deocder

Members
  • Content Count

    14
  • Joined

  • Last visited

About deocder

  • Rank
    Member
  1. Hello, Finally I have had a chance to work on this computer. However I had to do so remotely and cannot be in front of it. In addition, I have been unable to restore the desktop wallpaper. I have tried several fixes to no avail. The computer was having issues connecting to the internet. But once connected I tried to check the router it was connected to to make sure it was set up properly. I was unable to browse to the router (192.168.1.1). All other web browsing was fine, just unable to connect to the router's GUI. I have been able to connect to this in the past. I suspected that the browser was hijacked so I installed Spybot S&D and ran immunization. Then did a scan. I have also updated Malwarebytes and run another scan. In addition, another OTL scan. All logs are below..... Spybot Log: MaxSecure.RegistryCleaner: [sBI $5AA2E7C9] Program directory (Directory, fixed) C:\Program Files\Max Registry Cleaner\ MaxSecure.RegistryCleaner: [sBI $52C9D917] Program directory (Directory, fixed) C:\Program Files\Max Registry Cleaner\Backup\ MaxSecure.RegistryCleaner: [sBI $E0207521] Program directory (Directory, fixed) C:\Program Files\Max Registry Cleaner\BackupDB\ MaxSecure.RegistryCleaner: [sBI $BA545786] Program directory (Directory, fixed) C:\Program Files\Max Registry Cleaner\Log\ MaxSecure.RegistryCleaner: [sBI $ACF07A50] Text file (File, fixed) C:\Program Files\Max Registry Cleaner\Log\RCLiveupdateLog.txt Properties.size=0 Properties.md5=D41D8CD98F00B204E9800998ECF8427E MaxSecure.RegistryCleaner: [sBI $ACF07A50] Text file (File, fixed) C:\Program Files\Max Registry Cleaner\Log\ScanLog.txt Properties.size=0 Properties.md5=D41D8CD98F00B204E9800998ECF8427E MaxSecure.RegistryCleaner: [sBI $ACF07A50] Text file (File, fixed) C:\Program Files\Max Registry Cleaner\Log\VoucherLog.txt Properties.size=0 Properties.md5=D41D8CD98F00B204E9800998ECF8427E MaxSecure.RegistryCleaner: [sBI $44D17AEA] Program directory (Directory, fixed) C:\Program Files\Max Registry Cleaner\setting\ MaxSecure.RegistryCleaner: [sBI $033A6FF0] Configuration file (File, fixed) C:\Program Files\Max Registry Cleaner\setting\CurrentSettings.ini Properties.size=0 Properties.md5=D41D8CD98F00B204E9800998ECF8427E SpywareDetector: [sBI $3B9C51F2] Settings (Registry key, fixed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDNotify SpywareDetector: [sBI $C90CC544] Program directory (Directory, fixed) C:\WINDOWS\MaxSecureBackup\ SpywareDetector: [sBI $0D8F8637] Text file (File, fixed) C:\MaxSignature.txt Properties.size=0 Properties.md5=D41D8CD98F00B204E9800998ECF8427E SpywareDetector: [sBI $879186E6] Library (File, fixed) C:\WINDOWS\system32\GetHardDiskNo.dll Properties.size=0 Properties.md5=D41D8CD98F00B204E9800998ECF8427E Microsoft.Windows.ActiveDesktop: [sBI $377029D9] User settings (Registry change, fixed) HKEY_USERS\S-1-5-21-177391176-3013064915-1126896040-1009\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper Microsoft.Windows.Explorer: [sBI $1931FF4D] Settings (Registry change, fixed) HKEY_USERS\S-1-5-21-177391176-3013064915-1126896040-1009\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges CoreMetrics: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed) DoubleClick: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed) CasaleMedia: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed) Right Media: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed) Statcounter: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed) MediaPlex: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed) HitBox: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed) HitBox: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed) MediaPlex: Tracking cookie (Internet Explorer: Jay Plesset) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2010-01-11 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-11-04 advcheck.dll (1.6.5.20) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2009-10-08 Includes\Adware.sbi (*) 2010-01-05 Includes\AdwareC.sbi (*) 2009-01-22 Includes\Cookies.sbi (*) 2009-11-03 Includes\Dialer.sbi (*) 2010-01-05 Includes\DialerC.sbi (*) 2009-01-22 Includes\HeavyDuty.sbi (*) 2009-05-26 Includes\Hijackers.sbi (*) 2010-01-05 Includes\HijackersC.sbi (*) 2009-12-15 Includes\Keyloggers.sbi (*) 2010-01-05 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2009-12-30 Includes\Malware.sbi (*) 2010-01-05 Includes\MalwareC.sbi (*) 2009-03-25 Includes\PUPS.sbi (*) 2010-01-05 Includes\PUPSC.sbi (*) 2009-01-22 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2010-01-05 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2009-11-03 Includes\Spyware.sbi (*) 2010-01-05 Includes\SpywareC.sbi (*) 2009-06-08 Includes\Tracks.uti 2009-12-08 Includes\Trojans.sbi (*) 2010-01-05 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll MALWAREBYTES LOG: Malwarebytes' Anti-Malware 1.44 Database version: 3545 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/11/2010 10:46:11 PM mbam-log-2010-01-11 (22-46-11).txt Scan type: Quick Scan Objects scanned: 140870 Time elapsed: 9 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL SCAN: OTL logfile created on: 1/11/2010 10:47:46 PM - Run 4 OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Jay Plesset\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 484.00 Mb Available Physical Memory | 48.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 105.81 Gb Total Space | 63.66 Gb Free Space | 60.17% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUES_LAPTOP Current User Name: Jay Plesset Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010/01/11 22:34:39 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/09/28 19:34:22 | 00,116,032 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe PRC - [2009/09/28 19:34:16 | 00,378,176 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe PRC - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe PRC - [2008/09/26 11:02:04 | 02,356,088 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe PRC - [2008/08/11 12:41:00 | 00,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe PRC - [2008/08/11 12:41:00 | 00,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2008/01/20 08:05:35 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/08/10 02:21:56 | 16,384,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2007/07/05 18:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe PRC - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe PRC - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2007/02/08 16:00:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe PRC - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE PRC - [2006/10/12 02:28:48 | 01,134,592 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE PRC - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2006/05/19 00:51:16 | 00,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2006/05/18 19:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe PRC - [2005/11/10 16:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe PRC - [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe ========== Modules (SafeList) ========== MOD - [2010/01/11 22:34:39 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (FingerprintServer) SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/09/28 19:34:22 | 00,116,032 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2009/04/30 13:23:41 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2008/08/11 12:41:00 | 00,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2008/04/13 19:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation) SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC) SRV - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH) SRV - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc) SRV - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/11 21:34:00 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 21:33:51 | 00,000,000 | ---D | M] [2010/01/11 21:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Mozilla\Extensions [2010/01/11 21:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Mozilla\Firefox\Profiles\kqmnm4uk.default\extensions [2010/01/11 21:33:51 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (371817 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 12818 more lines... O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [spybotDeletingA1658] C:\WINDOWS\System32\command.com () O4 - HKLM..\RunOnce: [spybotDeletingA2135] C:\WINDOWS\System32\command.com () O4 - HKLM..\RunOnce: [spybotDeletingA3373] C:\WINDOWS\System32\command.com () O4 - HKLM..\RunOnce: [spybotDeletingA3897] C:\WINDOWS\System32\command.com () O4 - HKLM..\RunOnce: [spybotDeletingC5390] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [spybotDeletingC5998] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [spybotDeletingC6777] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [spybotDeletingC8650] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [spybotDeletingB269] C:\WINDOWS\System32\command.com () O4 - HKCU..\RunOnce: [spybotDeletingB294] C:\WINDOWS\System32\command.com () O4 - HKCU..\RunOnce: [spybotDeletingB7085] C:\WINDOWS\System32\command.com () O4 - HKCU..\RunOnce: [spybotDeletingB9085] C:\WINDOWS\System32\command.com () O4 - HKCU..\RunOnce: [spybotDeletingD1835] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [spybotDeletingD3451] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [spybotDeletingD6623] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [spybotDeletingD8889] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktopChanges = [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: NoSaveSettings = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: ClassicShell = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/27 22:30:07 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation) NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16892003295952896) ========== Files/Folders - Created Within 14 Days ========== [2010/01/11 22:34:37 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe [2010/01/11 22:34:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\My Documents\Downloads [2010/01/11 22:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\PDF Writer [2010/01/11 22:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\PDF Writer [2010/01/11 22:25:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PDF Writer [2010/01/11 22:21:36 | 00,227,840 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzFlRdr.dll [2010/01/11 22:21:36 | 00,131,072 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzpdfc.dll [2010/01/11 22:21:36 | 00,103,424 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzDCT.dll [2010/01/11 22:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip [2010/01/11 22:21:33 | 00,194,560 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzpdf.dll [2010/01/11 22:21:28 | 00,000,000 | ---D | C] -- C:\Program Files\Bullzip [2010/01/11 21:34:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2010/01/11 21:34:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2010/01/11 21:33:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\Mozilla [2010/01/11 21:33:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\Mozilla [2010/01/11 21:31:18 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Jay Plesset\Desktop\spybotsd162.exe [2010/01/06 23:01:15 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jay Plesset\Recent [2010/01/06 22:57:26 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/01/06 22:25:02 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jay Plesset\IECompatCache [2010/01/06 22:23:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jay Plesset\PrivacIE [2010/01/06 22:21:49 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Jay Plesset\IETldCache [2010/01/06 22:17:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010/01/06 22:15:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/01/06 22:14:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp [2010/01/06 21:29:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2 [2009/12/30 22:29:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2009/12/30 00:23:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2009/12/29 23:59:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\LogMeIn [2009/12/29 23:59:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2009/12/29 23:59:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS [2009/12/29 23:59:22 | 00,083,288 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll [2009/12/29 23:59:22 | 00,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2009/12/29 23:59:22 | 00,028,984 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll [2009/12/29 23:59:14 | 00,087,352 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll [2009/12/29 23:58:47 | 00,000,000 | ---D | C] -- C:\Program Files\LogMeIn [2009/12/29 23:54:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\Deployment [2009/09/02 17:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit [2009/07/22 00:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/02/27 14:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit [2009/02/14 06:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2008/12/15 21:07:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/12/15 21:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/11/25 20:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2007/12/15 03:10:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2010/01/11 22:48:44 | 06,815,744 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\NTUSER.DAT [2010/01/11 22:34:39 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe [2010/01/11 22:25:21 | 00,015,596 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\Spybot - Search & Destroy scan report.pdf [2010/01/11 22:21:40 | 00,001,716 | ---- | M] () -- C:\WINDOWS\System32\BioPdf.PdfWriter.Lib.tlb [2010/01/11 22:11:39 | 00,000,359 | ---- | M] () -- C:\WINDOWS\wininit.ini [2010/01/11 22:06:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2010/01/11 21:41:52 | 00,371,817 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/01/11 21:34:02 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat [2010/01/11 21:33:54 | 00,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/01/11 21:31:18 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Jay Plesset\Desktop\spybotsd162.exe [2010/01/11 21:04:26 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/11 20:46:04 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2010/01/11 20:45:48 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2010/01/11 20:45:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/11 20:45:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/11 20:45:30 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys [2010/01/11 20:44:46 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jay Plesset\ntuser.ini [2010/01/10 15:51:47 | 04,792,240 | -H-- | M] () -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\IconCache.db [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/07 00:12:09 | 00,001,710 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\wallpaperenable.reg [2010/01/06 23:18:31 | 00,000,881 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\fixreg.zip [2010/01/06 23:01:57 | 00,039,710 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\cc_20100106_230151.reg [2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2010/01/06 22:35:02 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2010/01/06 22:35:01 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2010/01/06 21:40:23 | 00,444,750 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/01/06 21:40:23 | 00,072,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/30 22:23:10 | 00,591,718 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/29 23:59:14 | 00,001,024 | ---- | M] () -- C:\.rnd [2009/12/29 23:40:01 | 90,042,970 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\registry_backup.reg [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/11 22:25:21 | 00,015,596 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\Desktop\Spybot - Search & Destroy scan report.pdf [2010/01/11 22:21:40 | 00,001,716 | ---- | C] () -- C:\WINDOWS\System32\BioPdf.PdfWriter.Lib.tlb [2010/01/11 22:21:37 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\BioPdf.PdfWriter.Lib.dll [2010/01/11 22:11:38 | 00,000,359 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/01/11 21:34:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010/01/11 21:33:54 | 00,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/01/07 00:12:09 | 00,001,710 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\Desktop\wallpaperenable.reg [2010/01/06 23:18:31 | 00,000,881 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\Desktop\fixreg.zip [2010/01/06 23:01:54 | 00,039,710 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\My Documents\cc_20100106_230151.reg [2009/12/30 00:32:23 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl [2009/12/29 23:59:13 | 00,001,024 | ---- | C] () -- C:\.rnd [2009/12/29 23:39:50 | 90,042,970 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\My Documents\registry_backup.reg [2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008/04/23 21:40:33 | 00,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008/04/23 21:40:33 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F908CF7746.sys [2007/12/21 13:59:55 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2007/11/27 23:26:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/11/27 23:08:13 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2007/11/27 22:58:05 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007/11/27 22:58:05 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007/11/27 22:58:05 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007/11/27 22:58:05 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007/11/27 22:53:03 | 00,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007/11/27 22:53:03 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll [2007/11/27 22:52:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007/11/27 22:52:50 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007/11/27 22:51:50 | 00,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007/11/27 22:50:25 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007/08/16 05:28:38 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2007/08/16 05:28:27 | 00,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI [2007/02/09 14:54:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini ========== LOP Check ========== [2007/11/27 23:03:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland [2009/02/27 09:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2009/05/17 08:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009/12/29 23:59:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn [2010/01/11 22:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer [2007/11/27 23:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2007/12/30 21:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\InterVideo [2008/11/22 09:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Leadertech [2009/05/17 08:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Lenovo [2009/12/12 08:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\MSNInstaller [2008/08/16 06:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Opera [2010/01/11 22:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\PDF Writer [2010/01/11 22:06:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2009/03/01 19:00:15 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2009/03/01 19:00:15 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2009/03/01 19:00:15 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2009/03/01 19:00:15 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys [2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys [2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < End of report >
  2. It seems to be running well now but I have not had much time to really work with the system since going through all the scans. Thank you for your help thus far, I really appreciate it!
  3. I ran the scan and nothing was found. Additionally, "Click here to export the scan results" did not exist as on option.
  4. Hello and thanks! I have noticed that Internet Explorer taks a long time to load. Also, I have been unable to install Security Update for SQL Server 2005 Service Pack 2 (KB970895), but I dont think it has anything to do with Malware. How do the scans look?
