TechSpot

Explorer.exe stopped running, then trojan's started appearing

By Darknesshade
Aug 2, 2010
  1. Hi, I'd first like to thank who ever decides to dedicate time to this post, they are greatly appreciated.

    In any case, I turned on my laptop one day to find a blank desktop with only the background wallpaper. I first thought that it was just my laptop being dumb for some reason, and i searched online for solutions to getting it back. Easily enough, all I had to do was run explorer.exe to get the desktop back, but that did not solve the problem as i had to manually run explorer.exe every time i turned my laptop on.

    So then I decided to do a system restore, which fixed the explorer.exe problem. After this though, McAfee started giving multiple alerts on some trojan. I ran a scan with McAfee and Malwarebytes, both found the same files and deleted them. Then some time later the same alerts popped up again. I am not sure how to solve this so i looked online again and here i am...

    My laptop is running Windows XP.
    Infections found via McAfee:
    Generic.dx!tfu
    Generic PUP.x!cx
    Generic downloader

    I have searched these up on the McAfee Virus encyclopedia. Generic PUP has pretty much no information and seems to have been added to the encyclopedia recently, which has me worried of it being a new virus or something.

    I have done the 8 preliminary steps and have attached the documents.
    I also have Superantispyware, which i have ran a scan with after the 8 steps and have found nothing.
    I also ran hijackthis and included the a file with the details it provided.

    I downloaded ComboFix but I have not used it yet as I don't know what it is/does...
    (and i see that i shouldn't run it unless told to do so after reading a previous post)

    So what is my situation here? I hope my situation is totally screwed over. I don't use my laptop for any banking or personal information. I have entered in such information but that was a long time ago (before the infection).

    Thank you for your time! Sorry for the long post.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'd like you to know how much I appreciate your thanks and knowing in advance that patience helps and cleaning can take a while!:) Hopefully we can get the lappy all cleaned up!
    You also have my praise for not giving in to the temptation to run Combofix 'before your helper instructs you to and with guidance'!

    Please go to Add/Remove Programs in the Control Panel and uninstall all the outdated Java entries. The only one you should keep is the current v6u21. The old versions are vulnerabilities.

    Now you can run Combofix: Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    Re-enable your Antivirus software.
    ==================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post. (OK to attach this one)

    The system doesn't look too bad at this point.
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    :(

    There is a character limit on my reply at 20,000 characters, the ComboFix file has ~25,000.
    I don't know how else to send it (sorry!) so I have attached both files.

    The ESET scan doesn't look good.
    ComboFix also said that I don't have some kind of recovery console...
    Should I find the recovery console and install it and then re-run ComboFix?
     

    Attached Files:

  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You should have allowed Combofix to install the Recovery Console per the directions, but you csn follow these directions. You should have a Recovery Console:
    http://support.microsoft.com/kb/307654

    There were only 2 active infections in the Eset scan. The ones that show in "System Volume" are in the System Restore points and not active in the system. I will have you drop the old restore points at the end of cleaning. The only way they could affect you now is if you attempted to use the System Restore feature and happened to pick an infected date> ergo, you do not want to do a restore now.

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Processes	
      
      :Services
      
      :Reg
      
      :Files 
      C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe
      C:\YourStuffz\Media Stuffs\FreeRIP_AudioConverter\freeripmp3.exe
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    I will return with script for Combofix.
     
  5. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    I tried to let ComboFix install the Recovery Console but my internet connection was already down at that point and when i tried to reconnect it wouldn't work. Now that I think about it though i should have tried using my Ethernet cable... (i'm using wireless right now).

    OTM file:
    All processes killed
    ========== PROCESSES ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe moved successfully.
    C:\YourStuffz\Media Stuffs\FreeRIP_AudioConverter\freeripmp3.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 49152 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Peter Cha-zam
    ->Temp folder emptied: 1348 bytes
    ->Temporary Internet Files folder emptied: 4781739 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 34053403 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 66589155 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 101.00 mb


    OTM by OldTimer - Version 3.1.15.0 log created on 08032010_150605

    Files moved on Reboot...
    File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_414.dat not found!

    Registry entries deleted on Reboot...
     
