawizavq.sys [?]
S1 mmwlsemk;mmwlsemk;\??\c:\windows\system32\drivers\mmwlsemk.sys --> c:\windows\system32\drivers\mmwlsemk.sys [?]
S1 MpKsl7f69b72b;MpKsl7f69b72b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKsl7f69b72b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKsl7f69b72b.sys [?]
S1 MpKsl82a1df20;MpKsl82a1df20;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKsl82a1df20.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKsl82a1df20.sys [?]
S1 MpKslaa9937f3;MpKslaa9937f3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKslaa9937f3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKslaa9937f3.sys [?]
S1 mqfwuhwa;mqfwuhwa;\??\c:\windows\system32\drivers\mqfwuhwa.sys --> c:\windows\system32\drivers\mqfwuhwa.sys [?]
S1 mvcraepm;mvcraepm;\??\c:\windows\system32\drivers\mvcraepm.sys --> c:\windows\system32\drivers\mvcraepm.sys [?]
S1 nceqinuu;nceqinuu;\??\c:\windows\system32\drivers\nceqinuu.sys --> c:\windows\system32\drivers\nceqinuu.sys [?]
S1 nednpbzf;nednpbzf;\??\c:\windows\system32\drivers\nednpbzf.sys --> c:\windows\system32\drivers\nednpbzf.sys [?]
S1 nnrqwkzv;nnrqwkzv;\??\c:\windows\system32\drivers\nnrqwkzv.sys --> c:\windows\system32\drivers\nnrqwkzv.sys [?]
S1 nnvgcspn;nnvgcspn;\??\c:\windows\system32\drivers\nnvgcspn.sys --> c:\windows\system32\drivers\nnvgcspn.sys [?]
S1 npnyldeb;npnyldeb;\??\c:\windows\system32\drivers\npnyldeb.sys --> c:\windows\system32\drivers\npnyldeb.sys [?]
S1 nwnvkoeg;nwnvkoeg;\??\c:\windows\system32\drivers\nwnvkoeg.sys --> c:\windows\system32\drivers\nwnvkoeg.sys [?]
S1 oehzyekc;oehzyekc;\??\c:\windows\system32\drivers\oehzyekc.sys --> c:\windows\system32\drivers\oehzyekc.sys [?]
S1 ooprhrhq;ooprhrhq;\??\c:\windows\system32\drivers\ooprhrhq.sys --> c:\windows\system32\drivers\ooprhrhq.sys [?]
S1 oqjkyikj;oqjkyikj;\??\c:\windows\system32\drivers\oqjkyikj.sys --> c:\windows\system32\drivers\oqjkyikj.sys [?]
S1 oqyuxshg;oqyuxshg;\??\c:\windows\system32\drivers\oqyuxshg.sys --> c:\windows\system32\drivers\oqyuxshg.sys [?]
S1 orzwoucx;orzwoucx;\??\c:\windows\system32\drivers\orzwoucx.sys --> c:\windows\system32\drivers\orzwoucx.sys [?]
S1 osmboctq;osmboctq;\??\c:\windows\system32\drivers\osmboctq.sys --> c:\windows\system32\drivers\osmboctq.sys [?]
S1 oxthkngb;oxthkngb;\??\c:\windows\system32\drivers\oxthkngb.sys --> c:\windows\system32\drivers\oxthkngb.sys [?]
S1 pcfjnwbx;pcfjnwbx;\??\c:\windows\system32\drivers\pcfjnwbx.sys --> c:\windows\system32\drivers\pcfjnwbx.sys [?]
S1 pcjylzso;pcjylzso;\??\c:\windows\system32\drivers\pcjylzso.sys --> c:\windows\system32\drivers\pcjylzso.sys [?]
S1 pexiuoja;pexiuoja;\??\c:\windows\system32\drivers\pexiuoja.sys --> c:\windows\system32\drivers\pexiuoja.sys [?]
S1 pfoyeaeo;pfoyeaeo;\??\c:\windows\system32\drivers\pfoyeaeo.sys --> c:\windows\system32\drivers\pfoyeaeo.sys [?]
S1 pgesbdhr;pgesbdhr;\??\c:\windows\system32\drivers\pgesbdhr.sys --> c:\windows\system32\drivers\pgesbdhr.sys [?]
S1 pholiyiw;pholiyiw;\??\c:\windows\system32\drivers\pholiyiw.sys --> c:\windows\system32\drivers\pholiyiw.sys [?]
S1 pibsnwcy;pibsnwcy;\??\c:\windows\system32\drivers\pibsnwcy.sys --> c:\windows\system32\drivers\pibsnwcy.sys [?]
S1 pjwtzspg;pjwtzspg;\??\c:\windows\system32\drivers\pjwtzspg.sys --> c:\windows\system32\drivers\pjwtzspg.sys [?]
S1 pkaskegb;pkaskegb;\??\c:\windows\system32\drivers\pkaskegb.sys --> c:\windows\system32\drivers\pkaskegb.sys [?]
S1 qfqifvrp;qfqifvrp;\??\c:\windows\system32\drivers\qfqifvrp.sys --> c:\windows\system32\drivers\qfqifvrp.sys [?]
S1 qlatxlsk;qlatxlsk;\??\c:\windows\system32\drivers\qlatxlsk.sys --> c:\windows\system32\drivers\qlatxlsk.sys [?]
S1 qljimtza;qljimtza;\??\c:\windows\system32\drivers\qljimtza.sys --> c:\windows\system32\drivers\qljimtza.sys [?]
S1 qpkisscr;qpkisscr;\??\c:\windows\system32\drivers\qpkisscr.sys --> c:\windows\system32\drivers\qpkisscr.sys [?]
S1 qrszhzxd;qrszhzxd;\??\c:\windows\system32\drivers\qrszhzxd.sys --> c:\windows\system32\drivers\qrszhzxd.sys [?]
S1 qwdnpngf;qwdnpngf;\??\c:\windows\system32\drivers\qwdnpngf.sys --> c:\windows\system32\drivers\qwdnpngf.sys [?]
S1 raewkzmo;raewkzmo;\??\c:\windows\system32\drivers\raewkzmo.sys --> c:\windows\system32\drivers\raewkzmo.sys [?]
S1 rcovaivr;rcovaivr;\??\c:\windows\system32\drivers\rcovaivr.sys --> c:\windows\system32\drivers\rcovaivr.sys [?]
S1 rjizsazo;rjizsazo;\??\c:\windows\system32\drivers\rjizsazo.sys --> c:\windows\system32\drivers\rjizsazo.sys [?]
S1 rojdpdlt;rojdpdlt;\??\c:\windows\system32\drivers\rojdpdlt.sys --> c:\windows\system32\drivers\rojdpdlt.sys [?]
S1 rorcmyjo;rorcmyjo;\??\c:\windows\system32\drivers\rorcmyjo.sys --> c:\windows\system32\drivers\rorcmyjo.sys [?]