  5. Hello, I have posted both logs below: . Are we making progress? Malwarebytes' Anti-Malware 1.42 Database version: 3289 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 12/29/2009 10:56:08 AM mbam-log-2009-12-29 (10-56-08).txt Scan type: Quick Scan Objects scanned: 138975 Time elapsed: 9 minute(s), 21 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ********************************************************************************************************************************** OTL logfile created on: 12/29/2009 11:04:36 AM - Run 3 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Jay Plesset\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 342.00 Mb Available Physical Memory | 34.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 105.81 Gb Total Space | 64.49 Gb Free Space | 60.96% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUES_LAPTOP Current User Name: Jay Plesset Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/04/24 14:05:42 | 00,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe PRC - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe PRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/04 10:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2008/01/20 08:05:35 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/08/10 02:21:56 | 16,384,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2007/08/03 19:42:08 | 00,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe PRC - [2007/08/03 19:35:38 | 02,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe PRC - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2007/07/05 18:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2007/04/09 13:03:00 | 00,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe PRC - [2007/03/23 02:32:42 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2007/03/23 02:32:40 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe PRC - [2007/03/23 02:32:36 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2007/03/23 02:32:24 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe PRC - [2007/03/16 08:26:18 | 00,031,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe PRC - [2007/02/10 08:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2007/02/08 16:00:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe PRC - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006/11/07 05:51:20 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE PRC - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE PRC - [2006/10/12 02:28:48 | 01,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXE PRC - [2006/10/12 02:28:48 | 01,134,592 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE PRC - [2006/09/06 02:38:44 | 00,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe PRC - [2006/08/30 02:40:04 | 00,089,542 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe PRC - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2006/05/19 00:51:16 | 00,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2006/05/18 19:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe PRC - [2005/11/10 16:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe PRC - [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe PRC - [2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe ========== Modules (SafeList) ========== MOD - [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe MOD - [2008/04/13 19:12:10 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2008/04/13 19:12:09 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2008/04/13 12:37:57 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2007/08/03 19:42:18 | 00,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll MOD - [2007/08/03 19:42:10 | 02,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll MOD - [2007/08/03 19:28:10 | 01,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll MOD - [2007/08/03 19:28:06 | 00,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dll MOD - [2007/08/03 19:28:02 | 05,174,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_lenovo_res.dll MOD - [2007/08/03 19:27:46 | 01,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dll MOD - [2007/08/03 19:27:42 | 00,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dll MOD - [2007/08/03 19:19:10 | 00,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dll MOD - [2007/08/03 19:19:06 | 00,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dll MOD - [2007/08/03 19:09:58 | 00,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_lenovo_res2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (FingerprintServer) SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/04/30 13:23:41 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache) SRV - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008/04/13 19:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation) SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2008/02/26 21:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC) SRV - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH) SRV - [2007/02/10 08:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc) SRV - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/10/14 06:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) ========== Driver Services (SafeList) ========== DRV - [2009/11/24 18:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2) DRV - [2009/11/24 18:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP) DRV - [2009/11/24 18:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/11/24 18:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi) DRV - [2009/11/24 18:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr) DRV - [2009/11/24 18:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2008/05/16 05:10:32 | 00,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp) DRV - [2008/05/16 05:10:30 | 00,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis) DRV - [2008/04/13 13:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp) DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2008/04/13 13:34:12 | 00,163,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwrdr.sys -- (NWRDR) DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/11/27 23:09:50 | 00,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter) DRV - [2007/11/27 23:08:47 | 00,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem) DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2007/08/10 00:52:44 | 04,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/06/17 00:29:08 | 00,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/05/22 18:59:38 | 00,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C) DRV - [2007/05/22 02:59:34 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2007/04/09 13:03:00 | 00,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2007/04/02 14:24:08 | 00,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK) DRV - [2007/02/25 22:59:10 | 05,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm) DRV - [2007/02/24 17:42:22 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/02/16 18:46:42 | 00,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007/02/08 15:30:28 | 00,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter) DRV - [2007/02/02 06:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2007/01/23 20:03:28 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/01/23 19:40:20 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/06 03:23:24 | 00,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD) DRV - [2006/10/12 02:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2006/08/30 00:53:00 | 01,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/05/24 14:48:14 | 00,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler) DRV - [2006/05/19 00:24:20 | 00,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2005/11/08 12:27:20 | 00,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC) DRV - [2004/08/04 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2004/08/04 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2004/08/03 17:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2003/09/11 02:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi) DRV - [2001/09/10 12:00:00 | 00,017,976 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epusbsto.sys -- (EPUSBSTOR) DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow) DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3) DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi) DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx) DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810) DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra) DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160) DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080) DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280) DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k) DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x) DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc) DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550) DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde) DRV - [2001/08/17 07:20:04 | 00,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) DRV - [2001/08/17 07:12:10 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel® ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation) O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe () O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1 O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\Max Spyware Detector\SDNotify.dll - C:\Program Files\Max Spyware Detector\SDNotify.dll File not found O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/27 22:30:07 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation) NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16891947461378048) ========== Files/Folders - Created Within 30 Days ========== [2009/12/29 09:40:55 | 00,000,000 | ---D | C] -- C:\53a14093590df81296e4fb63 [2009/12/27 09:59:03 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe [2009/12/27 00:03:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970895_ENU [2009/12/26 21:57:28 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/12/26 21:57:28 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/12/26 21:57:28 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/12/26 21:57:27 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/12/26 21:57:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/12/26 21:57:26 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/12/26 21:57:26 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/12/26 21:57:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/12/26 21:57:11 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/12/26 21:57:08 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009/12/26 21:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\Malwarebytes [2009/12/26 21:05:38 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/26 21:05:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/26 21:05:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/26 21:05:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/12 08:52:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\MSNInstaller [2009/09/02 17:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit [2009/07/22 00:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/02/27 14:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit [2009/02/14 06:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2008/12/15 21:07:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/12/15 21:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/11/25 20:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2007/12/15 03:10:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/12/29 10:06:01 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2009/12/29 09:43:08 | 00,591,718 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/29 09:43:08 | 00,491,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/29 09:43:08 | 00,089,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/29 09:39:28 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/29 09:39:08 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2009/12/29 09:38:53 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2009/12/29 09:38:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/29 09:38:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/29 09:38:36 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys [2009/12/29 02:26:44 | 02,883,584 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\NTUSER.DAT [2009/12/29 02:26:21 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jay Plesset\ntuser.ini [2009/12/29 02:26:01 | 01,984,550 | -H-- | M] () -- C:\Documents and Settings\Jay Plesset\Local Settings\Application Data\IconCache.db [2009/12/28 08:44:31 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\9m087noy.exe [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe [2009/12/26 21:57:28 | 00,001,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/12/26 21:57:26 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/12/26 20:59:42 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysRegC.dll [2009/12/22 04:58:11 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll [2009/12/21 19:39:06 | 00,011,738 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\Wines WE LIKE.docx [2009/12/18 09:17:05 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\Microsoft Office Excel 2007.lnk [2009/12/13 22:57:54 | 30,568,448 | R--- | M] () -- C:\Jay H Plesset DDS PA.qbw [2009/12/13 22:57:54 | 00,196,608 | R--- | M] () -- C:\Jay H Plesset DDS PA.qbw.TLG [2009/12/13 22:57:54 | 00,000,330 | ---- | M] () -- C:\Jay H Plesset DDS PA.qbw.ND [2009/12/13 22:39:21 | 23,572,480 | ---- | M] () -- C:\Jay H Plesset DDS PA (Backup Dec 13,2009 10 38 PM).QBB [2009/12/11 09:01:40 | 00,000,330 | ---- | M] () -- C:\Jay H Plesset DDS PA.ND [2009/12/09 19:00:31 | 00,012,233 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\Holiday Card 2009.docx [2009/12/09 03:04:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/12/06 20:06:43 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\~$liday Card 2009.docx [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/28 19:33:15 | 10,637,02528 | -HS- | C] () -- C:\hiberfil.sys [2009/12/28 08:44:29 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\Desktop\9m087noy.exe [2009/12/26 21:57:28 | 00,001,716 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/12/26 21:57:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/12/13 22:47:12 | 00,196,608 | R--- | C] () -- C:\Jay H Plesset DDS PA.qbw.TLG [2009/12/13 22:39:13 | 23,572,480 | ---- | C] () -- C:\Jay H Plesset DDS PA (Backup Dec 13,2009 10 38 PM).QBB [2009/12/06 20:06:43 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Jay Plesset\My Documents\~$liday Card 2009.docx [2009/12/06 20:06:42 | 00,012,233 | ---- | C] () -- C:\Documents and Settings\Jay Plesset\My Documents\Holiday Card 2009.docx [2008/04/23 21:40:33 | 00,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008/04/23 21:40:33 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F908CF7746.sys [2007/12/21 13:59:55 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2007/11/27 23:26:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/11/27 23:08:13 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2007/11/27 22:58:05 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007/11/27 22:58:05 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007/11/27 22:58:05 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007/11/27 22:58:05 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007/11/27 22:53:03 | 00,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007/11/27 22:53:03 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll [2007/11/27 22:52:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007/11/27 22:52:50 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007/11/27 22:51:50 | 00,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007/11/27 22:50:25 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007/08/16 05:28:38 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2007/08/16 05:28:27 | 00,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI [2007/02/09 14:54:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys [2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys [2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < > < End of report >