  6. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    my laptop downloaded/installed it's Automatic Updates, I hope that doesn't mess up this process or anything... If i was supposed to turn it off then I didn't realize I had too...
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\docume~1\PETERC~1\LOCALS~1\Temp\gUSBSTOi.sys
    c:\windows\system32\GameMon.des -service
    c:\windows\system32\XDva259.sys
    c:\windows\system32\XDva279.sys
    c:\windows\system32\unins000.exe
    c:\windows\system32\unins000.dat
    Folder::
    c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 
    
    RegNull::
    [HKEY_USERS\S-1-5-21-4215469638-1473632133-3761401410-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] 
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    
    Driver::
    gUSBSTOi
    npggsvc
    XDva259
    XDva279
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
    ====================
    I'm hoping that the problem have been resolved. I can't continue helping due to family matters.
     
  8. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    I will attach the file anyways.

    Thank you for all your help!
    I appreciate it a lot and I'm sure that everyone else you've helped also appreciate your work too (even if they didn't say it).

    Good luck, I hope everything goes well.
     

    Attached Files:

  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Message from Bobbye:

    ======================================================================

    How is your computer doing at the moment?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    =====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    hi2u

    So after running ComboFix with Bobbye's txt he had me input, I noticed that it had to delete more files. I then decided to run SuperAntiSpyware because I was kind of worried about what was going on. It detected a tracking cookie or something in my Documents folder, which I told it to delete. I then decided to visit my Documents folder and found an msvcrt(DEBUG).dll file that I don't normally recall seeing in there. I haven't done anything to it though because it could have been there before I got infected, but i'm just wondering if it is anything I have to worry about. (I know I shouldn't really be doing anything without your guidance, so sorry if this was not a smart thing to do!)

    Lately my computer seems to be alright though, I haven't had any trojan alerts for a while.

    OTL File (A long one):

    OTL logfile created on: 8/6/2010 12:07:53 AM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Peter Cha-zam\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 103.65 Gb Total Space | 19.32 Gb Free Space | 18.64% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DARKNESSHADE
    Current User Name: Peter Cha-zam
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/05 23:53:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Cha-zam\Desktop\OTL.exe
    PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    PRC - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    PRC - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
    PRC - [2008/10/06 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    PRC - [2008/10/06 20:50:00 | 000,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
    PRC - [2008/10/06 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/03/23 04:56:57 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2008/03/04 11:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    PRC - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    PRC - [2007/10/25 15:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
    PRC - [2007/10/25 10:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
    PRC - [2007/10/25 10:04:56 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
    PRC - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    PRC - [2007/10/13 02:28:47 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exe
    PRC - [2007/09/28 17:29:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
    PRC - [2007/09/28 14:28:40 | 000,181,544 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
    PRC - [2007/08/03 16:42:08 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
    PRC - [2007/08/03 16:35:38 | 002,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
    PRC - [2007/08/03 16:19:08 | 000,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
    PRC - [2007/08/03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    PRC - [2007/07/05 18:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    PRC - [2007/07/05 18:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    PRC - [2007/07/05 18:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2007/07/05 17:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    PRC - [2007/06/22 09:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
    PRC - [2007/05/31 06:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
    PRC - [2007/04/09 14:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
    PRC - [2007/04/09 03:23:56 | 001,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2007/04/05 02:08:08 | 000,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0380Mon.exe
    PRC - [2007/03/22 13:02:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    PRC - [2007/03/21 16:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
    PRC - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    PRC - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
    PRC - [2007/02/08 16:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
    PRC - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
    PRC - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
    PRC - [2007/02/01 14:00:01 | 000,419,376 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
    PRC - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
    PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    PRC - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2006/05/18 19:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    PRC - [2006/02/14 01:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2006/02/02 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
    PRC - [2004/07/27 19:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/05 23:53:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Cha-zam\Desktop\OTL.exe
    MOD - [2008/04/13 20:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
    MOD - [2008/04/13 20:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2008/04/13 13:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
    MOD - [2007/08/03 16:42:18 | 000,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
    MOD - [2007/08/03 16:42:10 | 002,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
    MOD - [2007/08/03 16:28:10 | 001,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
    MOD - [2007/08/03 16:28:06 | 000,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dll
    MOD - [2007/08/03 16:28:04 | 005,211,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_think_res.dll
    MOD - [2007/08/03 16:27:46 | 001,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dll
    MOD - [2007/08/03 16:27:42 | 000,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dll
    MOD - [2007/08/03 16:19:10 | 000,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dll
    MOD - [2007/08/03 16:19:06 | 000,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dll
    MOD - [2007/08/03 16:09:56 | 000,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_think_res.dll
    MOD - [2006/02/14 01:17:12 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
    SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$CSSQL05) SQL Server (CSSQL05)
    SRV - [2009/02/20 10:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
    SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
    SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
    SRV - [2008/10/20 11:36:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
    SRV - [2008/10/06 20:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)
    SRV - [2008/10/06 20:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
    SRV - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2007/10/25 10:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
    SRV - [2007/10/13 02:28:47 | 000,122,880 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
    SRV - [2007/09/28 17:29:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
    SRV - [2007/08/03 16:19:08 | 000,722,232 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
    SRV - [2007/08/03 16:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
    SRV - [2007/07/05 18:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2007/07/05 18:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2007/06/22 09:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe -- (msftesql$CSSQL05) SQL Server FullText Search (CSSQL05)
    SRV - [2007/05/31 06:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
    SRV - [2007/03/21 16:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
    SRV - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
    SRV - [2007/02/08 16:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
     