S1 rpftpnde;rpftpnde;\??\c:\windows\system32\drivers\rpftpnde.sys --> c:\windows\system32\drivers\rpftpnde.sys [?]
S1 sblrfmsq;sblrfmsq;\??\c:\windows\system32\drivers\sblrfmsq.sys --> c:\windows\system32\drivers\sblrfmsq.sys [?]
S1 szccpdgo;szccpdgo;\??\c:\windows\system32\drivers\szccpdgo.sys --> c:\windows\system32\drivers\szccpdgo.sys [?]
S1 tbcbocal;tbcbocal;\??\c:\windows\system32\drivers\tbcbocal.sys --> c:\windows\system32\drivers\tbcbocal.sys [?]
S1 tfxxdxnh;tfxxdxnh;\??\c:\windows\system32\drivers\tfxxdxnh.sys --> c:\windows\system32\drivers\tfxxdxnh.sys [?]
S1 tgiqulhi;tgiqulhi;\??\c:\windows\system32\drivers\tgiqulhi.sys --> c:\windows\system32\drivers\tgiqulhi.sys [?]
S1 tgjpzllr;tgjpzllr;\??\c:\windows\system32\drivers\tgjpzllr.sys --> c:\windows\system32\drivers\tgjpzllr.sys [?]
S1 tiilnkan;tiilnkan;\??\c:\windows\system32\drivers\tiilnkan.sys --> c:\windows\system32\drivers\tiilnkan.sys [?]
S1 tpstdguh;tpstdguh;\??\c:\windows\system32\drivers\tpstdguh.sys --> c:\windows\system32\drivers\tpstdguh.sys [?]
S1 tpzgszuv;tpzgszuv;\??\c:\windows\system32\drivers\tpzgszuv.sys --> c:\windows\system32\drivers\tpzgszuv.sys [?]
S1 tqlenjqi;tqlenjqi;\??\c:\windows\system32\drivers\tqlenjqi.sys --> c:\windows\system32\drivers\tqlenjqi.sys [?]
S1 ttiqwunn;ttiqwunn;\??\c:\windows\system32\drivers\ttiqwunn.sys --> c:\windows\system32\drivers\ttiqwunn.sys [?]
S1 ttlyewzo;ttlyewzo;\??\c:\windows\system32\drivers\ttlyewzo.sys --> c:\windows\system32\drivers\ttlyewzo.sys [?]
S1 uafcjtev;uafcjtev;\??\c:\windows\system32\drivers\uafcjtev.sys --> c:\windows\system32\drivers\uafcjtev.sys [?]
S1 udmwozpn;udmwozpn;\??\c:\windows\system32\drivers\udmwozpn.sys --> c:\windows\system32\drivers\udmwozpn.sys [?]
S1 udoqjzvw;udoqjzvw;\??\c:\windows\system32\drivers\udoqjzvw.sys --> c:\windows\system32\drivers\udoqjzvw.sys [?]
S1 ujcycmsg;ujcycmsg;\??\c:\windows\system32\drivers\ujcycmsg.sys --> c:\windows\system32\drivers\ujcycmsg.sys [?]
S1 uydgabfj;uydgabfj;\??\c:\windows\system32\drivers\uydgabfj.sys --> c:\windows\system32\drivers\uydgabfj.sys [?]
S1 vlsjqmcx;vlsjqmcx;\??\c:\windows\system32\drivers\vlsjqmcx.sys --> c:\windows\system32\drivers\vlsjqmcx.sys [?]
S1 vnoqrrjn;vnoqrrjn;\??\c:\windows\system32\drivers\vnoqrrjn.sys --> c:\windows\system32\drivers\vnoqrrjn.sys [?]
S1 vpkxopsu;vpkxopsu;\??\c:\windows\system32\drivers\vpkxopsu.sys --> c:\windows\system32\drivers\vpkxopsu.sys [?]
S1 vtykehsx;vtykehsx;\??\c:\windows\system32\drivers\vtykehsx.sys --> c:\windows\system32\drivers\vtykehsx.sys [?]
S1 vwzahfzo;vwzahfzo;\??\c:\windows\system32\drivers\vwzahfzo.sys --> c:\windows\system32\drivers\vwzahfzo.sys [?]
S1 wptkuprl;wptkuprl;\??\c:\windows\system32\drivers\wptkuprl.sys --> c:\windows\system32\drivers\wptkuprl.sys [?]
S1 wqaailcp;wqaailcp;\??\c:\windows\system32\drivers\wqaailcp.sys --> c:\windows\system32\drivers\wqaailcp.sys [?]
S1 wrsxekps;wrsxekps;\??\c:\windows\system32\drivers\wrsxekps.sys --> c:\windows\system32\drivers\wrsxekps.sys [?]
S1 wulhhqil;wulhhqil;\??\c:\windows\system32\drivers\wulhhqil.sys --> c:\windows\system32\drivers\wulhhqil.sys [?]
S1 wveqecvn;wveqecvn;\??\c:\windows\system32\drivers\wveqecvn.sys --> c:\windows\system32\drivers\wveqecvn.sys [?]
S1 wwppxmrh;wwppxmrh;\??\c:\windows\system32\drivers\wwppxmrh.sys --> c:\windows\system32\drivers\wwppxmrh.sys [?]
S1 xhahtimq;xhahtimq;\??\c:\windows\system32\drivers\xhahtimq.sys --> c:\windows\system32\drivers\xhahtimq.sys [?]
S1 xmjgable;xmjgable;\??\c:\windows\system32\drivers\xmjgable.sys --> c:\windows\system32\drivers\xmjgable.sys [?]
S1 xzzjpskq;xzzjpskq;\??\c:\windows\system32\drivers\xzzjpskq.sys --> c:\windows\system32\drivers\xzzjpskq.sys [?]
S1 yjzbzlju;yjzbzlju;\??\c:\windows\system32\drivers\yjzbzlju.sys --> c:\windows\system32\drivers\yjzbzlju.sys [?]
S1 ymxwnyzx;ymxwnyzx;\??\c:\windows\system32\drivers\ymxwnyzx.sys --> c:\windows\system32\drivers\ymxwnyzx.sys [?]
S1 yohexnix;yohexnix;\??\c:\windows\system32\drivers\yohexnix.sys --> c:\windows\system32\drivers\yohexnix.sys [?]
S1 yowcnfdj;yowcnfdj;\??\c:\windows\system32\drivers\yowcnfdj.sys --> c:\windows\system32\drivers\yowcnfdj.sys [?]
S1 zauubkcp;zauubkcp;\??\c:\windows\system32\drivers\zauubkcp.sys --> c:\windows\system32\drivers\zauubkcp.sys [?]
S1 zbhlorey;zbhlorey;\??\c:\windows\system32\drivers\zbhlorey.sys --> c:\windows\system32\drivers\zbhlorey.sys [?]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/12/2010 7:02 PM 366840]
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005Core.job
- c:\documents and settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 20:27]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005UA.job
- c:\documents and settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 20:27]