  6. I finally got the scan to complete! Here is the log: GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2009-12-29 01:31:01 Windows 5.1.2600 Service Pack 3 Running: 9m087noy.exe; Driver: C:\DOCUME~1\JAYPLE~1\LOCALS~1\Temp\uxriypoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0x9DE1A6B8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0x9DE1A574] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0x9DE1AA52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x9DE1A14C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0x9DE1A64E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x9DE1A08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x9DE1A0F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0x9DE1A76E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0x9DE1A72E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0x9DE1A8AE] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1148] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002 IAT C:\WINDOWS\system32\services.exe[1148] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \FileSystem\Fastfat \Fat 9C62ED20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) ---- Files - GMER 1.0.15 ---- File C:\RRbackups\C 0 bytes File C:\RRbackups\C\0 0 bytes File C:\RRbackups\C\0\Data116 50003968 bytes File C:\RRbackups\C\0\Data27 50003968 bytes File C:\RRbackups\C\0\Data46 50003968 bytes File C:\RRbackups\C\0\Data65 50003968 bytes File C:\RRbackups\C\0\Data84 50003968 bytes File C:\RRbackups\C\0\Data0 50003968 bytes File C:\RRbackups\C\0\Data1 50003968 bytes File C:\RRbackups\C\0\Data10 50003968 bytes File C:\RRbackups\C\0\Data100 50003968 bytes File C:\RRbackups\C\0\Data101 50003968 bytes File C:\RRbackups\C\0\Data102 50003968 bytes File C:\RRbackups\C\0\Data103 50003968 bytes File C:\RRbackups\C\0\Data104 50003968 bytes File C:\RRbackups\C\0\Data105 50003968 bytes File C:\RRbackups\C\0\Data106 50003968 bytes File C:\RRbackups\C\0\Data107 50003968 bytes File C:\RRbackups\C\0\Data108 50003968 bytes File C:\RRbackups\C\0\Data109 50003968 bytes File C:\RRbackups\C\0\Data11 50003968 bytes File C:\RRbackups\C\0\Data110 50003968 bytes File C:\RRbackups\C\0\Data111 50003968 bytes File C:\RRbackups\C\0\Data112 50003968 bytes File C:\RRbackups\C\0\Data113 50003968 bytes File C:\RRbackups\C\0\Data114 50003968 bytes File C:\RRbackups\C\0\Data115 50003968 bytes File C:\RRbackups\C\0\Data28 50003968 bytes File C:\RRbackups\C\0\Data29 50003968 bytes File C:\RRbackups\C\0\Data3 50003968 bytes File C:\RRbackups\C\0\Data30 50003968 bytes File C:\RRbackups\C\0\Data31 50003968 bytes File C:\RRbackups\C\0\Data32 50003968 bytes File C:\RRbackups\C\0\Data33 50003968 bytes File C:\RRbackups\C\0\Data34 50003968 bytes File C:\RRbackups\C\0\Data35 50003968 bytes File C:\RRbackups\C\0\Data36 50003968 bytes File C:\RRbackups\C\0\Data37 50003968 bytes File C:\RRbackups\C\0\Data38 50003968 bytes File C:\RRbackups\C\0\Data39 50003968 bytes File C:\RRbackups\C\0\Data4 50003968 bytes File C:\RRbackups\C\0\Data40 50003968 bytes File C:\RRbackups\C\0\Data41 50003968 bytes File C:\RRbackups\C\0\Data42 50003968 bytes File C:\RRbackups\C\0\Data43 50003968 bytes File C:\RRbackups\C\0\Data44 50003968 bytes File C:\RRbackups\C\0\Data45 50003968 bytes File C:\RRbackups\C\0\Data47 50003968 bytes File C:\RRbackups\C\0\Data48 50003968 bytes File C:\RRbackups\C\0\Data49 50003968 bytes File C:\RRbackups\C\0\Data5 50003968 bytes File C:\RRbackups\C\0\Data50 50003968 bytes File C:\RRbackups\C\0\Data51 50003968 bytes File C:\RRbackups\C\0\Data52 50003968 bytes File C:\RRbackups\C\0\Data53 50003968 bytes File C:\RRbackups\C\0\Data54 50003968 bytes File C:\RRbackups\C\0\Data55 50003968 bytes File C:\RRbackups\C\0\Data56 50003968 bytes File C:\RRbackups\C\0\Data57 50003968 bytes File C:\RRbackups\C\0\Data58 50003968 bytes File C:\RRbackups\C\0\Data59 50003968 bytes File C:\RRbackups\C\0\Data6 50003968 bytes File C:\RRbackups\C\0\Data60 50003968 bytes File C:\RRbackups\C\0\Data61 50003968 bytes File C:\RRbackups\C\0\Data62 50003968 bytes File C:\RRbackups\C\0\Data63 50003968 bytes File C:\RRbackups\C\0\Data64 50003968 bytes File C:\RRbackups\C\0\Data66 50003968 bytes File C:\RRbackups\C\0\Data67 50003968 bytes File C:\RRbackups\C\0\Data68 50003968 bytes File C:\RRbackups\C\0\Data69 50003968 bytes File C:\RRbackups\C\0\Data7 50003968 bytes File C:\RRbackups\C\0\Data70 50003968 bytes File C:\RRbackups\C\0\Data71 50003968 bytes File C:\RRbackups\C\0\Data72 50003968 bytes File C:\RRbackups\C\0\Data73 50003968 bytes File C:\RRbackups\C\0\Data74 50003968 bytes File C:\RRbackups\C\0\Data75 50003968 bytes File C:\RRbackups\C\0\Data76 50003968 bytes File C:\RRbackups\C\0\Data77 50003968 bytes File C:\RRbackups\C\0\Data78 50003968 bytes File C:\RRbackups\C\0\Data79 50003968 bytes File C:\RRbackups\C\0\Data8 50003968 bytes File C:\RRbackups\C\0\Data80 50003968 bytes File C:\RRbackups\C\0\Data81 50003968 bytes File C:\RRbackups\C\0\Data82 50003968 bytes File C:\RRbackups\C\0\Data83 50003968 bytes File C:\RRbackups\C\0\Data117 50003968 bytes File C:\RRbackups\C\0\Data118 50003968 bytes File C:\RRbackups\C\0\Data119 50003968 bytes File C:\RRbackups\C\0\Data12 50003968 bytes File C:\RRbackups\C\0\Data120 50003968 bytes File C:\RRbackups\C\0\Data121 50003968 bytes File C:\RRbackups\C\0\Data122 50003968 bytes File C:\RRbackups\C\0\Data123 50003968 bytes File C:\RRbackups\C\0\Data124 50003968 bytes File C:\RRbackups\C\0\Data125 50003968 bytes File C:\RRbackups\C\0\Data126 50003968 bytes File C:\RRbackups\C\0\Data127 7510283 bytes File C:\RRbackups\C\0\Data13 50003968 bytes File C:\RRbackups\C\0\Data14 50003968 bytes File C:\RRbackups\C\0\Data15 50003968 bytes File C:\RRbackups\C\0\Data16 50003968 bytes File C:\RRbackups\C\0\Data17 50003968 bytes File C:\RRbackups\C\0\Data18 50003968 bytes File C:\RRbackups\C\0\Data19 50003968 bytes File C:\RRbackups\C\0\Data2 50003968 bytes File C:\RRbackups\C\0\Data20 50003968 bytes File C:\RRbackups\C\0\Data21 50003968 bytes File C:\RRbackups\C\0\Data22 50003968 bytes File C:\RRbackups\C\0\Data23 50003968 bytes File C:\RRbackups\C\0\Data24 50003968 bytes File C:\RRbackups\C\0\Data25 50003968 bytes File C:\RRbackups\C\0\Data26 50003968 bytes File C:\RRbackups\C\0\Data85 50003968 bytes File C:\RRbackups\C\0\Data86 50003968 bytes File C:\RRbackups\C\0\Data87 50003968 bytes File C:\RRbackups\C\0\Data88 50003968 bytes File C:\RRbackups\C\0\Data89 50003968 bytes File C:\RRbackups\C\0\Data9 50003968 bytes File C:\RRbackups\C\0\Data90 50003968 bytes File C:\RRbackups\C\0\Data91 50003968 bytes File C:\RRbackups\C\0\Data92 50003968 bytes File C:\RRbackups\C\0\Data93 50003968 bytes File C:\RRbackups\C\0\Data94 50003968 bytes File C:\RRbackups\C\0\Data95 50003968 bytes File C:\RRbackups\C\0\Data96 50003968 bytes File C:\RRbackups\C\0\Data97 50003968 bytes File C:\RRbackups\C\0\Data98 50003968 bytes File C:\RRbackups\C\0\Data99 50003968 bytes File C:\RRbackups\C\0\dats 0 bytes File C:\RRbackups\C\0\EFSFile 0 bytes File C:\RRbackups\C\0\HashFile 362082 bytes File C:\RRbackups\C\0\Info 756 bytes File C:\RRbackups\C\0\TOCFile 36811670 bytes File C:\RRbackups\C\1 0 bytes File C:\RRbackups\C\1\Data0 50003968 bytes File C:\RRbackups\C\1\Data1 50003968 bytes File C:\RRbackups\C\1\Data10 50003968 bytes File C:\RRbackups\C\1\Data100 50003968 bytes File C:\RRbackups\C\1\Data101 50003968 bytes File C:\RRbackups\C\1\Data102 50003968 bytes File C:\RRbackups\C\1\Data103 50003968 bytes File C:\RRbackups\C\1\Data104 50003968 bytes File C:\RRbackups\C\1\Data105 50003968 bytes File C:\RRbackups\C\1\Data106 50003968 bytes File C:\RRbackups\C\1\Data107 50003968 bytes File C:\RRbackups\C\1\Data108 50003968 bytes File C:\RRbackups\C\1\Data109 50003968 bytes File C:\RRbackups\C\1\Data11 50003968 bytes File C:\RRbackups\C\1\Data110 50003968 bytes File C:\RRbackups\C\1\Data111 50003968 bytes File C:\RRbackups\C\1\Data112 50003968 bytes File C:\RRbackups\C\1\Data113 50003968 bytes File C:\RRbackups\C\1\Data114 50003968 bytes File C:\RRbackups\C\1\Data115 50003968 bytes File C:\RRbackups\C\1\Data28 50003968 bytes File C:\RRbackups\C\1\Data29 50003968 bytes File C:\RRbackups\C\1\Data3 50003968 bytes File C:\RRbackups\C\1\Data30 50003968 bytes File C:\RRbackups\C\1\Data31 50003968 bytes File C:\RRbackups\C\1\Data32 50003968 bytes File C:\RRbackups\C\1\Data33 50003968 bytes File C:\RRbackups\C\1\Data34 50003968 bytes File C:\RRbackups\C\1\Data35 50003968 bytes File C:\RRbackups\C\1\Data36 50003968 bytes File C:\RRbackups\C\1\Data37 50003968 bytes File C:\RRbackups\C\1\Data38 50003968 bytes File C:\RRbackups\C\1\Data39 50003968 bytes File C:\RRbackups\C\1\Data4 50003968 bytes File C:\RRbackups\C\1\Data40 50003968 bytes File C:\RRbackups\C\1\Data41 50003968 bytes File C:\RRbackups\C\1\Data42 50003968 bytes File C:\RRbackups\C\1\Data43 50003968 bytes File C:\RRbackups\C\1\Data44 50003968 bytes File C:\RRbackups\C\1\Data45 50003968 bytes File C:\RRbackups\C\1\Data47 50003968 bytes File C:\RRbackups\C\1\Data48 50003968 bytes File C:\RRbackups\C\1\Data49 50003968 bytes File C:\RRbackups\C\1\Data5 50003968 bytes File C:\RRbackups\C\1\Data50 50003968 bytes File C:\RRbackups\C\1\Data51 50003968 bytes File C:\RRbackups\C\1\Data52 50003968 bytes File C:\RRbackups\C\1\Data53 50003968 bytes File C:\RRbackups\C\1\Data54 50003968 bytes File C:\RRbackups\C\1\Data55 50003968 bytes File C:\RRbackups\C\1\Data56 50003968 bytes File C:\RRbackups\C\1\Data57 50003968 bytes File C:\RRbackups\C\1\Data58 50003968 bytes File C:\RRbackups\C\1\Data59 50003968 bytes File C:\RRbackups\C\1\Data6 50003968 bytes File C:\RRbackups\C\1\Data60 50003968 bytes File C:\RRbackups\C\1\Data61 50003968 bytes File C:\RRbackups\C\1\Data62 50003968 bytes File C:\RRbackups\C\1\Data63 50003968 bytes File C:\RRbackups\C\1\Data64 50003968 bytes File C:\RRbackups\C\1\Data66 50003968 bytes File C:\RRbackups\C\1\Data67 50003968 bytes File C:\RRbackups\C\1\Data68 50003968 bytes File C:\RRbackups\C\1\Data69 50003968 bytes File C:\RRbackups\C\1\Data7 50003968 bytes File C:\RRbackups\C\1\Data70 50003968 bytes File C:\RRbackups\C\1\Data71 50003968 bytes File C:\RRbackups\C\1\Data72 50003968 bytes File C:\RRbackups\C\1\Data73 50003968 bytes File C:\RRbackups\C\1\Data74 50003968 bytes File C:\RRbackups\C\1\Data75 50003968 bytes File C:\RRbackups\C\1\Data76 50003968 bytes File C:\RRbackups\C\1\Data77 50003968 bytes File C:\RRbackups\C\1\Data78 50003968 bytes File C:\RRbackups\C\1\Data79 50003968 bytes File C:\RRbackups\C\1\Data8 50003968 bytes File C:\RRbackups\C\1\Data80 50003968 bytes File C:\RRbackups\C\1\Data81 50003968 bytes File C:\RRbackups\C\1\Data82 50003968 bytes File C:\RRbackups\C\1\Data83 50003968 bytes File C:\RRbackups\C\1\Data117 50003968 bytes File C:\RRbackups\C\1\Data118 50003968 bytes File C:\RRbackups\C\1\Data119 50003968 bytes File C:\RRbackups\C\1\Data12 50003968 bytes File C:\RRbackups\C\1\Data120 50003968 bytes File C:\RRbackups\C\1\Data121 50003968 bytes File C:\RRbackups\C\1\Data122 50003968 bytes File C:\RRbackups\C\1\Data123 50003968 bytes File C:\RRbackups\C\1\Data124 50003968 bytes File C:\RRbackups\C\1\Data125 50003968 bytes File C:\RRbackups\C\1\Data126 50003968 bytes File C:\RRbackups\C\1\Data127 50003968 bytes File C:\RRbackups\C\1\Data128 50003968 bytes File C:\RRbackups\C\1\Data129 50003968 bytes File C:\RRbackups\C\1\Data13 50003968 bytes File C:\RRbackups\C\1\Data130 50003968 bytes File C:\RRbackups\C\1\Data131 50003968 bytes File C:\RRbackups\C\1\Data132 50003968 bytes File C:\RRbackups\C\1\Data133 50003968 bytes File C:\RRbackups\C\1\Data134 50003968 bytes File C:\RRbackups\C\1\Data136 50003968 bytes File C:\RRbackups\C\1\Data137 50003968 bytes File C:\RRbackups\C\1\Data138 50003968 bytes File C:\RRbackups\C\1\Data139 50003968 bytes File C:\RRbackups\C\1\Data14 50003968 bytes File C:\RRbackups\C\1\Data140 50003968 bytes File C:\RRbackups\C\1\Data141 50003968 bytes File C:\RRbackups\C\1\Data142 50003968 bytes File C:\RRbackups\C\1\Data143 50003968 bytes File C:\RRbackups\C\1\Data144 50003968 bytes File C:\RRbackups\C\1\Data145 50003968 bytes File C:\RRbackups\C\1\Data146 50003968 bytes File C:\RRbackups\C\1\Data147 50003968 bytes File C:\RRbackups\C\1\Data148 50003968 bytes File C:\RRbackups\C\1\Data149 50003968 bytes File C:\RRbackups\C\1\Data15 50003968 bytes File C:\RRbackups\C\1\Data150 50003968 bytes File C:\RRbackups\C\1\Data151 50003968 bytes File C:\RRbackups\C\1\Data152 50003968 bytes File C:\RRbackups\C\1\Data153 50003968 bytes File C:\RRbackups\C\1\Data155 50003968 bytes File C:\RRbackups\C\1\Data156 50003968 bytes File C:\RRbackups\C\1\Data157 50003968 bytes File C:\RRbackups\C\1\Data158 50003968 bytes File C:\RRbackups\C\1\Data159 50003968 bytes File C:\RRbackups\C\1\Data16 50003968 bytes File C:\RRbackups\C\1\Data160 50003968 bytes File C:\RRbackups\C\1\Data161 50003968 bytes File C:\RRbackups\C\1\Data162 50003968 bytes File C:\RRbackups\C\1\Data163 50003968 bytes File C:\RRbackups\C\1\Data164 50003968 bytes File C:\RRbackups\C\1\Data165 50003968 bytes File C:\RRbackups\C\1\Data166 50003968 bytes File C:\RRbackups\C\1\Data167 50003968 bytes File C:\RRbackups\C\1\Data168 50003968 bytes File C:\RRbackups\C\1\Data169 50003968 bytes File C:\RRbackups\C\1\Data17 50003968 bytes File C:\RRbackups\C\1\Data170 50003968 bytes File C:\RRbackups\C\1\Data171 50003968 bytes File C:\RRbackups\C\1\Data172 50003968 bytes File C:\RRbackups\C\1\Data116 50003968 bytes File C:\RRbackups\C\1\Data135 50003968 bytes File C:\RRbackups\C\1\Data154 50003968 bytes File C:\RRbackups\C\1\Data173 50003968 bytes File C:\RRbackups\C\1\Data27 50003968 bytes File C:\RRbackups\C\1\Data46 50003968 bytes File C:\RRbackups\C\1\Data65 50003968 bytes File C:\RRbackups\C\1\Data84 50003968 bytes File