  11. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    Continued

    SRV - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
    SRV - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
    SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\xhunter1.sys -- (xhunter1)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\vtany.sys -- (vtany)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PETERC~1\LOCALS~1\Temp\sony_ssm.sys -- (sony_ssm.sys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\PETERC~1\LOCALS~1\Temp\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/01/15 01:37:00 | 006,620,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2008/10/06 20:50:00 | 000,177,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2008/10/06 20:50:00 | 000,072,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2008/10/06 20:50:00 | 000,064,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2008/10/06 20:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2008/10/06 20:50:00 | 000,034,344 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2008/10/06 20:50:00 | 000,031,816 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
    DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/01/02 23:53:30 | 000,252,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2007/11/03 15:20:21 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2007/09/28 17:29:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
    DRV - [2007/09/28 17:28:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
    DRV - [2007/09/21 01:19:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
    DRV - [2007/08/02 11:20:20 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
    DRV - [2007/08/02 11:19:18 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
    DRV - [2007/07/02 21:00:02 | 000,273,152 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0380Vid.sys -- (V0380Dev)
    DRV - [2007/06/10 21:01:02 | 000,142,656 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0380Afx.sys -- (V0380Afx)
    DRV - [2007/05/31 06:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV - [2007/05/22 15:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
    DRV - [2007/04/13 00:08:26 | 000,306,176 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2007/04/09 14:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2007/04/05 10:19:20 | 000,546,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2007/04/02 14:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
    DRV - [2007/04/02 03:28:06 | 000,094,976 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0380Aud.sys -- (V0380Aud)
    DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/03/15 01:10:02 | 000,011,152 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)
    DRV - [2007/03/15 00:50:08 | 000,040,848 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2007/02/27 05:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2007/02/08 15:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
    DRV - [2007/01/24 05:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
    DRV - [2006/12/21 22:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2006/12/21 22:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2006/12/21 22:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2006/12/05 01:37:46 | 000,007,168 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0380Vfx.sys -- (V0380Vfx)
    DRV - [2006/11/15 06:00:20 | 000,057,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
    DRV - [2006/11/06 04:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
    DRV - [2006/03/01 06:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
    DRV - [2006/02/14 01:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
    DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
    DRV - [2005/11/18 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
    DRV - [2005/11/08 12:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
    DRV - [2005/05/17 13:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
    DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "www.bing.com"
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
    FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.4.7amo
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\YourStuffz\Mozilla Firefox\components [2010/07/24 09:44:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\YourStuffz\Mozilla Firefox\plugins [2010/08/02 14:12:14 | 000,000,000 | ---D | M]