2009-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-14 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-14 17:22]

2010-05-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-04-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-07-14 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Richie\Application Data\Mozilla\Firefox\Profiles\ewlac0ql.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Richie\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys
SafeBoot-MsMpSvc
MSConfigStartUp-davclnt - c:\docume~1\Richie\LOCALS~1\Temp\davclnt.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-02 11:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2010-05-02 11:18:24
ComboFix-quarantined-files.txt 2010-05-02 15:18
ComboFix2.txt 2010-02-10 19:45

Pre-Run: 104,059,297,792 bytes free
Post-Run: 104,220,893,184 bytes free

- - End Of File - - E9214876894F78C568EDA7D26D0BB6BB

#13
RKinner

Posted 02 May 2010 - 06:24 PM

Malware Expert

Expert
24,625 posts

Copy the text between the lines of stars by highlighting (click once at the beginning and then scroll to the end. Hold the Shift key down and click at the end) and Ctrl + c.

******************************************

Killall:

File::
c:\windows\system32\drivers\ajekuqby.sys
c:\windows\system32\drivers\aqgwzpbu.sys
c:\windows\system32\drivers\awrhbeow.sys
c:\windows\system32\drivers\bbfbfmwf.sys
c:\windows\system32\drivers\bdiehswv.sys
c:\windows\system32\drivers\bdlqtwif.sys
c:\windows\system32\drivers\birknpjb.sys
c:\windows\system32\drivers\bnowkaid.sys
c:\windows\system32\drivers\bnttbctc.sys
c:\windows\system32\drivers\brmmwrnm.sys
c:\windows\system32\drivers\brmulfpw.sys
c:\windows\system32\drivers\bttnavpk.sys
c:\windows\system32\drivers\bveekgxe.sys
c:\windows\system32\drivers\cinbhlqu.sys
c:\windows\system32\drivers\cphemwrw.sys
c:\windows\system32\drivers\csuztpvm.sys
c:\windows\system32\drivers\csxgikup.sys
c:\windows\system32\drivers\cucjrwfn.sys
c:\windows\system32\drivers\cvbjhzax.sys
c:\windows\system32\drivers\cyyqelau.sys
c:\windows\system32\drivers\czmdykwq.sys
c:\windows\system32\drivers\dbwrrrsg.sys
c:\windows\system32\drivers\deqlvdlf.sys
c:\windows\system32\drivers\dmrcicpn.sys
c:\windows\system32\drivers\doulmfll.sys
c:\windows\system32\drivers\drvaxaai.sys
c:\windows\system32\drivers\drzfadmo.sys
c:\windows\system32\drivers\dsjsnoje.sys
c:\windows\system32\drivers\dusmcymi.sys
c:\windows\system32\drivers\dzhquzue.sys
c:\windows\system32\drivers\ehrvhjzt.sys
c:\windows\system32\drivers\ekuvaxzh.sys
c:\windows\system32\drivers\eujabbwm.sys
c:\windows\system32\drivers\fabptgcw.sys
c:\windows\system32\drivers\felgdqzn.sys
c:\windows\system32\drivers\fewnhtdi.sys
c:\windows\system32\drivers\fkahehah.sys
c:\windows\system32\drivers\fmsyesvi.sys
c:\windows\system32\drivers\fooukcaw.sys
c:\windows\system32\drivers\frduvekw.sys
c:\windows\system32\drivers\frfvmvzs.sys
c:\windows\system32\drivers\fzuynigr.sys
c:\windows\system32\drivers\gdeucgeh.sys
c:\windows\system32\drivers\ggsxiahv.sys
c:\windows\system32\drivers\gngzgzss.sys
c:\windows\system32\drivers\gotmvsft.sys
c:\windows\system32\drivers\gqtzdaed.sys
c:\windows\system32\drivers\gskxolin.sys
c:\windows\system32\drivers\gysmkgsv.sys
c:\windows\system32\drivers\gytepqrb.sys
c:\windows\system32\drivers\hiewriuy.sys
c:\windows\system32\drivers\hnajdyuh.sys
c:\windows\system32\drivers\hqnieoli.sys
c:\windows\system32\drivers\hvxqcfve.sys
c:\windows\system32\drivers\ihhpqgjs.sys
c:\windows\system32\drivers\ikahyrnq.sys
c:\windows\system32\drivers\ilbakkpj.sys
c:\windows\system32\drivers\iqbnqmjt.sys
c:\windows\system32\drivers\iqqcymwp.sys
c:\windows\system32\drivers\isrestvi.sys
c:\windows\system32\drivers\itqtddni.sys
c:\windows\system32\drivers\iulrlxcu.sys
c:\windows\system32\drivers\iwweooot.sys
c:\windows\system32\drivers\ixldjamc.sys
c:\windows\system32\drivers\jligwtut.sys
c:\windows\system32\drivers\jmwzkmbg.sys
c:\windows\system32\drivers\jxpuwuiv.sys
c:\windows\system32\drivers\jzdqfvdr.sys
c:\windows\system32\drivers\kcxeplgg.sys
c:\windows\system32\drivers\kenbhfyy.sys
c:\windows\system32\drivers\kfmgtjwt.sys
c:\windows\system32\drivers\kjlkciwm.sys
c:\windows\system32\drivers\kqyxrqyg.sys
c:\windows\system32\drivers\kscfxgof.sys
c:\windows\system32\drivers\lcssdlff.sys
c:\windows\system32\drivers\lltqgclq.sys
c:\windows\system32\drivers\lryfhbbc.sys
c:\windows\system32\drivers\lvduueic.sys
c:\windows\system32\drivers\mawizavq.sys
c:\windows\system32\drivers\mmwlsemk.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKsl7f69b72b.sys