C:\RRbackups\C\1\Data174 50003968 bytes File C:\RRbackups\C\1\Data175 50003968 bytes File C:\RRbackups\C\1\Data176 50003968 bytes File C:\RRbackups\C\1\Data177 50003968 bytes File C:\RRbackups\C\1\Data178 50003968 bytes File C:\RRbackups\C\1\Data179 50003968 bytes File C:\RRbackups\C\1\Data18 50003968 bytes File C:\RRbackups\C\1\Data180 50003968 bytes File C:\RRbackups\C\1\Data181 50003968 bytes File C:\RRbackups\C\1\Data182 50003968 bytes File C:\RRbackups\C\1\Data183 50003968 bytes File C:\RRbackups\C\1\Data184 50003968 bytes File C:\RRbackups\C\1\Data185 50003968 bytes File C:\RRbackups\C\1\Data186 50003968 bytes File C:\RRbackups\C\1\Data187 50003968 bytes File C:\RRbackups\C\1\Data188 50003968 bytes File C:\RRbackups\C\1\Data189 50003968 bytes File C:\RRbackups\C\1\Data19 50003968 bytes File C:\RRbackups\C\1\Data190 50003968 bytes File C:\RRbackups\C\1\Data191 50003968 bytes File C:\RRbackups\C\1\Data192 50003968 bytes File C:\RRbackups\C\1\Data193 21054919 bytes File C:\RRbackups\C\1\Data2 50003968 bytes File C:\RRbackups\C\1\Data20 50003968 bytes File C:\RRbackups\C\1\Data21 50003968 bytes File C:\RRbackups\C\1\Data22 50003968 bytes File C:\RRbackups\C\1\Data23 50003968 bytes File C:\RRbackups\C\1\Data24 50003968 bytes File C:\RRbackups\C\1\Data25 50003968 bytes File C:\RRbackups\C\1\Data26 50003968 bytes File C:\RRbackups\C\1\Data85 50003968 bytes File C:\RRbackups\C\1\Data86 50003968 bytes File C:\RRbackups\C\1\Data87 50003968 bytes File C:\RRbackups\C\1\Data88 50003968 bytes File C:\RRbackups\C\1\Data89 50003968 bytes File C:\RRbackups\C\1\Data9 50003968 bytes File C:\RRbackups\C\1\Data90 50003968 bytes File C:\RRbackups\C\1\Data91 50003968 bytes File C:\RRbackups\C\1\Data92 50003968 bytes File C:\RRbackups\C\1\Data93 50003968 bytes File C:\RRbackups\C\1\Data94 50003968 bytes File C:\RRbackups\C\1\Data95 50003968 bytes File C:\RRbackups\C\1\Data96 50003968 bytes File C:\RRbackups\C\1\Data97 50003968 bytes File C:\RRbackups\C\1\Data98 50003968 bytes File C:\RRbackups\C\1\Data99 50003968 bytes File C:\RRbackups\C\1\dats 0 bytes File C:\RRbackups\C\1\EFSFile 0 bytes File C:\RRbackups\C\1\HashFile 605388 bytes File C:\RRbackups\C\1\Info 756 bytes File C:\RRbackups\C\1\TOCFile 61547780 bytes File C:\RRbackups\C\2 0 bytes File C:\RRbackups\C\2\Data0 50003968 bytes File C:\RRbackups\C\2\Data1 50003968 bytes File C:\RRbackups\C\2\Data2 50003968 bytes File C:\RRbackups\C\2\Data3 50003968 bytes File C:\RRbackups\C\2\Data4 50003968 bytes File C:\RRbackups\C\2\Data5 50003968 bytes File C:\RRbackups\C\2\Data6 50003968 bytes File C:\RRbackups\C\2\Data7 50003968 bytes File C:\RRbackups\C\2\Data8 12169021 bytes File C:\RRbackups\C\2\dats 0 bytes File C:\RRbackups\C\2\EFSFile 0 bytes File C:\RRbackups\C\2\HashFile 607584 bytes File C:\RRbackups\C\2\Info 756 bytes File C:\RRbackups\C\2\TOCFile 61771040 bytes File C:\RRbackups\C\3 0 bytes File C:\RRbackups\C\3\Data0 50003968 bytes File C:\RRbackups\C\3\Data1 50003968 bytes File C:\RRbackups\C\3\Data10 50003968 bytes File C:\RRbackups\C\3\Data11 50003968 bytes File C:\RRbackups\C\3\Data12 50003968 bytes File C:\RRbackups\C\3\Data13 50003968 bytes File C:\RRbackups\C\3\Data14 50003968 bytes File C:\RRbackups\C\3\Data15 50003968 bytes File C:\RRbackups\C\3\Data16 50003968 bytes File C:\RRbackups\C\3\Data17 50003968 bytes File C:\RRbackups\C\3\Data18 50003968 bytes File C:\RRbackups\C\3\Data19 50003968 bytes File C:\RRbackups\C\3\Data2 50003968 bytes File C:\RRbackups\C\3\Data20 50003968 bytes File C:\RRbackups\C\3\Data21 50003968 bytes File C:\RRbackups\C\3\Data22 50003968 bytes File C:\RRbackups\C\3\Data23 46361765 bytes File C:\RRbackups\C\3\Data3 50003968 bytes File C:\RRbackups\C\3\Data4 50003968 bytes File C:\RRbackups\C\3\Data5 50003968 bytes File C:\RRbackups\C\3\Data6 50003968 bytes File C:\RRbackups\C\3\Data7 50003968 bytes File C:\RRbackups\C\3\Data8 50003968 bytes File C:\RRbackups\C\3\Data9 50003968 bytes File C:\RRbackups\C\3\dats 0 bytes File C:\RRbackups\C\3\EFSFile 0 bytes File C:\RRbackups\C\3\HashFile 570180 bytes File C:\RRbackups\C\3\Info 756 bytes File C:\RRbackups\C\3\TOCFile 57968300 bytes File C:\RRbackups\C\4 0 bytes File C:\RRbackups\C\4\Data0 50003968 bytes File C:\RRbackups\C\4\Data1 50003968 bytes File C:\RRbackups\C\4\Data10 50003968 bytes File C:\RRbackups\C\4\Data11 50003968 bytes File C:\RRbackups\C\4\Data12 50003968 bytes File C:\RRbackups\C\4\Data13 50003968 bytes File C:\RRbackups\C\4\Data14 50003968 bytes File C:\RRbackups\C\4\Data15 32909451 bytes File C:\RRbackups\C\4\Data2 50003968 bytes File C:\RRbackups\C\4\Data3 50003968 bytes File C:\RRbackups\C\4\Data4 50003968 bytes File C:\RRbackups\C\4\Data5 50003968 bytes File C:\RRbackups\C\4\Data6 50003968 bytes File C:\RRbackups\C\4\Data7 50003968 bytes File C:\RRbackups\C\4\Data8 50003968 bytes File C:\RRbackups\C\4\Data9 50003968 bytes File C:\RRbackups\C\4\dats 0 bytes File C:\RRbackups\C\4\EFSFile 0 bytes File C:\RRbackups\C\4\HashFile 641418 bytes File C:\RRbackups\C\4\Info 756 bytes File C:\RRbackups\C\4\TOCFile 65210830 bytes File C:\RRbackups\C\5 0 bytes File C:\RRbackups\C\5\Data0 50003968 bytes File C:\RRbackups\C\5\Data1 50003968 bytes File C:\RRbackups\C\5\Data2 50003968 bytes File C:\RRbackups\C\5\Data3 14517132 bytes File C:\RRbackups\C\5\dats 0 bytes File C:\RRbackups\C\5\EFSFile 0 bytes File C:\RRbackups\C\5\HashFile 628320 bytes File C:\RRbackups\C\5\Info 756 bytes File C:\RRbackups\C\5\TOCFile 63879200 bytes File C:\RRbackups\C\MERGE 0 bytes File C:\RRbackups\C\MERGE\Data27 50003968 bytes File C:\RRbackups\C\MERGE\Data46 50003968 bytes File C:\RRbackups\C\MERGE\Data0 50003968 bytes File C:\RRbackups\C\MERGE\Data1 50003968 bytes File C:\RRbackups\C\MERGE\Data10 50003968 bytes File C:\RRbackups\C\MERGE\Data11 50003968 bytes File C:\RRbackups\C\MERGE\Data12 50003968 bytes File C:\RRbackups\C\MERGE\Data13 50003968 bytes File C:\RRbackups\C\MERGE\Data14 50003968 bytes File C:\RRbackups\C\MERGE\Data15 50003968 bytes File C:\RRbackups\C\MERGE\Data16 50003968 bytes File C:\RRbackups\C\MERGE\Data17 50003968 bytes File C:\RRbackups\C\MERGE\Data18 50003968 bytes File C:\RRbackups\C\MERGE\Data19 50003968 bytes File C:\RRbackups\C\MERGE\Data2 50003968 bytes File C:\RRbackups\C\MERGE\Data20 50003968 bytes File C:\RRbackups\C\MERGE\Data21 50003968 bytes File C:\RRbackups\C\MERGE\Data22 50003968 bytes File C:\RRbackups\C\MERGE\Data23 50003968 bytes File C:\RRbackups\C\MERGE\Data24 50003968 bytes File C:\RRbackups\C\MERGE\Data25 50003968 bytes File C:\RRbackups\C\MERGE\Data26 50003968 bytes File C:\RRbackups\C\MERGE\Data28 50003968 bytes File C:\RRbackups\C\MERGE\Data29 50003968 bytes File C:\RRbackups\C\MERGE\Data3 50003968 bytes File C:\RRbackups\C\MERGE\Data30 50003968 bytes File C:\RRbackups\C\MERGE\Data31 50003968 bytes File C:\RRbackups\C\MERGE\Data32 50003968 bytes File C:\RRbackups\C\MERGE\Data33 50003968 bytes File C:\RRbackups\C\MERGE\Data34 50003968 bytes File C:\RRbackups\C\MERGE\Data35 50003968 bytes File C:\RRbackups\C\MERGE\Data36 50003968 bytes File C:\RRbackups\C\MERGE\Data37 50003968 bytes File C:\RRbackups\C\MERGE\Data38 50003968 bytes File C:\RRbackups\C\MERGE\Data39 50003968 bytes File C:\RRbackups\C\MERGE\Data4 50003968 bytes File C:\RRbackups\C\MERGE\Data40 50003968 bytes File C:\RRbackups\C\MERGE\Data41 50003968 bytes File C:\RRbackups\C\MERGE\Data42 50003968 bytes File C:\RRbackups\C\MERGE\Data43 50003968 bytes File C:\RRbackups\C\MERGE\Data44 50003968 bytes File C:\RRbackups\C\MERGE\Data45 50003968 bytes File C:\RRbackups\C\MERGE\Data47 50003968 bytes File C:\RRbackups\C\MERGE\Data48 50003968 bytes File C:\RRbackups\C\MERGE\Data49 50003968 bytes File C:\RRbackups\C\MERGE\Data5 50003968 bytes File C:\RRbackups\C\MERGE\Data50 50003968 bytes File C:\RRbackups\C\MERGE\Data51 50003968 bytes File C:\RRbackups\C\MERGE\Data52 50003968 bytes File C:\RRbackups\C\MERGE\Data53 50003968 bytes File C:\RRbackups\C\MERGE\Data54 50003968 bytes File C:\RRbackups\C\MERGE\Data55 50003968 bytes File C:\RRbackups\C\MERGE\Data56 50003968 bytes File C:\RRbackups\C\MERGE\Data57 50003968 bytes File C:\RRbackups\C\MERGE\Data58 50003968 bytes File C:\RRbackups\C\MERGE\Data59 50003968 bytes File C:\RRbackups\C\MERGE\Data6 50003968 bytes File C:\RRbackups\C\MERGE\Data60 50003968 bytes File C:\RRbackups\C\MERGE\Data61 50003968 bytes File C:\RRbackups\C\MERGE\Data62 50003968 bytes File C:\RRbackups\C\MERGE\Data63 50003968 bytes File C:\RRbackups\C\MERGE\Data64 50003968 bytes File C:\RRbackups\C\MERGE\Data65 50003968 bytes File C:\RRbackups\C\MERGE\Data66 50003968 bytes File C:\RRbackups\C\MERGE\Data67 50003968 bytes File C:\RRbackups\C\MERGE\Data68 50003968 bytes File C:\RRbackups\C\MERGE\Data7 50003968 bytes File C:\RRbackups\C\MERGE\Data8 50003968 bytes File C:\RRbackups\C\MERGE\Data9 50003968 bytes File C:\RRbackups\C\MERGE\EFSFile 0 bytes File C:\RRbackups\C\MERGE\HashFile 607584 bytes File C:\RRbackups\C\MERGE\Info 0 bytes File C:\RRbackups\C\MERGE\TOCFile 61771040 bytes File C:\RRbackups\common 0 bytes File C:\RRbackups\common\backups.dat 8192 bytes File C:\RRbackups\common\bt0.dat 32256 bytes File C:\RRbackups\common\bt1.dat 32256 bytes File C:\RRbackups\common\bt2.dat 32256 bytes File C:\RRbackups\common\bt3.dat 32256 bytes File C:\RRbackups\common\bt4.dat 32256 bytes File C:\RRbackups\common\bt5.dat 32256 bytes File C:\RRbackups\common\css.dat 8192 bytes File C:\RRbackups\common\hints.dat 8192 bytes File C:\RRbackups\common\mnd.dat 8192 bytes File C:\RRbackups\common\regcerts.dat 8192 bytes File C:\RRbackups\common\restore.log 110 bytes File C:\RRbackups\common\rr.log 118725 bytes File C:\RRbackups\common\SAM 28672 bytes File C:\RRbackups\common\seccache.dat 8192 bytes File C:\RRbackups\common\secpolicy.dat 57344 bytes File C:\RRbackups\common\settings.dat 28672 bytes File C:\RRbackups\common\system.dat 12288 bytes File C:\RRbackups\common\tvtcmn.dat 8192 bytes File C:\RRbackups\common\tvtns.bin 23 bytes File C:\RRbackups\common\usersids.dat 19760 bytes File C:\RRbackups\Documents and Settings 0 bytes File C:\RRbackups\Documents and Settings\Administrator 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-500\95890812-1074-4f1e-a770-59e2aad7ece7 388 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-500\9a03dc07-8c36-4df7-86bd-08c16f66c2df 388 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e 388 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc 388 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c 388 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\All Users 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\encobject.dat 1608 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\swkeys.dat 6372 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\symkeys.dat 656 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e17459beeef013e01dbf6151b4b7cdbf_2a1a5594-44da-454f-bcc3-a8d1236514c1 1752 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8c8c08b314953ee7cab9b763cd76286_2a1a5594-44da-454f-bcc3-a8d1236514c1 1291 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_2a1a5594-44da-454f-bcc3-a8d1236514c1 57 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_2a1a5594-44da-454f-bcc3-a8d1236514c1 47 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_2a1a5594-44da-454f-bcc3-a8d1236514c1 54 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_2a1a5594-44da-454f-bcc3-a8d1236514c1 893 bytes File C:\RRbackups\Documents and Settings\Default User 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e 388 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc 388 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c 388 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\config.ini 61 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\encobject.dat 11256 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\swkeys.dat 6372 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009\533145ef011ddf5ca3983e2545a902b4_2a1a5594-44da-454f-bcc3-a8d1236514c1 2075 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009\6b29ae44e85efac3c72ff4d1865d73f1_2a1a5594-44da-454f-bcc3-a8d1236514c1 53 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009\8f71098770f72c7a67cd8f1151619865_2a1a5594-44da-454f-bcc3-a8d1236514c1 54 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1009\8fa2527bb3d045243dc1859cda72d459_2a1a5594-44da-454f-bcc3-a8d1236514c1 52 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\CREDHIST 160 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\040dcc2a-ef82-4d0a-986a-413b7605918c 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\3b61c35b-7c24-4bfb-a3cf-7898c26911f9 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\54b57933-178c-42cc-a5d3-676105cd008c 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\58cf196c-6743-4882-a0d6-333cb3dced54 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\8418aa6a-3a63-414c-843c-1b605502311b 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\8c31c5e0-bc73-4526-8032-731f745e7f7e 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\8f6f36d2-4ac6-4ed9-954b-594a6cc8caa8 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\b38fdcfb-f0cf-4e0b-89f2-5d7a89fad2ab 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1009\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c 388 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Jay Plesset\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\LocalService 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\NetworkService 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_2a1a5594-44da-454f-bcc3-a8d1236514c1 2519 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\a64fa3f6-39da-4d67-b6bb-268329786979 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\dd55866a-c547-42c1-a4b3-2fd9b24487b9 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008\18f2c9718993975942ed390c377199bd_2a1a5594-44da-454f-bcc3-a8d1236514c1 54 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008\8f71098770f72c7a67cd8f1151619865_2a1a5594-44da-454f-bcc3-a8d1236514c1 54 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\3b8cb826-d363-42e5-a6aa-481997ed3efe 388 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\65b9ad86-9afd-4395-b8cf-070b3c720c94 388 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\9da837b6-7ac6-4db2-a4a3-5edee8df6ceb 388 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\f7954ab0-f671-469a-956e-8dcec3f8bae5 388 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e 388 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc 388 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c 388 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\SIS 0 bytes File C:\RRbackups\SIS\C 0 bytes File C:\RRbackups\SIS\C\0 0 bytes ---- EOF - GMER 1.0.15 ---- 0 bytes
  7. Thanks again Tom, I have tried to run the scan you have instructed me to do. After pressing the scan button, during the scan, the computer flashed a blue screen and immediaty rebooted. This has happend twice during the scan. I am unable to read the blue screen as it flashes very quickly before rebooting. I will continue to try to get the scan to complete.