c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKsl82a1df20.sys
c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKslaa9937f3.sys
c:\windows\system32\drivers\mqfwuhwa.sys
c:\windows\system32\drivers\mvcraepm.sys
c:\windows\system32\drivers\nceqinuu.sys
c:\windows\system32\drivers\nednpbzf.sys
c:\windows\system32\drivers\nnrqwkzv.sys
c:\windows\system32\drivers\nnvgcspn.sys
c:\windows\system32\drivers\npnyldeb.sys
c:\windows\system32\drivers\nwnvkoeg.sys
c:\windows\system32\drivers\oehzyekc.sys
c:\windows\system32\drivers\ooprhrhq.sys
c:\windows\system32\drivers\oqjkyikj.sys
c:\windows\system32\drivers\oqyuxshg.sys
c:\windows\system32\drivers\orzwoucx.sys
c:\windows\system32\drivers\osmboctq.sys
c:\windows\system32\drivers\oxthkngb.sys
c:\windows\system32\drivers\pcfjnwbx.sys
c:\windows\system32\drivers\pcjylzso.sys
c:\windows\system32\drivers\pexiuoja.sys
c:\windows\system32\drivers\pfoyeaeo.sys
c:\windows\system32\drivers\pgesbdhr.sys
c:\windows\system32\drivers\pholiyiw.sys
c:\windows\system32\drivers\pibsnwcy.sys
c:\windows\system32\drivers\pjwtzspg.sys
c:\windows\system32\drivers\pkaskegb.sys
c:\windows\system32\drivers\qfqifvrp.sys
c:\windows\system32\drivers\qlatxlsk.sys
c:\windows\system32\drivers\qljimtza.sys
c:\windows\system32\drivers\qpkisscr.sys
c:\windows\system32\drivers\qrszhzxd.sys
c:\windows\system32\drivers\qwdnpngf.sys
c:\windows\system32\drivers\raewkzmo.sys
c:\windows\system32\drivers\rcovaivr.sys
c:\windows\system32\drivers\rjizsazo.sys
c:\windows\system32\drivers\rojdpdlt.sys
c:\windows\system32\drivers\rorcmyjo.sys
c:\windows\system32\drivers\rpftpnde.sys
c:\windows\system32\drivers\sblrfmsq.sys
c:\windows\system32\drivers\szccpdgo.sys
c:\windows\system32\drivers\tbcbocal.sys
c:\windows\system32\drivers\tfxxdxnh.sys
c:\windows\system32\drivers\tgiqulhi.sys
c:\windows\system32\drivers\tgjpzllr.sys
c:\windows\system32\drivers\tiilnkan.sys
c:\windows\system32\drivers\tpstdguh.sys
c:\windows\system32\drivers\tpzgszuv.sys
c:\windows\system32\drivers\tqlenjqi.sys
c:\windows\system32\drivers\ttiqwunn.sys
c:\windows\system32\drivers\ttlyewzo.sys
c:\windows\system32\drivers\uafcjtev.sys
c:\windows\system32\drivers\udmwozpn.sys
c:\windows\system32\drivers\udoqjzvw.sys
c:\windows\system32\drivers\ujcycmsg.sys
c:\windows\system32\drivers\uydgabfj.sys
c:\windows\system32\drivers\vlsjqmcx.sys
c:\windows\system32\drivers\vnoqrrjn.sys
c:\windows\system32\drivers\vpkxopsu.sys
c:\windows\system32\drivers\vtykehsx.sys
c:\windows\system32\drivers\vwzahfzo.sys
c:\windows\system32\drivers\wptkuprl.sys
c:\windows\system32\drivers\wqaailcp.sys
c:\windows\system32\drivers\wrsxekps.sys
c:\windows\system32\drivers\wulhhqil.sys
c:\windows\system32\drivers\wveqecvn.sys
c:\windows\system32\drivers\wwppxmrh.sys
c:\windows\system32\drivers\xhahtimq.sys
c:\windows\system32\drivers\xmjgable.sys
c:\windows\system32\drivers\xzzjpskq.sys
c:\windows\system32\drivers\yjzbzlju.sys
c:\windows\system32\drivers\ymxwnyzx.sys
c:\windows\system32\drivers\yohexnix.sys
c:\windows\system32\drivers\yowcnfdj.sys
c:\windows\system32\drivers\zauubkcp.sys
c:\windows\system32\drivers\zbhlorey.sys
c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe

Driver::
ajekuqby
aqgwzpbu
awrhbeow
bbfbfmwf
bdiehswv
bdlqtwif
birknpjb
bnowkaid
bnttbctc
brmmwrnm
brmulfpw
bttnavpk
bveekgxe
cinbhlqu
cphemwrw
csuztpvm
csxgikup
cucjrwfn
cvbjhzax
cyyqelau
czmdykwq
dbwrrrsg
deqlvdlf
dmrcicpn
doulmfll
drvaxaai
drzfadmo
dsjsnoje
dusmcymi
dzhquzue
ehrvhjzt
ekuvaxzh
eujabbwm
fabptgcw
felgdqzn
fewnhtdi
fkahehah
fmsyesvi
fooukcaw
frduvekw
frfvmvzs
fzuynigr
gdeucgeh
ggsxiahv
gngzgzss
gotmvsft
gqtzdaed
gskxolin
gysmkgsv
gytepqrb
hiewriuy
hnajdyuh
hqnieoli
hvxqcfve
ihhpqgjs
ikahyrnq
ilbakkpj
iqbnqmjt
iqqcymwp
isrestvi
itqtddni
iulrlxcu
iwweooot
ixldjamc
jligwtut
jmwzkmbg
jxpuwuiv
jzdqfvdr
kcxeplgg
kenbhfyy
kfmgtjwt
kjlkciwm
kqyxrqyg
kscfxgof
lcssdlff
lltqgclq
lryfhbbc
lvduueic
mawizavq
mmwlsemk
MpKsl7f69b72b
MpKsl82a1df20
MpKslaa9937f3
mqfwuhwa
mvcraepm
nceqinuu
nednpbzf
nnrqwkzv
nnvgcspn
npnyldeb
nwnvkoeg
oehzyekc
ooprhrhq
oqjkyikj
oqyuxshg
orzwoucx
osmboctq
oxthkngb
pcfjnwbx
pcjylzso
pexiuoja
pfoyeaeo
pgesbdhr
pholiyiw
pibsnwcy
pjwtzspg
pkaskegb
qfqifvrp
qlatxlsk
qljimtza
qpkisscr
qrszhzxd
qwdnpngf
raewkzmo
rcovaivr
rjizsazo
rojdpdlt
rorcmyjo
rpftpnde
sblrfmsq
szccpdgo
tbcbocal
tfxxdxnh
tgiqulhi
tgjpzllr
tiilnkan
tpstdguh
tpzgszuv
tqlenjqi
ttiqwunn
ttlyewzo
uafcjtev
udmwozpn
udoqjzvw
ujcycmsg
uydgabfj
vlsjqmcx
vnoqrrjn
vpkxopsu
vtykehsx
vwzahfzo
wptkuprl
wqaailcp
wrsxekps
wulhhqil
wveqecvn
wwppxmrh
xhahtimq
xmjgable
xzzjpskq
yjzbzlju
ymxwnyzx
yohexnix
yowcnfdj
zauubkcp
zbhlorey
SessionLauncher

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK.

Close notepad. You should see a file CFScript.txt on your desktop.

Turn off your anti-virus.

Drag CFScript.txt over to george and let it start as before.

Post the new log.

Ron

#14
rapsfan

Posted 03 May 2010 - 09:57 PM

New Member

Topic Starter
Member
8 posts

Hey Ron, here's the latest log. Everything seems to be working fantastically. Is there anything else I should be on the lookout for? Once again, thank you so much for helping me. I never knew it could actually fix these problems - I am incredibly indebted to you for this. Truly.

ComboFix 10-05-01.04 - Richie 05/03/2010 23:32:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1348 [GMT -4:00]
Running from: c:\documents and settings\Richie\Desktop\george.exe
Command switches used :: c:\documents and settings\Richie\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKsl7f69b72b.sys"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKsl82a1df20.sys"
"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4BC2397A-8C19-4B9A-9FBA-F89870DBD771}\MpKslaa9937f3.sys"
"c:\windows\system32\drivers\ajekuqby.sys"
"c:\windows\system32\drivers\aqgwzpbu.sys"
"c:\windows\system32\drivers\awrhbeow.sys"
"c:\windows\system32\drivers\bbfbfmwf.sys"
"c:\windows\system32\drivers\bdiehswv.sys"
"c:\windows\system32\drivers\bdlqtwif.sys"
"c:\windows\system32\drivers\birknpjb.sys"
"c:\windows\system32\drivers\bnowkaid.sys"
"c:\windows\system32\drivers\bnttbctc.sys"
"c:\windows\system32\drivers\brmmwrnm.sys"
"c:\windows\system32\drivers\brmulfpw.sys"
"c:\windows\system32\drivers\bttnavpk.sys"
"c:\windows\system32\drivers\bveekgxe.sys"
"c:\windows\system32\drivers\cinbhlqu.sys"
"c:\windows\system32\drivers\cphemwrw.sys"
"c:\windows\system32\drivers\csuztpvm.sys"
"c:\windows\system32\drivers\csxgikup.sys"
"c:\windows\system32\drivers\cucjrwfn.sys"
"c:\windows\system32\drivers\cvbjhzax.sys"
"c:\windows\system32\drivers\cyyqelau.sys"
"c:\windows\system32\drivers\czmdykwq.sys"
"c:\windows\system32\drivers\dbwrrrsg.sys"
"c:\windows\system32\drivers\deqlvdlf.sys"
"c:\windows\system32\drivers\dmrcicpn.sys"
"c:\windows\system32\drivers\doulmfll.sys"
"c:\windows\system32\drivers\drvaxaai.sys"
"c:\windows\system32\drivers\drzfadmo.sys"
"c:\windows\system32\drivers\dsjsnoje.sys"
"c:\windows\system32\drivers\dusmcymi.sys"
"c:\windows\system32\drivers\dzhquzue.sys"
"c:\windows\system32\drivers\ehrvhjzt.sys"
"c:\windows\system32\drivers\ekuvaxzh.sys"
"c:\windows\system32\drivers\eujabbwm.sys"
"c:\windows\system32\drivers\fabptgcw.sys"
"c:\windows\system32\drivers\felgdqzn.sys"
"c:\windows\system32\drivers\fewnhtdi.sys"
"c:\windows\system32\drivers\fkahehah.sys"
"c:\windows\system32\drivers\fmsyesvi.sys"
"c:\windows\system32\drivers\fooukcaw.sys"
"c:\windows\system32\drivers\frduvekw.sys"
"c:\windows\system32\drivers\frfvmvzs.sys"
"c:\windows\system32\drivers\fzuynigr.sys"
"c:\windows\system32\drivers\gdeucgeh.sys"
"c:\windows\system32\drivers\ggsxiahv.sys"
"c:\windows\system32\drivers\gngzgzss.sys"
"c:\windows\system32\drivers\gotmvsft.sys"
"c:\windows\system32\drivers\gqtzdaed.sys"
"c:\windows\system32\drivers\gskxolin.sys"
"c:\windows\system32\drivers\gysmkgsv.sys"
"c:\windows\system32\drivers\gytepqrb.sys"
"c:\windows\system32\drivers\hiewriuy.sys"
"c:\windows\system32\drivers\hnajdyuh.sys"
"c:\windows\system32\drivers\hqnieoli.sys"
"c:\windows\system32\drivers\hvxqcfve.sys"
"c:\windows\system32\drivers\ihhpqgjs.sys"
"c:\windows\system32\drivers\ikahyrnq.sys"
"c:\windows\system32\drivers\ilbakkpj.sys"
"c:\windows\system32\drivers\iqbnqmjt.sys"
"c:\windows\system32\drivers\iqqcymwp.sys"
"c:\windows\system32\drivers\isrestvi.sys"
"c:\windows\system32\drivers\itqtddni.sys"
"c:\windows\system32\drivers\iulrlxcu.sys"
"c:\windows\system32\drivers\iwweooot.sys"
"c:\windows\system32\drivers\ixldjamc.sys"
"c:\windows\system32\drivers\jligwtut.sys"
"c:\windows\system32\drivers\jmwzkmbg.sys"
"c:\windows\system32\drivers\jxpuwuiv.sys"
"c:\windows\system32\drivers\jzdqfvdr.sys"
"c:\windows\system32\drivers\kcxeplgg.sys"
"c:\windows\system32\drivers\kenbhfyy.sys"
"c:\windows\system32\drivers\kfmgtjwt.sys"
"c:\windows\system32\drivers\kjlkciwm.sys"
"c:\windows\system32\drivers\kqyxrqyg.sys"
"c:\windows\system32\drivers\kscfxgof.sys"
"c:\windows\system32\drivers\lcssdlff.sys"
"c:\windows\system32\drivers\lltqgclq.sys"
"c:\windows\system32\drivers\lryfhbbc.sys"
"c:\windows\system32\drivers\lvduueic.sys"
"c:\windows\system32\drivers\mawizavq.sys"
"c:\windows\system32\drivers\mmwlsemk.sys"
"c:\windows\system32\drivers\mqfwuhwa.sys"
"c:\windows\system32\drivers\mvcraepm.sys"
"c:\windows\system32\drivers\nceqinuu.sys"
"c:\windows\system32\drivers\nednpbzf.sys"
"c:\windows\system32\drivers\nnrqwkzv.sys"
"c:\windows\system32\drivers\nnvgcspn.sys"
"c:\windows\system32\drivers\npnyldeb.sys"
"c:\windows\system32\drivers\nwnvkoeg.sys"
"c:\windows\system32\drivers\oehzyekc.sys"
"c:\windows\system32\drivers\ooprhrhq.sys"
"c:\windows\system32\drivers\oqjkyikj.sys"
"c:\windows\system32\drivers\oqyuxshg.sys"
"c:\windows\system32\drivers\orzwoucx.sys"
"c:\windows\system32\drivers\osmboctq.sys"
"c:\windows\system32\drivers\oxthkngb.sys"
"c:\windows\system32\drivers\pcfjnwbx.sys"
"c:\windows\system32\drivers\pcjylzso.sys"
"c:\windows\system32\drivers\pexiuoja.sys"
"c:\windows\system32\drivers\pfoyeaeo.sys"
"c:\windows\system32\drivers\pgesbdhr.sys"
"c:\windows\system32\drivers\pholiyiw.sys"
"c:\windows\system32\drivers\pibsnwcy.sys"
"c:\windows\system32\drivers\pjwtzspg.sys"
"c:\windows\system32\drivers\pkaskegb.sys"
"c:\windows\system32\drivers\qfqifvrp.sys"
"c:\windows\system32\drivers\qlatxlsk.sys"
"c:\windows\system32\drivers\qljimtza.sys"
"c:\windows\system32\drivers\qpkisscr.sys"
"c:\windows\system32\drivers\qrszhzxd.sys"
"c:\windows\system32\drivers\qwdnpngf.sys"
"c:\windows\system32\drivers\raewkzmo.sys"
"c:\windows\system32\drivers\rcovaivr.sys"