  8. Awesome! Thank you Tom. Here are the log's from the scan: OTL logfile created on: 12/27/2009 9:59:53 AM - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Jay Plesset\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 23.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 105.81 Gb Total Space | 64.69 Gb Free Space | 61.14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUES_LAPTOP Current User Name: Jay Plesset Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009/04/24 14:05:42 | 00,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe PRC - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe PRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/04 10:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe PRC - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe PRC - [2008/01/20 08:05:35 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/08/10 02:21:56 | 16,384,000 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2007/08/03 19:42:08 | 00,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe PRC - [2007/08/03 19:35:38 | 02,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe PRC - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe PRC - [2007/07/05 18:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe PRC - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe PRC - [2007/04/09 13:03:00 | 00,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe PRC - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe PRC - [2007/03/23 02:32:42 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2007/03/23 02:32:40 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe PRC - [2007/03/23 02:32:36 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2007/03/23 02:32:24 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe PRC - [2007/03/16 08:26:18 | 00,031,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe PRC - [2007/02/10 08:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe PRC - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe PRC - [2007/02/08 16:00:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe PRC - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE PRC - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2006/11/07 05:51:20 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE PRC - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe PRC - [2006/10/18 20:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe PRC - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE PRC - [2006/10/12 02:28:48 | 01,282,048 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\WLTRAY.EXE PRC - [2006/10/12 02:28:48 | 01,134,592 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE PRC - [2006/09/06 02:38:44 | 00,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe PRC - [2006/08/30 02:40:04 | 00,089,542 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe PRC - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe PRC - [2006/05/19 00:51:16 | 00,774,233 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe PRC - [2006/05/18 19:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe PRC - [2005/11/10 16:03:52 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe PRC - [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe PRC - [2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe ========== Modules (SafeList) ========== MOD - [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe MOD - [2008/04/13 19:12:10 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll MOD - [2008/04/13 19:12:09 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll MOD - [2008/04/13 12:37:57 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll MOD - [2007/08/03 19:42:18 | 00,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll MOD - [2007/08/03 19:42:16 | 00,738,616 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll MOD - [2007/08/03 19:42:10 | 02,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll MOD - [2007/08/03 19:28:10 | 01,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll MOD - [2007/08/03 19:28:06 | 00,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dll MOD - [2007/08/03 19:28:02 | 05,174,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_lenovo_res.dll MOD - [2007/08/03 19:27:46 | 01,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dll MOD - [2007/08/03 19:27:42 | 00,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dll MOD - [2007/08/03 19:19:10 | 00,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dll MOD - [2007/08/03 19:19:06 | 00,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dll MOD - [2007/08/03 19:09:58 | 00,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_lenovo_res2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (FingerprintServer) SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/04/30 13:23:41 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/04/23 17:49:56 | 00,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2008/05/21 16:25:30 | 00,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache) SRV - [2008/05/16 05:11:44 | 00,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008/04/13 19:12:02 | 00,065,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\nwwks.dll -- (NWCWorkstation) SRV - [2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2008/02/26 21:08:50 | 29,183,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) SRV - [2008/01/11 17:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/08/03 19:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007/07/05 18:05:04 | 00,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2007/07/05 18:03:32 | 00,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc) SRV - [2007/05/24 07:08:44 | 00,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2007/04/08 20:24:32 | 00,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC) SRV - [2007/03/16 08:26:22 | 00,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH) SRV - [2007/02/10 08:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2007/02/08 16:11:32 | 00,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service) SRV - [2007/02/08 16:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service) SRV - [2007/01/29 22:01:26 | 00,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC) SRV - [2007/01/04 22:48:52 | 00,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2006/11/02 23:40:12 | 00,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing) SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006/10/12 02:28:56 | 00,020,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc) SRV - [2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper) SRV - [2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/10/14 06:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation) O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe () O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.) O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo ) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDNotify: DllName - C:\Program Files\Max Spyware Detector\SDNotify.dll - C:\Program Files\Max Spyware Detector\SDNotify.dll File not found O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 02:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/27 22:30:07 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - C:\WINDOWS\system32\nwwks.dll (Microsoft Corporation) NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (16891947461378048) ========== Files/Folders - Created Within 14 Days ========== [2009/12/27 09:59:03 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe [2009/12/27 09:49:40 | 00,000,000 | ---D | C] -- C:\7aa02f0085259727dc4c8a [2009/12/27 00:03:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970895_ENU [2009/12/26 21:57:28 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2009/12/26 21:57:28 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2009/12/26 21:57:28 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2009/12/26 21:57:27 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr [2009/12/26 21:57:26 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2009/12/26 21:57:26 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2009/12/26 21:57:26 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2009/12/26 21:57:26 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2009/12/26 21:57:11 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe [2009/12/26 21:57:08 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software [2009/12/26 21:05:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jay Plesset\Application Data\Malwarebytes [2009/12/26 21:05:38 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/26 21:05:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/26 21:05:36 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/26 21:05:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/09/02 17:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intuit [2009/07/22 00:02:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/02/27 14:19:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit [2009/02/14 06:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth [2008/12/15 21:07:41 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/12/15 21:07:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/11/25 20:59:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe [2007/12/15 03:10:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/12/27 09:59:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jay Plesset\Desktop\OTL.exe [2009/12/27 09:46:12 | 00,591,718 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/27 09:46:12 | 00,491,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/27 09:46:12 | 00,089,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/27 09:42:41 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/27 09:41:34 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2009/12/27 09:41:22 | 00,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2009/12/27 09:41:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/27 09:41:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/27 09:41:08 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys [2009/12/27 00:28:26 | 02,883,584 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\NTUSER.DAT [2009/12/27 00:28:09 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jay Plesset\ntuser.ini [2009/12/27 00:06:15 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2009/12/26 21:57:28 | 00,001,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/12/26 21:57:26 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/12/26 20:59:42 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysRegC.dll [2009/12/22 04:58:11 | 00,000,123 | ---- | M] () -- C:\WINDOWS\System\SysSD.dll [2009/12/21 19:39:06 | 00,011,738 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\My Documents\Wines WE LIKE.docx [2009/12/18 09:17:05 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\Jay Plesset\Desktop\Microsoft Office Excel 2007.lnk [2009/12/13 22:57:54 | 30,568,448 | R--- | M] () -- C:\Jay H Plesset DDS PA.qbw [2009/12/13 22:57:54 | 00,196,608 | R--- | M] () -- C:\Jay H Plesset DDS PA.qbw.TLG [2009/12/13 22:57:54 | 00,000,330 | ---- | M] () -- C:\Jay H Plesset DDS PA.qbw.ND [2009/12/13 22:39:21 | 23,572,480 | ---- | M] () -- C:\Jay H Plesset DDS PA (Backup Dec 13,2009 10 38 PM).QBB [10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/26 21:57:28 | 00,001,716 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk [2009/12/26 21:57:11 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx [2009/12/13 22:47:12 | 00,196,608 | R--- | C] () -- C:\Jay H Plesset DDS PA.qbw.TLG [2009/12/13 22:39:13 | 23,572,480 | ---- | C] () -- C:\Jay H Plesset DDS PA (Backup Dec 13,2009 10 38 PM).QBB [2008/04/23 21:40:33 | 00,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008/04/23 21:40:33 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F908CF7746.sys [2007/12/21 13:59:55 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2007/11/27 23:26:04 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007/11/27 23:08:13 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2007/11/27 22:58:05 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2007/11/27 22:58:05 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2007/11/27 22:58:05 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2007/11/27 22:58:05 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2007/11/27 22:58:05 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2007/11/27 22:53:03 | 00,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2007/11/27 22:53:03 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll [2007/11/27 22:52:51 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll [2007/11/27 22:52:50 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll [2007/11/27 22:51:50 | 00,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2007/11/27 22:50:25 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2007/08/16 05:28:38 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2007/08/16 05:28:27 | 00,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI [2007/02/09 14:54:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini ========== LOP Check ========== [2007/11/27 23:03:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland [2009/02/27 09:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2009/05/17 08:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2007/11/27 23:20:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2007/12/30 21:00:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\InterVideo [2008/11/22 09:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Leadertech [2009/05/17 08:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Lenovo [2009/12/12 08:52:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\MSNInstaller [2008/08/16 06:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Jay Plesset\Application Data\Opera [2009/12/27 00:06:15 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: IASTOR.SYS > [2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys [2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys [2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys < MD5 for: NETLOGON.DLL > [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < > < End of report > *********************************************************************************************************************************************************** OTL Extras logfile created on: 12/27/2009 9:59:53 AM - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Jay Plesset\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,014.00 Mb Total Physical Memory | 238.00 Mb Available Physical Memory | 23.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 105.81 Gb Total Space | 64.69 Gb Free Space | 61.14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SUES_LAPTOP Current User Name: Jay Plesset Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "135:TCP" = 135:TCP:*:Enabled:DCOM "135:UDP" = 135:UDP:*:Enabled:DCOM2 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe" = C:\Program Files\EagleSoft\Shared Files\esinetconnect.exe:*:Enabled:Patterson EagleSoft Internet Connection -- File not found "C:\Program Files\EagleSoft\Shared Files\ESTechUtil.exe" = C:\Program Files\EagleSoft\Shared Files\ESTechUtil.exe:*:Enabled:Patterson EagleSoft Technical Utility -- File not found "C:\Program Files\EagleSoft\Shared Files\EagleSoft.exe" = C:\Program Files\EagleSoft\Shared Files\EagleSoft.exe:*:Enabled:Patterson EagleSoft -- File not found "C:\Program Files\EagleSoft\Shared Files\techaid.exe" = C:\Program Files\EagleSoft\Shared Files\techaid.exe:*:Enabled:Patterson EagleSoft Technical Reference -- File not found "C:\Program Files\EagleSoft\Shared Files\ESMsgServer.exe" = C:\Program Files\EagleSoft\Shared Files\ESMsgServer.exe:*:Enabled:Patterson EagleSoft Messenger Server -- File not found "C:\Program Files\EagleSoft\Shared Files\ESMessenger.exe" = C:\Program Files\EagleSoft\Shared Files\ESMessenger.exe:*:Enabled:Patterson EagleSoft Messenger Client -- File not found "C:\Program Files\EagleSoft\Shared Files\dbsrv7.exe" = C:\Program Files\EagleSoft\Shared Files\dbsrv7.exe:*:Enabled:Patterson EagleSoft ODBC Server -- File not found "C:\Program Files\EagleSoft\Shared Files\dbeng7.exe" = C:\Program Files\EagleSoft\Shared Files\dbeng7.exe:*:Enabled:Patterson EagleSoft ODBC Client -- File not found "C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3 "{04DB4871-BC1D-44BF-AADB-47326365EB8C}" = Opera 9.27 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3 "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32 "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3 "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008 "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2 "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime "{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "avast!" = avast! Antivirus "AwayTask" = Maintenance Manager "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2 "Digital Media LE" = Roxio Digital Media LE "EPSON Printer and Utilities" = EPSON Printer Software "HDMI" = Intel® Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "myBabylon_English Toolbar" = myBabylon_English Toolbar "Network MagicUninstall" = Network Magic "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OnScreenDisplay" = On Screen Display "PCMCIAPW" = ThinkPad PC Card Power Policy "Picasa2" = Picasa 2 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-177391176-3013064915-1126896040-1008\Preferred failed, 00000005. Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\f75676ba-bf34-42ed-995c-8cbe7d07d54e failed, 00000005. Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-3801357592-4008900785-3674365008-500\Preferred failed, 00000005. Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\ffd098b8-290e-4ed1-9bd6-41d064a3a2cc failed, 00000005. Error - 12/27/2009 10:42:33 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-799280402-3262740209-2941955826-500\Preferred failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\a63cc348-bc5a-403c-b673-e24ae79c177c failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Protect\S-1-5-21-988936293-1743377944-886619355-500\Preferred failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008\18f2c9718993975942ed390c377199bd_2a1a5594-44da-454f-bcc3-a8d1236514c1 failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\Documents and Settings\Susan Plesset\Application Data\Microsoft\Crypto\RSA\S-1-5-21-177391176-3013064915-1126896040-1008\8f71098770f72c7a67cd8f1151619865_2a1a5594-44da-454f-bcc3-a8d1236514c1 failed, 00000005. Error - 12/27/2009 10:42:34 AM | Computer Name = SUES_LAPTOP | Source = avast! | ID = 33554522 Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of C:\RRbackups\common\usersids.dat failed, 00000005. [ Application Events ] Error - 12/27/2009 1:07:59 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503. The SQL Server service failed to start. For more information, see the SQL Server Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting SQL Server Manually." The error is (3417) . Error - 12/27/2009 1:08:00 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 1023 Description = Product: Microsoft SQL Server 2005 Express Edition - Update 'GDR 3080 for SQL Server Database Services 2005 ENU (KB970895)' could not be installed. Error code 1603. Additional information is available in the log file C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9_Hotfix_KB970895_sqlrun_sql.msp.log. Error - 12/27/2009 1:13:40 AM | Computer Name = SUES_LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 5118 Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed. Error - 12/27/2009 1:13:40 AM | Computer Name = SUES_LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 5118 Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed. Error - 12/27/2009 1:13:40 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503. The SQL Server service failed to start. For more information, see the SQL Server Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting SQL Server Manually." The error is (3417) . Error - 12/27/2009 1:13:42 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 1023 Description = Product: Microsoft SQL Server 2005 Express Edition - Update 'GDR 3080 for SQL Server Database Services 2005 ENU (KB970895)' could not be installed. Error code 1603. Additional information is available in the log file C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9_Hotfix_KB970895_sqlrun_sql.msp.log. Error - 12/27/2009 10:50:34 AM | Computer Name = SUES_LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 5118 Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed. Error - 12/27/2009 10:50:34 AM | Computer Name = SUES_LAPTOP | Source = MSSQL$MSSMLBIZ | ID = 5118 Description = The file "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf" is compressed but does not reside in a read-only database or filegroup. The file must be decompressed. Error - 12/27/2009 10:50:35 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 10005 Description = Product: Microsoft SQL Server 2005 Express Edition -- Error 29503. The SQL Server service failed to start. For more information, see the SQL Server Books Online topics, "How to: View SQL Server 2005 Setup Log Files" and "Starting SQL Server Manually." The error is (3417) . Error - 12/27/2009 10:50:36 AM | Computer Name = SUES_LAPTOP | Source = MsiInstaller | ID = 1023 Description = Product: Microsoft SQL Server 2005 Express Edition - Update 'GDR 3080 for SQL Server Database Services 2005 ENU (KB970895)' could not be installed. Error code 1603. Additional information is available in the log file C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\LOG\Hotfix\SQL9_Hotfix_KB970895_sqlrun_sql.msp.log. [ System Events ] Error - 11/30/2009 4:03:19 AM | Computer Name = SUES_LAPTOP | Source = Windows Update Agent | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706). Error - 11/30/2009 3:27:00 PM | Computer Name = SUES_LAPTOP | Source = System Error | ID = 1003 Description = Error code 1000008e, parameter1 c0000005, parameter2 8061c09a, parameter3 a2ef4be4, parameter4 00000000. Error - 12/1/2009 5:01:25 PM | Computer Name = SUES_LAPTOP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\D. Error - 12/1/2009 5:01:25 PM | Computer Name = SUES_LAPTOP | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.1.100 on the Network Card with network address 001E4C5B8328. Error - 12/1/2009 5:10:20 PM | Computer Name = SUES_LAPTOP | Source = Windows Update Agent | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706). Error - 12/1/2009 9:42:50 PM | Computer Name = SUES_LAPTOP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\D. Error - 12/1/2009 11:09:59 PM | Computer Name = SUES_LAPTOP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\D. Error - 12/2/2009 8:14:29 AM | Computer Name = SUES_LAPTOP | Source = System Error | ID = 1003 Description = Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3 80000000, parameter4 00000000. Error - 12/2/2009 1:18:31 PM | Computer Name = SUES_LAPTOP | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 12/2/2009 1:19:06 PM | Computer Name = SUES_LAPTOP | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. < End of report >
  9. I'm working on this computer and can't seem to get anywhere.... Here is the HijackThis log. See anything? _________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:26:37 PM, on 12/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe C:\Program Files\Max Spyware Detector\MaxActMon.exe C:\Program Files\Lenovo\PM Driver\PMSveH.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Program Files\Max Spyware Detector\MaxSDTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\McAfee Security Scan\1.0.150\McUICnt.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe E:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLURC.exe -AUTO O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe O4 - HKLM\..\Run: [sDActiveMonitor] C:\Program Files\Max Spyware Detector\MaxSDTray.exe "-AUTO" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-177391176-3013064915-1126896040-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Susan Plesset') O4 - HKUS\S-1-5-21-177391176-3013064915-1126896040-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Susan Plesset') O4 - HKUS\S-1-5-21-177391176-3013064915-1126896040-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: McAfee Security Scan.lnk = ? O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing) O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Fingerprint Server (FingerprintServer) - Unknown owner - C:\WINDOWS\system32\FpLogonServ.exe (file missing) O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 13899 bytes
  10. I have followed the instructions and everything looks good! Thank you so much for guiding me through this process. Your help is greatly appreciated!