"c:\windows\system32\drivers\rjizsazo.sys"
"c:\windows\system32\drivers\rojdpdlt.sys"
"c:\windows\system32\drivers\rorcmyjo.sys"
"c:\windows\system32\drivers\rpftpnde.sys"
"c:\windows\system32\drivers\sblrfmsq.sys"
"c:\windows\system32\drivers\szccpdgo.sys"
"c:\windows\system32\drivers\tbcbocal.sys"
"c:\windows\system32\drivers\tfxxdxnh.sys"
"c:\windows\system32\drivers\tgiqulhi.sys"
"c:\windows\system32\drivers\tgjpzllr.sys"
"c:\windows\system32\drivers\tiilnkan.sys"
"c:\windows\system32\drivers\tpstdguh.sys"
"c:\windows\system32\drivers\tpzgszuv.sys"
"c:\windows\system32\drivers\tqlenjqi.sys"
"c:\windows\system32\drivers\ttiqwunn.sys"
"c:\windows\system32\drivers\ttlyewzo.sys"
"c:\windows\system32\drivers\uafcjtev.sys"
"c:\windows\system32\drivers\udmwozpn.sys"
"c:\windows\system32\drivers\udoqjzvw.sys"
"c:\windows\system32\drivers\ujcycmsg.sys"
"c:\windows\system32\drivers\uydgabfj.sys"
"c:\windows\system32\drivers\vlsjqmcx.sys"
"c:\windows\system32\drivers\vnoqrrjn.sys"
"c:\windows\system32\drivers\vpkxopsu.sys"
"c:\windows\system32\drivers\vtykehsx.sys"
"c:\windows\system32\drivers\vwzahfzo.sys"
"c:\windows\system32\drivers\wptkuprl.sys"
"c:\windows\system32\drivers\wqaailcp.sys"
"c:\windows\system32\drivers\wrsxekps.sys"
"c:\windows\system32\drivers\wulhhqil.sys"
"c:\windows\system32\drivers\wveqecvn.sys"
"c:\windows\system32\drivers\wwppxmrh.sys"
"c:\windows\system32\drivers\xhahtimq.sys"
"c:\windows\system32\drivers\xmjgable.sys"
"c:\windows\system32\drivers\xzzjpskq.sys"
"c:\windows\system32\drivers\yjzbzlju.sys"
"c:\windows\system32\drivers\ymxwnyzx.sys"
"c:\windows\system32\drivers\yohexnix.sys"
"c:\windows\system32\drivers\yowcnfdj.sys"
"c:\windows\system32\drivers\zauubkcp.sys"
"c:\windows\system32\drivers\zbhlorey.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MPKSL7F69B72B
-------\Legacy_MPKSL82A1DF20
-------\Legacy_MPKSLAA9937F3
-------\Legacy_SESSIONLAUNCHER
-------\Service_ajekuqby
-------\Service_aqgwzpbu
-------\Service_awrhbeow
-------\Service_bbfbfmwf
-------\Service_bdiehswv
-------\Service_bdlqtwif
-------\Service_birknpjb
-------\Service_bnowkaid
-------\Service_bnttbctc
-------\Service_brmmwrnm
-------\Service_brmulfpw
-------\Service_bttnavpk
-------\Service_bveekgxe
-------\Service_cinbhlqu
-------\Service_cphemwrw
-------\Service_csuztpvm
-------\Service_csxgikup
-------\Service_cucjrwfn
-------\Service_cvbjhzax
-------\Service_cyyqelau
-------\Service_czmdykwq
-------\Service_dbwrrrsg
-------\Service_deqlvdlf
-------\Service_dmrcicpn
-------\Service_doulmfll
-------\Service_drvaxaai
-------\Service_drzfadmo
-------\Service_dsjsnoje
-------\Service_dusmcymi
-------\Service_dzhquzue
-------\Service_ehrvhjzt
-------\Service_ekuvaxzh
-------\Service_eujabbwm
-------\Service_fabptgcw
-------\Service_felgdqzn
-------\Service_fewnhtdi
-------\Service_fkahehah
-------\Service_fmsyesvi
-------\Service_fooukcaw
-------\Service_frduvekw
-------\Service_frfvmvzs
-------\Service_fzuynigr
-------\Service_gdeucgeh
-------\Service_ggsxiahv
-------\Service_gngzgzss
-------\Service_gotmvsft
-------\Service_gqtzdaed
-------\Service_gskxolin
-------\Service_gysmkgsv
-------\Service_gytepqrb
-------\Service_hiewriuy
-------\Service_hnajdyuh
-------\Service_hqnieoli
-------\Service_hvxqcfve
-------\Service_ihhpqgjs
-------\Service_ikahyrnq
-------\Service_ilbakkpj
-------\Service_iqbnqmjt
-------\Service_iqqcymwp
-------\Service_isrestvi
-------\Service_itqtddni
-------\Service_iulrlxcu
-------\Service_iwweooot
-------\Service_ixldjamc
-------\Service_jligwtut
-------\Service_jmwzkmbg
-------\Service_jxpuwuiv
-------\Service_jzdqfvdr
-------\Service_kcxeplgg
-------\Service_kenbhfyy
-------\Service_kfmgtjwt
-------\Service_kjlkciwm
-------\Service_kqyxrqyg
-------\Service_kscfxgof
-------\Service_lcssdlff
-------\Service_lltqgclq
-------\Service_lryfhbbc
-------\Service_lvduueic
-------\Service_mawizavq
-------\Service_mmwlsemk
-------\Service_MpKsl7f69b72b
-------\Service_MpKsl82a1df20
-------\Service_MpKslaa9937f3
-------\Service_mqfwuhwa
-------\Service_mvcraepm
-------\Service_nceqinuu
-------\Service_nednpbzf
-------\Service_nnrqwkzv
-------\Service_nnvgcspn
-------\Service_npnyldeb
-------\Service_nwnvkoeg
-------\Service_oehzyekc
-------\Service_ooprhrhq
-------\Service_oqjkyikj
-------\Service_oqyuxshg
-------\Service_orzwoucx
-------\Service_osmboctq
-------\Service_oxthkngb
-------\Service_pcfjnwbx
-------\Service_pcjylzso
-------\Service_pexiuoja
-------\Service_pfoyeaeo
-------\Service_pgesbdhr
-------\Service_pholiyiw
-------\Service_pibsnwcy
-------\Service_pjwtzspg
-------\Service_pkaskegb
-------\Service_qfqifvrp
-------\Service_qlatxlsk
-------\Service_qljimtza
-------\Service_qpkisscr
-------\Service_qrszhzxd
-------\Service_qwdnpngf
-------\Service_raewkzmo
-------\Service_rcovaivr
-------\Service_rjizsazo
-------\Service_rojdpdlt
-------\Service_rorcmyjo
-------\Service_rpftpnde
-------\Service_sblrfmsq
-------\Service_SessionLauncher
-------\Service_szccpdgo
-------\Service_tbcbocal
-------\Service_tfxxdxnh
-------\Service_tgiqulhi
-------\Service_tgjpzllr
-------\Service_tiilnkan
-------\Service_tpstdguh
-------\Service_tpzgszuv
-------\Service_tqlenjqi
-------\Service_ttiqwunn
-------\Service_ttlyewzo
-------\Service_uafcjtev
-------\Service_udmwozpn
-------\Service_udoqjzvw
-------\Service_ujcycmsg
-------\Service_uydgabfj
-------\Service_vlsjqmcx
-------\Service_vnoqrrjn
-------\Service_vpkxopsu
-------\Service_vtykehsx
-------\Service_vwzahfzo
-------\Service_wptkuprl
-------\Service_wqaailcp
-------\Service_wrsxekps
-------\Service_wulhhqil
-------\Service_wveqecvn
-------\Service_wwppxmrh
-------\Service_xhahtimq
-------\Service_xmjgable
-------\Service_xzzjpskq
-------\Service_yjzbzlju
-------\Service_ymxwnyzx
-------\Service_yohexnix
-------\Service_yowcnfdj
-------\Service_zauubkcp
-------\Service_zbhlorey