  11. Here is the Hijack This log file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:52:11 AM, on 11/22/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe C:\WINDOWS\system32\Drivers\bwcsrv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\National Instruments\MAX\nimxs.exe C:\WINDOWS\system32\nipalsm.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\nipalsm.exe C:\WINDOWS\VistaDrive\VistaDrive.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\WINDOWS\FixCamera.exe C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\PROGRA~1\Comodo\CBOClean\BOC425.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\IOMEGA~1\RETROS~1\retrospect.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Iomega StorCenter\sohoclient.exe C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\DOCUME~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001 C:\Program Files\Java\jre6\bin\java.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\System32\svchost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\UHSPyXdvY.exe" /runcleanupscript O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - .DEFAULT Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Default user') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237771195828 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237771178421 O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Retrospect Express HD Helper (RetroExp Helper) - EMC Corporation - C:\PROGRA~1\IOMEGA~1\RETROS~1\rthlpsvc.exe O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14169 bytes
  12. I followed your directions and here's what came out: Malwarebytes' Anti-Malware 1.41 Database version: 3204 Windows 5.1.2600 Service Pack 3 11/20/2009 9:30:16 PM mbam-log-2009-11-20 (21-30-16).txt Scan type: Quick Scan Objects scanned: 123226 Time elapsed: 7 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, November 21, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, November 21, 2009 01:52:22 Records in database: 3252670 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Objects scanned: 170033 Threats found: 9 Infected objects found: 30 Suspicious objects found: 0 Scan duration: 04:06:35 File name / Threat / Threats count C:\Qoobox\Quarantine\C\WINDOWS\system32\duyasuwi.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\kamukufo.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\likulida.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\nuzadayi.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\pipibuju.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\rumapabo.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\siwipuyo.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\vetuyija.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\vikewami.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\zetojusu.dll.vir Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000157.dll Infected: Trojan.Win32.Monder.cvau 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000158.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000159.dll Infected: Trojan.Win32.Genome.bnjd 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000169.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000309.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000313.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000314.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000315.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000316.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000317.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000318.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000320.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000321.dll Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{FBC59DCF-F02A-4957-A8BB-08E1F11FA41A}\RP2\A0000323.dll Infected: Packed.Win32.TDSS.aa 1 D:\PROGRAMS\Crossloop\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1 D:\PROGRAMS\Crossloop\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1 D:\PROGRAMS\mbrfix\MbrFix.exe Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1 D:\PROGRAMS\ultravnc\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1 D:\PROGRAMS\vncserver\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1 D:\PROGRAMS\vncserver\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1 Selected area has been scanned.
  13. Rorschach112, I have followed your directions. Thank you! Here is the output: ComboFix 09-11-19.05 - Customer 11/19/2009 23:06.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1432 [GMT -5:00] Running from: c:\documents and settings\Customer\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Customer\Desktop\CFScript.txt file zipped: c:\windows\system32\dadozive.dll file zipped: c:\windows\system32\domasuro.dll file zipped: c:\windows\system32\johuvuki.dll file zipped: c:\windows\system32\kemukoma.dll file zipped: c:\windows\system32\kuyijovi.dll file zipped: c:\windows\system32\legimizu.dll file zipped: c:\windows\system32\mibedoja.dll file zipped: c:\windows\system32\pool.bin file zipped: c:\windows\system32\yitebuza.dll file zipped: c:\windows\system32\zasiyove.dll file zipped: c:\windows\system32\zufihuno.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0000\~dec142.tmp c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0000\~df394b.tmp c:\documents and settings\Customer\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0000\~dec142.tmp c:\documents and settings\Customer\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0000\~df394b.tmp c:\windows\system32\dadozive.dll c:\windows\system32\domasuro.dll c:\windows\system32\johuvuki.dll c:\windows\system32\kemukoma.dll c:\windows\system32\kuyijovi.dll c:\windows\system32\legimizu.dll c:\windows\system32\mibedoja.dll c:\windows\system32\pool.bin c:\windows\system32\yitebuza.dll c:\windows\system32\zasiyove.dll c:\windows\system32\zufihuno.dll . ((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 ))))))))))))))))))))))))))))))) . 2009-11-19 02:48 . 2009-11-19 02:48 -------- d-----w- c:\program files\Trend Micro 2009-11-18 05:11 . 2009-11-18 05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-18 05:11 . 2009-11-18 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-17 04:49 . 2009-11-17 04:49 -------- d-----w- C:\VundoFix Backups 2009-11-17 04:45 . 2009-11-17 04:45 79488 ----a-w- c:\documents and settings\Customer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-17 02:35 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-17 02:35 . 2009-11-17 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-17 02:35 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-17 02:35 . 2009-11-17 02:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-16 05:27 . 2009-11-16 05:27 -------- d-----w- c:\documents and settings\Customer\Application Data\Malwarebytes 2009-11-15 22:41 . 2007-11-26 15:38 238848 ----a-w- c:\windows\UNBOC.EXE 2009-11-15 22:41 . 2007-05-08 22:01 208896 ----a-w- c:\windows\CMDLIC.DLL 2009-11-15 22:41 . 2009-11-15 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BOC425 2009-11-15 22:41 . 2009-11-15 22:41 -------- d-----w- c:\program files\Comodo 2009-11-15 22:39 . 2009-11-15 22:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-11-15 22:36 . 2009-11-15 22:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-11-15 22:09 . 2008-04-14 04:13 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe 2009-11-15 22:09 . 2004-08-04 11:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe 2009-11-15 22:09 . 2004-08-04 11:00 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe 2009-11-15 22:09 . 2004-08-04 11:00 33792 -c--a-w- c:\windows\system32\dllcache\controt.dll 2009-11-15 22:09 . 2004-08-04 11:00 20480 -c--a-w- c:\windows\system32\dllcache\counters.dll 2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\windows\system32\xircom 2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\windows\system32\wbem\snmp 2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\program files\microsoft frontpage 2009-11-15 22:07 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-11-15 22:05 . 2008-04-14 11:41 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll 2009-11-15 22:05 . 2008-04-14 11:41 7168 ----a-w- c:\windows\system32\bitsprx4.dll 2009-11-15 21:44 . 2008-04-14 03:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys 2009-11-15 21:36 . 2004-08-04 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-11-15 21:36 . 2004-08-04 11:00 13312 ----a-w- c:\windows\system32\irclass.dll 2009-11-15 21:34 . 2009-11-15 21:34 -------- d-s---w- c:\windows\system32\config\systemprofile\History 2009-11-15 16:32 . 2009-11-15 16:32 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0 2009-11-15 16:32 . 2009-11-15 16:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0 2009-11-15 16:16 . 2009-11-15 22:04 -------- d-----w- c:\windows\system32\oobe 2009-11-15 16:16 . 2009-11-15 16:26 -------- d-----w- c:\windows\L2Schemas 2009-11-15 16:16 . 2009-11-15 16:26 -------- d-----w- c:\windows\system32\scripting 2009-11-10 02:09 . 2009-11-10 02:16 -------- d-----w- c:\program files\CrackUtil 2009-11-09 01:50 . 2009-11-09 01:50 53248 ----a-r- c:\documents and settings\Customer\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe 2009-11-08 04:18 . 2009-11-08 04:38 -------- d-----w- c:\windows\system32\Adobe 2009-11-04 15:30 . 2009-11-04 15:30 16384 ----a-w- c:\documents and settings\Customer\Application Data\blank.exe 2009-10-31 22:04 . 2009-11-09 01:45 256 ----a-w- c:\documents and settings\Customer\pool.bin 2009-10-31 21:39 . 2009-10-31 21:39 -------- d-----w- c:\documents and settings\Customer\Application Data\Research In Motion 2009-10-31 21:22 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys 2009-10-31 21:21 . 2009-11-09 01:50 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-10-31 21:20 . 2009-10-31 21:20 -------- d-----w- c:\program files\Research In Motion 2009-10-29 03:08 . 2009-10-29 03:08 -------- d-----w- c:\program files\Rosetta Stone 2009-10-29 03:07 . 2009-10-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RosettaStoneLtdBackup 2009-10-29 02:57 . 2009-10-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-10-29 02:56 . 2009-10-29 02:56 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-10-29 02:55 . 2009-10-29 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone 2009-10-23 16:55 . 2009-10-23 16:56 -------- d-----w- c:\documents and settings\Customer\tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-20 04:22 . 2009-05-30 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp 2009-11-20 03:59 . 2007-03-04 00:25 -------- d-----w- c:\program files\ESET 2009-11-15 22:36 . 2007-03-03 06:36 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-15 22:21 . 2007-03-08 23:32 109304 ----a-w- c:\documents and settings\Customer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-15 22:02 . 2007-03-03 06:33 23348 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-12 00:33 . 2007-03-03 00:15 102400 ----a-w- c:\windows\DUMP66b8.tmp 2009-11-10 01:50 . 2007-03-04 00:16 -------- d-----w- c:\documents and settings\Customer\Application Data\uTorrent 2009-11-08 06:31 . 2008-06-23 17:03 -------- d-----w- c:\documents and settings\Customer\Application Data\dvdcss 2009-11-04 16:16 . 2009-11-04 16:16 4527419 ----a-w- c:\documents and settings\Customer\Application Data\Black Eyed Peas - Meet Me Halfway.zip 2009-09-24 15:09 . 2009-10-01 01:22 3858432 ----a-w- c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\extensions\[email protected]\plugins\npRACtrl.dll 2009-08-30 13:44 . 2009-08-30 13:44 507904 ----a-r- c:\windows\system32\btwapi.dll 2009-08-27 04:01 . 2009-08-27 04:01 39936 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2009-08-27 04:01 . 2009-08-27 04:01 30720 ---h--r- c:\windows\CdaC13BA.EXE 2009-08-27 04:01 . 2009-08-27 04:01 112128 ---h--r- c:\windows\CdaC14BA.DLL 2009-08-27 04:01 . 2009-08-27 04:01 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2009-08-27 02:59 . 2009-08-27 02:59 152576 ----a-w- c:\documents and settings\Customer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2001-09-28 21:00 . 2007-08-31 17:56 164864 ----a-w- c:\program files\UNWISE.EXE 2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll 2003-05-01 14:36 . 2003-05-01 14:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll 2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll 2008-02-28 18:30 . 2008-07-13 04:36 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll 2008-02-28 18:33 . 2008-07-13 04:36 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((( [email protected]_04.21.38 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-20 04:20 . 2009-11-20 04:20 16384 c:\windows\Temp\Perflib_Perfdata_b8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928] "Google Update"="c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-27 133104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 280779] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064] "EPSON Stylus Photo R340 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" [2005-04-26 98304] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RetroExpress"="c:\progra~1\IOMEGA~1\RETROS~1\RetroExpress.exe" [2008-12-11 9499928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-20 77824] "BOC-425"="c:\progra~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 342272] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\UHSPyXdvY.exe" [2009-11-17 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 99840] c:\documents and settings\Customer\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2006-7-19 192512] Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-1 3450608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-6-17 114688] Iomega StorCenter.lnk - c:\program files\Iomega StorCenter\sohoclient.exe [2009-5-30 1865040] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"= "c:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\crack\\airserv-ng.exe"= "c:\\Program Files\\SolarWinds\\Engineer's Toolset\\Config-Transfer.exe"= "c:\\Program Files\\SolarWinds\\Engineer's Toolset\\SNMP-Brute-Force-Attack.exe"= "c:\\Program Files\\Iomega StorCenter\\retrospect\\Retrospect.exe"= "c:\\Program Files\\Iomega StorCenter\\retrospect\\retrorun.exe"= "c:\\Documents and Settings\\Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2/15/2007 5:23 PM 15136] R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\program files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe [5/21/2008 12:04 PM 1327104] R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [11/15/2009 5:41 PM 73472] R2 Bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\BWCDRV.SYS [12/21/2003 3:21 AM 19840] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088] R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 AM 12696] R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2/2/2007 9:36 AM 37376] R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2/2/2007 9:37 AM 21504] R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2/2/2007 10:55 AM 674304] R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 AM 12696] R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2/2/2007 10:57 AM 50688] R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2/2/2007 9:37 AM 30208] R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2/22/2007 11:18 AM 11552] R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2/2/2007 9:38 AM 111616] R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2/23/2007 10:25 AM 11552] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [5/24/2008 11:34 PM 2368] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/25/2007 9:13 PM 24652] R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2/21/2007 10:20 PM 11552] R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2/21/2007 10:39 PM 11552] R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2/25/2007 8:12 PM 11552] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/24/2007 8:13 PM 721904] S3 ATHER;Atheros AR5000 Based Wireless Network Adapter Service;c:\windows\system32\drivers\ar5210b.sys [5/28/2007 12:48 PM 276981] S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [7/11/2005 12:46 AM 372480] S3 DW90USB;DW90USB Device;c:\windows\system32\drivers\DW90USB.SYS [6/17/2007 6:50 AM 39096] S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [1/11/2007 10:18 AM 20256] S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2/22/2007 11:40 AM 25888] S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2/22/2007 11:43 AM 11552] S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2/26/2007 12:40 PM 16672] S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2/22/2007 6:18 PM 11552] S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2/25/2007 8:12 PM 11552] S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2/23/2007 5:43 PM 11552] S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2/23/2007 10:32 PM 11552] S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2/25/2007 7:13 PM 11552] S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2/25/2007 7:13 PM 11552] S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2/22/2007 1:21 PM 11552] S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2/23/2007 4:20 PM 11552] S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2/24/2007 1:10 AM 11552] S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2/25/2007 8:10 PM 11552] S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [12/18/2006 12:55 PM 14464] S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [12/18/2006 12:55 PM 151683] S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2/22/2007 1:26 PM 11552] S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2/23/2007 5:25 PM 11552] S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2/15/2007 11:00 PM 11552] S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2/15/2007 11:00 PM 11552] S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2/23/2007 10:19 PM 11552] S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2/22/2007 11:45 AM 20768] S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [2/24/2007 4:19 AM 11552] S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2/26/2007 4:31 PM 11552] S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2/25/2007 7:11 PM 11552] S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2/24/2007 12:17 AM 11552] S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2/23/2007 10:05 PM 11552] S3 nismbusk;nismbusk;c:\windows\system32\drivers\nismbusk.sys [2/22/2007 11:34 AM 86304] S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2/26/2007 4:31 PM 11552] S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2/23/2007 10:28 PM 11552] S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2/25/2007 7:13 PM 11552] S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2/22/2007 8:17 PM 11552] S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2/23/2007 3:14 AM 11552] S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2/23/2007 8:44 PM 11552] S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2/23/2007 3:54 PM 11552] S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2/24/2007 12:09 AM 11552] S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2/22/2007 10:42 AM 11552] S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2/23/2007 10:25 AM 11552] S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2/25/2007 7:13 PM 11552] S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2/25/2007 7:13 PM 11552] S3 nixsrkw;nixsrkw;c:\windows\system32\drivers\nixsrkw.sys [2/25/2007 7:13 PM 11552] S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe [12/5/2007 8:58 AM 61440] S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2/19/2008 10:01 PM 38016] S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2/19/2008 9:56 PM 20096] S3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.sys [2/25/2007 7:11 PM 27936] --- Other Services/Drivers In Memory --- *NewlyCreated* - NIPALK . Contents of the 'Scheduled Tasks' folder 2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1284227242-839522115-1003Core.job - c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 04:22] 2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1284227242-839522115-1003UA.job - c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 04:22] 2009-11-20 c:\windows\Tasks\SDMsgUpdate (SD).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-03-18 12:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.daemonsearch.com/intl/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 Trusted Zone: aol.com\free FF - ProfilePath - c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\Customer\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-19 23:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents] @Denied: (Full) (LocalSystem) "OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2540) c:\program files\Stardock\ObjectDock\DockShellHook.dll c:\windows\system32\ieframe.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL c:\windows\system32\wpdshserviceobj.dll c:\program files\WinSCP3\DragExt.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Drivers\bwcsrv.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\FolderSize\FolderSizeSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lkcitdl.exe c:\windows\system32\lkads.exe c:\windows\system32\lktsrv.exe c:\program files\National Instruments\MAX\nimxs.exe c:\program files\National Instruments\Shared\Security\nidmsrv.exe c:\windows\system32\nisvcloc.exe c:\program files\National Instruments\Shared\Tagger\tagsrv.exe c:\windows\system32\HPZipm12.exe c:\progra~1\IOMEGA~1\RETROS~1\retrorun.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\progra~1\IOMEGA~1\RETROS~1\retrospect.exe c:\progra~1\MICROS~4\rapimgr.exe c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001 . ************************************************************************** . Completion time: 2009-11-19 23:31 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-20 04:31 ComboFix2.txt 2009-11-19 04:32 Pre-Run: 5,930,323,968 bytes free Post-Run: 5,891,457,024 bytes free - - End Of File - - EA371C67F515C8D1B1F4AC7BB66A5FF3
  14. Wow, I can usually clean things out myself, but I need some help on this one! I ran Combofix and then HiJackThis and then the uninstall_list.txt. All logs are as follows: ComboFix 09-11-18.06 - Customer 11/18/2009 22:45.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1216 [GMT -5:00] Running from: c:\documents and settings\Customer\My Documents\Downloads\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active . ADS - system32: deleted 12 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0020\~dec142.tmp c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001.dir.0020\~df394b.tmp c:\documents and settings\Customer\Application Data\inst.exe c:\documents and settings\Customer\Desktop\Security Tool.lnk c:\documents and settings\Customer\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0020\~dec142.tmp c:\documents and settings\Customer\Local Settings\Temp\SolidWorksLicTemp.0001.dir.0020\~df394b.tmp c:\documents and settings\Customer\Start Menu\Programs\Security Tool.lnk c:\windows\system32\AutoRun.inf c:\windows\system32\duyasuwi.dll c:\windows\system32\fiworize.dll c:\windows\system32\hivotugu.dll c:\windows\system32\jalopeya.exe c:\windows\system32\kamukufo.dll c:\windows\system32\likulida.dll c:\windows\system32\nuzadayi.dll c:\windows\system32\pipibuju.dll c:\windows\system32\rumapabo.dll c:\windows\system32\siwipuyo.dll c:\windows\system32\subadeji.dll c:\windows\system32\vetuyija.dll c:\windows\system32\vikewami.dll c:\windows\system32\yabonoke.dll c:\windows\system32\zetojusu.dll c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete ----- BITS: Possible infected sites ----- hxxp://82.98.231.102 . ((((((((((((((((((((((((( Files Created from 2009-10-19 to 2009-11-19 ))))))))))))))))))))))))))))))) . 2009-11-19 02:48 . 2009-11-19 02:48 -------- d-----w- c:\program files\Trend Micro 2009-11-18 05:11 . 2009-11-18 05:45 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-11-18 05:11 . 2009-11-18 05:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-17 04:49 . 2009-11-17 04:49 -------- d-----w- C:\VundoFix Backups 2009-11-17 04:45 . 2009-11-17 04:45 79488 ----a-w- c:\documents and settings\Customer\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2009-11-17 02:35 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-17 02:35 . 2009-11-17 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-17 02:35 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-17 02:35 . 2009-11-17 02:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-16 05:27 . 2009-11-16 05:27 -------- d-----w- c:\documents and settings\Customer\Application Data\Malwarebytes 2009-11-15 22:41 . 2007-11-26 15:38 238848 ----a-w- c:\windows\UNBOC.EXE 2009-11-15 22:41 . 2007-05-08 22:01 208896 ----a-w- c:\windows\CMDLIC.DLL 2009-11-15 22:41 . 2009-11-15 22:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BOC425 2009-11-15 22:41 . 2009-11-15 22:41 -------- d-----w- c:\program files\Comodo 2009-11-15 22:39 . 2009-11-15 22:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2009-11-15 22:36 . 2009-11-15 22:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-11-15 22:09 . 2008-04-14 04:13 57399 -c--a-w- c:\windows\system32\dllcache\cplexe.exe 2009-11-15 22:09 . 2004-08-04 11:00 18944 -c--a-w- c:\windows\system32\dllcache\cprofile.exe 2009-11-15 22:09 . 2004-08-04 11:00 56320 -c--a-w- c:\windows\system32\dllcache\convlog.exe 2009-11-15 22:09 . 2004-08-04 11:00 33792 -c--a-w- c:\windows\system32\dllcache\controt.dll 2009-11-15 22:09 . 2004-08-04 11:00 20480 -c--a-w- c:\windows\system32\dllcache\counters.dll 2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\windows\system32\xircom 2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\windows\system32\wbem\snmp 2009-11-15 22:07 . 2009-11-15 22:07 -------- d-----w- c:\program files\microsoft frontpage 2009-11-15 22:07 . 2008-04-14 11:42 221184 ----a-w- c:\windows\system32\wmpns.dll 2009-11-15 22:05 . 2008-04-14 11:41 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx4.dll 2009-11-15 22:05 . 2008-04-14 11:41 7168 ----a-w- c:\windows\system32\bitsprx4.dll 2009-11-15 21:44 . 2008-04-14 03:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys 2009-11-15 21:36 . 2004-08-04 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2009-11-15 21:36 . 2004-08-04 11:00 13312 ----a-w- c:\windows\system32\irclass.dll 2009-11-15 21:34 . 2009-11-15 21:34 -------- d-s---w- c:\windows\system32\config\systemprofile\History 2009-11-15 16:32 . 2009-11-15 16:32 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0 2009-11-15 16:32 . 2009-11-15 16:32 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0 2009-11-15 16:16 . 2009-11-15 22:04 -------- d-----w- c:\windows\system32\oobe 2009-11-15 16:16 . 2009-11-15 16:26 -------- d-----w- c:\windows\L2Schemas 2009-11-15 16:16 . 2009-11-15 16:26 -------- d-----w- c:\windows\system32\scripting 2009-11-10 02:09 . 2009-11-10 02:16 -------- d-----w- c:\program files\CrackUtil 2009-11-09 01:50 . 2009-11-09 01:50 53248 ----a-r- c:\documents and settings\Customer\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe 2009-11-08 04:18 . 2009-11-08 04:38 -------- d-----w- c:\windows\system32\Adobe 2009-11-04 15:30 . 2009-11-04 15:30 16384 ----a-w- c:\documents and settings\Customer\Application Data\blank.exe 2009-10-31 22:04 . 2009-11-09 01:45 256 ----a-w- c:\documents and settings\Customer\pool.bin 2009-10-31 21:39 . 2009-11-09 02:54 256 ----a-w- c:\windows\system32\pool.bin 2009-10-31 21:39 . 2009-10-31 21:39 -------- d-----w- c:\documents and settings\Customer\Application Data\Research In Motion 2009-10-31 21:22 . 2007-01-18 14:24 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys 2009-10-31 21:21 . 2009-11-09 01:50 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-10-31 21:20 . 2009-10-31 21:20 -------- d-----w- c:\program files\Research In Motion 2009-10-29 03:08 . 2009-10-29 03:08 -------- d-----w- c:\program files\Rosetta Stone 2009-10-29 03:07 . 2009-10-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\RosettaStoneLtdBackup 2009-10-29 02:57 . 2009-10-29 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet 2009-10-29 02:56 . 2009-10-29 02:56 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-10-29 02:55 . 2009-10-29 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone 2009-10-23 16:55 . 2009-10-23 16:56 -------- d-----w- c:\documents and settings\Customer\tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-19 04:22 . 2009-05-30 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\RetroExp 2009-11-15 22:36 . 2007-03-03 06:36 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-11-15 22:21 . 2007-03-08 23:32 109304 ----a-w- c:\documents and settings\Customer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-15 22:02 . 2007-03-03 06:33 23348 ----a-w- c:\windows\system32\emptyregdb.dat 2009-11-12 00:33 . 2007-03-03 00:15 102400 ----a-w- c:\windows\DUMP66b8.tmp 2009-11-10 01:50 . 2007-03-04 00:16 -------- d-----w- c:\documents and settings\Customer\Application Data\uTorrent 2009-11-08 06:31 . 2008-06-23 17:03 -------- d-----w- c:\documents and settings\Customer\Application Data\dvdcss 2009-11-04 16:16 . 2009-11-04 16:16 4527419 ----a-w- c:\documents and settings\Customer\Application Data\Black Eyed Peas - Meet Me Halfway.zip 2009-09-24 15:09 . 2009-10-01 01:22 3858432 ----a-w- c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\extensions\[email protected]\plugins\npRACtrl.dll 2009-08-30 13:44 . 2009-08-30 13:44 507904 ----a-r- c:\windows\system32\btwapi.dll 2009-08-27 04:01 . 2009-08-27 04:01 39936 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE 2009-08-27 04:01 . 2009-08-27 04:01 30720 ---h--r- c:\windows\CdaC13BA.EXE 2009-08-27 04:01 . 2009-08-27 04:01 112128 ---h--r- c:\windows\CdaC14BA.DLL 2009-08-27 04:01 . 2009-08-27 04:01 8864 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS 2009-08-27 02:59 . 2009-08-27 02:59 152576 ----a-w- c:\documents and settings\Customer\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2001-09-28 21:00 . 2007-08-31 17:56 164864 ----a-w- c:\program files\UNWISE.EXE 2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll 2003-05-01 14:36 . 2003-05-01 14:36 114688 ----a-w- c:\program files\internet explorer\plugins\LV7ActiveXControl.dll 2006-01-23 14:32 . 2006-01-23 14:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll 2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll 2008-02-28 18:30 . 2008-07-13 04:36 8784 ----a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll 2008-02-28 18:33 . 2008-07-13 04:36 245408 ----a-w- c:\program files\mozilla firefox\plugins\unicows.dll 2009-08-10 14:44 . 2009-08-10 14:44 3 --sha-w- c:\windows\system32\dadozive.dll 2009-08-17 02:23 . 2009-08-17 02:23 6144 --sha-w- c:\windows\system32\domasuro.dll 2009-08-11 03:41 . 2009-08-11 03:41 3 --sha-w- c:\windows\system32\johuvuki.dll 2009-08-10 15:07 . 2009-08-10 15:07 3 --sha-w- c:\windows\system32\kemukoma.dll 2009-08-10 14:44 . 2009-08-10 14:44 3 --sha-w- c:\windows\system32\kuyijovi.dll 2009-08-11 03:41 . 2009-08-11 03:41 3 --sha-w- c:\windows\system32\legimizu.dll 2009-08-11 03:41 . 2009-08-11 03:41 3 --sha-w- c:\windows\system32\mibedoja.dll 2009-08-10 14:44 . 2009-08-10 14:44 3 --sha-w- c:\windows\system32\yitebuza.dll 2009-08-10 15:07 . 2009-08-10 15:07 3 --sha-w- c:\windows\system32\zasiyove.dll 2009-08-10 15:07 . 2009-08-10 15:07 3 --sha-w- c:\windows\system32\zufihuno.