((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-02 14:53 . 2010-05-02 15:18 -------- d-----w- C:\george
2010-05-02 06:39 . 2010-05-02 06:39 5888 ----a-w- c:\windows\system32\drivers\euzwipma.sys
2010-05-02 04:38 . 2010-05-02 04:38 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-05-02 04:29 . 2010-05-02 04:29 -------- d-----w- C:\_OTL
2010-04-26 15:39 . 2010-04-26 15:39 -------- d-----w- c:\program files\ERUNT
2010-04-26 04:31 . 2010-04-26 04:31 117728 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-24 14:37 . 2010-04-24 14:37 52224 ----a-w- c:\documents and settings\Richie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-24 14:37 . 2010-04-24 14:37 117760 ----a-w- c:\documents and settings\Richie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-24 14:36 . 2010-04-24 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-04-24 14:36 . 2010-04-24 14:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-24 14:36 . 2010-04-24 14:36 -------- d-----w- c:\documents and settings\Richie\Application Data\SUPERAntiSpyware.com
2010-04-24 14:35 . 2010-04-24 14:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-16 18:30 . 2010-04-16 18:30 -------- d-----w- c:\documents and settings\Richie\Local Settings\Application Data\avG
2010-04-14 00:17 . 2010-04-14 00:17 3584 ----a-r- c:\documents and settings\Richie\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-04-14 00:17 . 2010-04-14 00:17 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-04-13 08:29 . 2010-04-13 08:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-13 03:59 . 2010-04-13 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-04-13 03:58 . 2010-04-13 03:58 -------- d-----w- c:\program files\Common Files\iS3
2010-04-13 03:58 . 2010-04-13 15:11 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-04-12 23:13 . 2010-04-12 23:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\avG
2010-04-12 23:13 . 2010-04-12 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\avG
2010-04-12 23:06 . 2010-01-22 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-12 23:06 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-12 23:06 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-12 23:06 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-12 23:06 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-04-12 23:06 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-04-12 23:02 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-12 23:02 . 2010-03-10 15:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-12 23:02 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-12 23:02 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-12 23:02 . 2010-05-02 04:42 -------- d-----w- c:\program files\Spyware Doctor
2010-04-12 23:02 . 2010-04-12 23:08 -------- d-----w- c:\program files\Common Files\PC Tools
2010-04-12 23:02 . 2010-04-12 23:02 -------- d-----w- c:\documents and settings\Richie\Application Data\PC Tools
2010-04-12 23:02 . 2010-04-12 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-04-12 23:02 . 2010-05-02 04:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-12 22:53 . 2010-04-12 22:53 -------- d-----w- C:\spoolerlogs
2010-04-12 22:53 . 2010-04-13 00:21 -------- d-----w- c:\documents and settings\Richie\Application Data\92082B924A90F598C1F8AE0BB5EA5370
2010-04-11 22:18 . 2010-04-11 22:18 -------- d-----w- c:\documents and settings\Richie\Application Data\AnvSoft
2010-04-11 22:18 . 2010-04-11 22:18 -------- d-----w- c:\program files\AnvSoft
2010-04-11 22:06 . 2010-04-11 22:06 -------- d-----w- c:\program files\Common Files\Common Share
2010-04-11 22:06 . 2008-12-18 17:38 719872 ----a-w- c:\windows\system32\devil.dll
2010-04-11 22:06 . 2008-12-18 17:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2010-04-11 22:06 . 2008-12-18 17:38 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-04-11 22:06 . 2010-04-11 22:06 -------- d-----w- c:\program files\OJOsoft
2010-04-11 18:48 . 2010-04-11 18:48 26694 ----a-r- c:\documents and settings\Richie\Application Data\Microsoft\Installer\{15D9B400-F721-437B-B4A5-4FE2F3F2431E}\BlackBerry.exe
2010-04-11 18:23 . 2010-04-16 14:58 256 ----a-w- c:\windows\system32\pool.bin
2010-04-11 18:23 . 2010-04-11 18:23 -------- d-----w- c:\documents and settings\Richie\Application Data\Research In Motion
2010-04-11 18:23 . 2009-01-09 20:18 27136 ----a-r- c:\windows\system32\drivers\RimSerial.sys
2010-04-11 18:22 . 2010-04-11 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2010-04-11 18:22 . 2010-04-11 18:48 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-04-11 18:22 . 2010-04-11 18:22 -------- d-----w- c:\program files\Research In Motion
2010-04-11 18:09 . 2008-04-13 15:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-11 18:09 . 2008-04-13 15:45 32128 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-04-10 19:03 . 2010-04-10 19:03 59904 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\zlib1.dll
2010-04-10 19:03 . 2010-04-10 19:03 507904 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\rcSBridge.dll
2010-04-10 19:03 . 2010-04-10 19:03 126976 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\CAWinExF.dll
2010-04-10 19:03 . 2010-04-10 19:03 421376 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Sharing.Client.dll
2010-04-10 19:03 . 2010-04-10 19:03 29696 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Sharing.Client_rc.dll
2010-04-10 18:59 . 2010-04-10 18:59 544768 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Scripting.Client.dll
2010-04-10 18:59 . 2010-04-10 18:59 22016 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Tools.Scripting.Client_rc.dll
2010-04-10 18:58 . 2010-04-11 19:06 70920 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Customer_rc.dll
2010-04-10 18:58 . 2010-04-10 18:58 626440 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Customer.exe
2010-04-10 18:58 . 2010-04-10 18:58 599304 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\Controller.exe
2010-04-10 18:58 . 2010-04-10 18:58 353544 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\SoftwareUpdater.exe
2010-04-10 18:58 . 2010-04-11 19:06 -------- d-----w- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2010-04-10 18:58 . 2010-04-10 18:58 632072 ----a-w- c:\documents and settings\All Users\Application Data\CA-SupportBridge\msvcr80.dll
2010-04-09 20:24 . 2010-04-09 20:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2010-04-09 20:24 . 2010-04-11 22:03 -------- d-----w- c:\documents and settings\Richie\Local Settings\Application Data\WMTools Downloaded Files
2010-04-09 20:23 . 2010-04-11 21:16 -------- d-----w- c:\documents and settings\Richie\Application Data\Roxio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-02 14:06 . 2006-04-30 06:55 5888 ----a-w- c:\windows\system32\drivers\dmload.sys
2010-05-02 04:39 . 2010-02-02 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 19:39 . 2010-02-02 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-02-02 16:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-16 19:23 . 2010-02-02 17:56 -------- d-----w- c:\program files\Google
2010-04-16 14:11 . 2009-08-26 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-14 00:16 . 2009-10-15 18:21 -------- d-----w- c:\program files\MSECache
2010-04-13 17:02 . 2010-02-02 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-13 01:37 . 2009-07-14 06:13 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-04-11 22:40 . 2009-07-15 07:04 -------- d-----w- c:\documents and settings\Richie\Application Data\vlc
2010-04-11 18:22 . 2009-07-14 06:19 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-03-27 15:09 . 2010-03-27 15:08 -------- d-----w- c:\program files\Windows Live
2010-03-27 15:09 . 2009-07-14 06:35 -------- d-----w- c:\program files\Windows Live Toolbar
2010-03-27 15:09 . 2010-03-27 15:09 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-03-27 15:08 . 2010-03-27 15:08 -------- d-----w- c:\program files\Microsoft
2010-03-27 15:08 . 2010-03-27 15:08 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-03-27 14:57 . 2010-03-27 14:57 -------- d-----w- c:\program files\Common Files\Windows Live
2010-03-09 11:09 . 2006-04-30 06:56 430080 ------w- c:\windows\system32\vbscript.dll
2010-03-06 20:15 . 2009-07-14 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-03-05 13:33 . 2009-07-14 07:51 -------- d-----w- c:\program files\McAfee
2010-02-24 14:16 . 2010-01-30 18:22 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 13:11 . 2006-04-30 06:55 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 14:08 . 2006-04-30 06:55 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2006-04-30 06:55 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2006-04-30 06:56 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-10 19:18 . 2006-04-30 06:45 319000 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-02-03 19:21 . 2010-02-03 19:21 388096 ------r- c:\documents and settings\Richie\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-07-14 03:41 . 2009-07-14 03:41 8114720 ------w- c:\program files\Firefox Setup 3.5.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ------w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ------w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-02 135664]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-01 2010864]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 524288]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 149280]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-06-08 124248]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2009-07-29 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2009-07-29 172032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\Richie\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-7-14 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2008-05-10 14:24 180224 ----a-w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 07:02 34080 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [4/12/2010 7:02 PM 217032]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 7:21 PM 19496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 8:50 AM 46144]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [5/10/2008 10:11 AM 1160440]
R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [5/10/2008 10:24 AM 102400]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/15/2009 3:54 AM 93320]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [7/14/2009 2:23 AM 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 7:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 AM 253952]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [7/14/2009 2:13 AM 475136]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [7/14/2009 1:49 AM 244368]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2/22/2008 6:54 PM 37312]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/12/2010 7:02 PM 366840]
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005Core.job
- c:\documents and settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 20:27]

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3269646363-2224353608-1659482125-1005UA.job
- c:\documents and settings\Richie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-02 20:27]

2009-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-14 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-07-14 17:22]

2010-05-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2010-04-13 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-07-14 16:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Richie\Application Data\Mozilla\Firefox\Profiles\ewlac0ql.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Richie\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 23:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(4780)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\TpShocks.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
.
**************************************************************************
.
Completion time: 2010-05-03 23:55:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 03:55
ComboFix2.txt 2010-05-02 15:18
ComboFix3.txt 2010-02-10 19:45

Pre-Run: 103,871,827,968 bytes free
Post-Run: 103,823,237,120 bytes free

- - End Of File - - 81D132FE9E609BC10BE8D6CBEEDAF6F3

#15
RKinner

Posted 04 May 2010 - 07:53 AM

Malware Expert

Expert
24,625 posts

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java. Get the latest (6update20) at:

http://www.java.com/...nload/index.jsp

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 16

"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html
Make sure you register with them.

Ron