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928] "Google Update"="c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-27 133104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-06 280779] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-29 344064] "EPSON Stylus Photo R340 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE" [2005-04-26 98304] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440] "FixCamera"="c:\windows\FixCamera.exe" [2007-02-10 20480] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-03-12 949376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "RetroExpress"="c:\progra~1\IOMEGA~1\RETROS~1\RetroExpress.exe" [2008-12-11 9499928] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-10 270336] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-20 77824] "BOC-425"="c:\progra~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 342272] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\UHSPyXdvY.exe" [2009-11-17 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-14 99840] c:\documents and settings\Customer\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] SolidWorks Task Scheduler Engine.lnk - c:\program files\SolidWorks\swScheduler\swBOEngine.exe [2006-7-19 192512] Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-3-1 3450608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-6-17 114688] Iomega StorCenter.lnk - c:\program files\Iomega StorCenter\sohoclient.exe [2009-5-30 1865040] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\temp\\HP_WebRelease\\Setup\\HPZnet01.exe"= "c:\\Program Files\\National Instruments\\LabVIEW 8.2\\LabVIEW.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\crack\\airserv-ng.exe"= "c:\\Program Files\\SolarWinds\\Engineer's Toolset\\Config-Transfer.exe"= "c:\\Program Files\\SolarWinds\\Engineer's Toolset\\SNMP-Brute-Force-Attack.exe"= "c:\\Program Files\\Iomega StorCenter\\retrospect\\Retrospect.exe"= "c:\\Program Files\\Iomega StorCenter\\retrospect\\retrorun.exe"= "c:\\Documents and Settings\\Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Customer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [2/15/2007 5:23 PM 15136] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [3/11/2008 10:24 PM 15424] R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;c:\program files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe [5/21/2008 12:04 PM 1327104] R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [11/15/2009 5:41 PM 73472] R2 Bwcdrv;BUFFALO Wireless Configuration;c:\windows\system32\drivers\BWCDRV.SYS [12/21/2003 3:21 AM 19840] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088] R2 ni488enumsvc;NI-488.2 Enumeration Service;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 AM 12696] R2 niarbk;niarbk;c:\windows\system32\drivers\niarbk.dll [2/2/2007 9:36 AM 37376] R2 nibffrk;nibffrk;c:\windows\system32\drivers\nibffrk.dll [2/2/2007 9:37 AM 21504] R2 Nidaq32k;Nidaq32k;c:\windows\system32\drivers\nidaq32k.sys [2/2/2007 10:55 AM 674304] R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 10:21 AM 12696] R2 nidmmk;NI DMM and Data Logger Kernel Driver;c:\windows\system32\drivers\nidmmk.dll [2/2/2007 10:57 AM 50688] R2 nimdsk;nimdsk;c:\windows\system32\drivers\nimdsk.dll [2/2/2007 9:37 AM 30208] R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [2/22/2007 11:18 AM 11552] R2 nistck;nistck;c:\windows\system32\drivers\niSTCk.dll [2/2/2007 9:38 AM 111616] R2 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiKl.sys [2/23/2007 10:25 AM 11552] R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [5/24/2008 11:34 PM 2368] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/25/2007 9:13 PM 24652] R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [2/21/2007 10:20 PM 11552] R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [2/21/2007 10:39 PM 11552] R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [2/25/2007 8:12 PM 11552] S3 ATHER;Atheros AR5000 Based Wireless Network Adapter Service;c:\windows\system32\drivers\ar5210b.sys [5/28/2007 12:48 PM 276981] S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;c:\windows\system32\drivers\BCMWL5.SYS [7/11/2005 12:46 AM 372480] S3 DW90USB;DW90USB Device;c:\windows\system32\drivers\DW90USB.SYS [6/17/2007 6:50 AM 39096] S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [1/11/2007 10:18 AM 20256] S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [2/22/2007 11:40 AM 25888] S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [2/22/2007 11:43 AM 11552] S3 ni488lock;NI-488.2 Locking Service;c:\windows\system32\drivers\ni488lock.sys [2/26/2007 12:40 PM 16672] S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [2/22/2007 6:18 PM 11552] S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [2/25/2007 8:12 PM 11552] S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2/23/2007 5:43 PM 11552] S3 nidwgk;nidwgk;c:\windows\system32\drivers\nidwgkl.sys [2/23/2007 10:32 PM 11552] S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2/25/2007 7:13 PM 11552] S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2/25/2007 7:13 PM 11552] S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [2/22/2007 1:21 PM 11552] S3 nigplk;nigplk;c:\windows\system32\drivers\nigplkl.sys [2/23/2007 4:20 PM 11552] S3 nihsdrk;nihsdrk;c:\windows\system32\drivers\nihsdrkl.sys [2/24/2007 1:10 AM 11552] S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [2/25/2007 8:10 PM 11552] S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [12/18/2006 12:55 PM 14464] S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [12/18/2006 12:55 PM 151683] S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [2/22/2007 1:26 PM 11552] S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [2/23/2007 5:25 PM 11552] S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [2/15/2007 11:00 PM 11552] S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [2/15/2007 11:00 PM 11552] S3 nipsdk;nipsdk;c:\windows\system32\drivers\nipsdkl.sys [2/23/2007 10:19 PM 11552] S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [2/22/2007 11:45 AM 20768] S3 nirfsa2k;nirfsa2k;c:\windows\system32\drivers\niRFSA2kl.sys [2/24/2007 4:19 AM 11552] S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [2/26/2007 4:31 PM 11552] S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [2/25/2007 7:11 PM 11552] S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [2/24/2007 12:17 AM 11552] S3 nisldk;nisldk;c:\windows\system32\drivers\nisldkl.sys [2/23/2007 10:05 PM 11552] S3 nismbusk;nismbusk;c:\windows\system32\drivers\nismbusk.sys [2/22/2007 11:34 AM 86304] S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [2/26/2007 4:31 PM 11552] S3 nisrcdk;nisrcdk;c:\windows\system32\drivers\nisrcdkl.sys [2/23/2007 10:28 PM 11552] S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2/25/2007 7:13 PM 11552] S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [2/22/2007 8:17 PM 11552] S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2/23/2007 3:14 AM 11552] S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [2/23/2007 8:44 PM 11552] S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2/23/2007 3:54 PM 11552] S3 nitnr2k;nitnr2k;c:\windows\system32\drivers\nitnr2kl.sys [2/24/2007 12:09 AM 11552] S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWKl.sys [2/22/2007 10:42 AM 11552] S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciKl.sys [2/23/2007 10:25 AM 11552] S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2/25/2007 7:13 PM 11552] S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2/25/2007 7:13 PM 11552] S3 nixsrkw;nixsrkw;c:\windows\system32\drivers\nixsrkw.sys [2/25/2007 7:13 PM 11552] S3 SolarWinds TFTP Server;SolarWinds TFTP Server;c:\program files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe [12/5/2007 8:58 AM 61440] S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2/19/2008 10:01 PM 38016] S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2/19/2008 9:56 PM 20096] S3 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.sys [2/25/2007 7:11 PM 27936] --- Other Services/Drivers In Memory --- *NewlyCreated* - NIPALK *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1284227242-839522115-1003Core.job - c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 04:22] 2009-11-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1284227242-839522115-1003UA.job - c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-27 04:22] 2009-11-19 c:\windows\Tasks\SDMsgUpdate (SD).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-03-18 12:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.daemonsearch.com/intl/ IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\windows\system32\imon.dll Trusted Zone: aol.com\free FF - ProfilePath - c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\documents and settings\Customer\Application Data\Mozilla\Firefox\Profiles\rmnyn9v3.default\extensions\[email protected]\plugins\npRACtrl.dll FF - plugin: c:\documents and settings\Customer\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Customer\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NpPopup.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - BHO-{ae2fa5e1-9f3b-4347-b4d4-457c66f91400} - wedaleza.dll WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKLM-Run-hovagetab - c:\windows\system32\pipibuju.dll HKLM-Run-geririzuje - likulida.dll SharedTaskScheduler-{a5326c12-4dc1-4e68-825e-565914579a55} - c:\windows\system32\pipibuju.dll SSODL-fufavomud-{a5326c12-4dc1-4e68-825e-565914579a55} - c:\windows\system32\pipibuju.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-18 23:21 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents] @Denied: (Full) (LocalSystem) "OOBETimer"=hex:7f,63,3e,be,ec,25,8e,19,be,a7,92,c6 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(648) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(704) c:\windows\system32\imon.dll - - - - - - - > 'explorer.exe'(3740) c:\program files\Stardock\ObjectDock\DockShellHook.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL c:\program files\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL c:\windows\system32\wpdshserviceobj.dll c:\program files\WinSCP3\DragExt.dll c:\windows\system32\ieframe.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Drivers\bwcsrv.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\FolderSize\FolderSizeSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lkcitdl.exe c:\windows\system32\lkads.exe c:\windows\system32\lktsrv.exe c:\program files\National Instruments\MAX\nimxs.exe c:\program files\National Instruments\Shared\Security\nidmsrv.exe c:\windows\system32\nisvcloc.exe c:\program files\National Instruments\Shared\Tagger\tagsrv.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\HPZipm12.exe c:\progra~1\IOMEGA~1\RETROS~1\retrorun.exe c:\windows\system32\wscntfy.exe c:\windows\system32\Ati2evxx.exe c:\progra~1\IOMEGA~1\RETROS~1\retrospect.exe c:\progra~1\MICROS~4\rapimgr.exe c:\docume~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001 . ************************************************************************** . Completion time: 2009-11-18 23:32 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-19 04:32 Pre-Run: 5,346,938,880 bytes free Post-Run: 5,858,193,408 bytes free - - End Of File - - D2B4EF27468E41704552B6D3EE1A90EF _________________________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:03 AM, on 11/19/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe C:\WINDOWS\system32\Drivers\bwcsrv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\lkcitdl.exe C:\WINDOWS\system32\lkads.exe C:\WINDOWS\system32\lktsrv.exe C:\Program Files\National Instruments\MAX\nimxs.exe C:\WINDOWS\system32\nipalsm.exe C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe C:\WINDOWS\system32\nisvcloc.exe C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\nipalsm.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\VistaDrive\VistaDrive.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\FixCamera.exe C:\Program Files\Eset\nod32kui.exe C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\vsnpstd3.exe C:\WINDOWS\tsnpstd3.exe C:\PROGRA~1\Comodo\CBOClean\BOC425.exe C:\PROGRA~1\IOMEGA~1\RETROS~1\retrospect.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Iomega StorCenter\sohoclient.exe C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\DOCUME~1\Customer\LOCALS~1\Temp\SolidWorksLicTemp.0001 C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [EPSON Stylus Photo R340 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAJA.EXE /P30 "EPSON Stylus Photo R340 Series" /O6 "USB002" /M "Stylus Photo R340" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\IOMEGA~1\RETROS~1\RetroExpress.exe /h O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\UHSPyXdvY.exe" /runcleanupscript O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user') O4 - .DEFAULT Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (User 'Default user') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} (EModelNonVersionSpecificViewControl Class) - http://www.3dpublisher.net/SWService/eDrawingsEnglish.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237771195828 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237771178421 O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\Program Files\ANSYS Inc\Shared Files\Licensing\intel\lmgrd.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\PROGRA~1\IOMEGA~1\RETROS~1\retrorun.exe O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14053 bytes _________________________________________________________________________________________________ µTorrent Acrobat.com Acrobat.com Adobe AIR Adobe AIR Adobe Common File Installer Adobe Flash Player 10 Plugin Adobe Help Center 2.1 Adobe Photoshop Elements 5.0 Adobe Premiere Elements 3.0 Adobe Premiere Elements 3.0 Adobe Premiere Elements 3.0 Templates Adobe Reader 9.1.3 Adobe Shockwave Player 11.5 ArcSoft VideoImpression 2 Arial CD Ripper v1.9.4 Atheros Wireless LAN MiniPCI card Driver ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver BlackBerry Desktop Software 4.5 BlackBerry Desktop Software 4.5 BlackBerry Device Software Updater BOClean CASHFLOW® THE E-GAME CCleaner (remove only) CD Wave Editor version 1.96.1 CD/DVD Drive Acoustic Silencer Cda Product Service - shared component CommView for WiFi Conexant AC-Link Audio COSMOSMotion 2007 SP0 COSMOSWorks 2007 SP0 CrackUtil Creative Jukebox Driver Creative Removable Disk Manager Creative System Information Creative Zen Micro Diagram Designer DWGeditor DYNACAM Student Edition Easy Mobile Soft EDraw Flowchart 3 eDrawings 2007 EduTrader EPSON Printer Software EPSON TWAIN 5 eSignal exPressit S.E. 2.2 Family Tree Maker 2006 ffdshow (remove only) Folder Size for Windows Forms Wizard FOURBAR Student Edition Foxit PDF Editor GanttPV 0.7 GE MiniCam Pro GlowingWorld 3.0 Google Talk Plugin HijackThis 2.0.2 HP Deskjet Printer Driver Software 9.0 HP Image Zone 4.7 HP Photosmart, Officejet and Deskjet 7.0.A HP PSC & OfficeJet 4.7 HP PSC & Officejet 4.7 Corporate Edition ImTOO DVD Ripper Ultimate Iomega StorCenter IVI Shared Components Java 6 Update 15 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 LAME V3.97 + RazorLame 1.1.5a (PfP) Magic ISO Maker v5.5 (build 0265) Malwarebytes' Anti-Malware MathType 5 Memorex exPressit Label Design Studio Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Service Pack 1 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 Microsoft ActiveSync Microsoft Money 2007 Microsoft Money Shared Libraries Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Motorola Driver Installation Motorola Phone Tools Mozilla Firefox (3.5.5) My HP Games National Instruments Software Nero 8 Lite 8.3.6.0 NETGEAR Print Server Utility Network Stumbler 0.4.0 (remove only) NOD32 antivirus system NOD32 FiX v2.1 NotePad++ 3.6 ObjectDock Olympus Digital Wave Player PDFCreator Penguins! PENTAX USB DISK Device Personal Financial Statement Picasa 3 PowerISO Quicken 2009 QuickTime RealPlayer Retrospect Express HD 2.5 Rosetta Stone Version 3 RPM Life Planner SIXBAR Student Edition Skype™ 4.1 SmartDraw 2008 SnagIt 8 SolarWinds Engineer's Toolset v9 SolidWorks 2007 SP0 SolidWorks Explorer 2007 sp0 SolidWorks Installation Manager Spybot - Search & Destroy Star Wars 3D Screensaver 1.3 Systems of Nonlinear Equations The Rosetta Stone TI Connect 1.6 TI NoteFolio Creator TubeTilla Free TurboTax 2008 TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wrapper Update for Outlook Junk Email Filter 2007 (KB924884) USB Storage Adapter FX (MXO) Vendedores Perros VideoLAN VLC media player 0.8.6h Viewpoint Media Player Winamp WinRAR archiver WinSCP 3.8.2 Yamp v 2.3