    [2008/08/28 19:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Extensions
    [2010/08/05 20:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\extensions
    [2010/07/29 14:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2)
    [2010/07/29 17:07:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/06/15 23:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    [2010/07/29 19:53:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/29 14:26:05 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
    [2010/04/28 03:49:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\extensions\personas@christopher.beard
    [2009/08/23 14:07:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\extensions\searchrecs@veoh.com
    [2010/03/18 15:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\extensions\SkipScreen@SkipScreen
    [2008/02/16 01:15:30 | 000,001,877 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Application Data\Mozilla\Firefox\Profiles\xbun1qcg.default\searchplugins\aolsearch.xml
    [2007/09/12 00:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/08/05 21:17:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
    O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
    O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
     
  12. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
    O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
    O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
    O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
    O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
    O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
    O4 - HKLM..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe (Creative Technology Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
    O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} http://cdn1.acclaimdownloads.com/solidstateion.cab (CSolidBrowserObj Object)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Peter Cha-zam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter Cha-zam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/02/28 15:16:08 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183528496136192)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/05 23:55:04 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2010/08/05 23:51:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peter Cha-zam\Desktop\OTL.exe
    [2010/08/05 23:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Cha-zam\Desktop\Resumes + Cover Letters
    [2010/08/05 23:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Cha-zam\Desktop\VirusWar
    [2010/08/05 22:20:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Peter Cha-zam\Recent
    [2010/08/05 21:38:32 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/05 21:05:43 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/03 15:06:05 | 000,000,000 | ---D | C] -- C:\_OTM
    [2010/08/02 20:52:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/08/02 19:52:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/02 14:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/08/02 13:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/08/02 13:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2010/08/02 13:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/08/02 13:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2010/07/30 22:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010/07/30 22:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Cha-zam\Application Data\SUPERAntiSpyware.com
    [2010/07/30 22:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/07/30 22:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/07/29 16:24:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/07/29 16:24:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/07/29 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/29 15:18:30 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2010/07/29 15:18:26 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2010/07/29 15:18:03 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2010/07/29 15:17:59 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2010/07/29 15:17:37 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2010/07/29 15:17:34 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2010/07/29 15:17:28 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2010/07/29 15:17:10 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2010/07/29 15:17:00 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2010/07/29 15:16:56 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2010/07/29 15:16:53 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2010/07/29 15:16:48 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2010/07/29 15:16:45 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2010/07/29 15:16:41 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2010/07/29 15:16:38 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2010/07/29 15:16:26 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2010/07/29 15:16:13 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2010/07/29 15:16:09 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2010/07/29 15:16:06 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2010/07/29 15:16:01 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2010/07/29 15:15:44 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2010/07/29 15:15:31 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2010/07/29 15:15:28 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2010/07/29 15:15:19 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2010/07/29 15:15:16 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2010/07/29 15:15:13 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2010/07/29 15:15:10 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2010/07/29 15:15:07 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2010/07/29 15:15:04 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2010/07/29 15:14:40 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
     
  13. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    OTL Continued

    [2010/07/29 15:14:35 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2010/07/29 15:14:32 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2010/07/29 15:14:31 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2010/07/29 15:14:28 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2010/07/29 15:14:25 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2010/07/29 15:14:14 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2010/07/29 15:14:11 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2010/07/29 15:13:45 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2010/07/29 15:13:42 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2010/07/29 15:13:40 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2010/07/29 15:13:37 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2010/07/29 15:13:32 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2010/07/29 15:12:54 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2010/07/29 15:12:51 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2010/07/29 15:12:48 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2010/07/29 15:12:45 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2010/07/29 15:12:42 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2010/07/29 15:12:21 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2010/07/29 15:12:18 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2010/07/29 15:12:16 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2010/07/29 15:12:09 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2010/07/29 15:11:46 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2010/07/29 15:11:44 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2010/07/29 15:11:41 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2010/07/29 15:11:38 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2010/07/29 15:11:18 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2010/07/29 15:11:12 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2010/07/29 15:11:10 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2010/07/29 15:10:55 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2010/07/29 15:10:52 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2010/07/29 15:10:49 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2010/07/29 15:10:46 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2010/07/29 15:10:43 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2010/07/29 15:10:40 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2010/07/29 15:10:37 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2010/07/29 15:10:34 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2010/07/29 15:10:31 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2010/07/29 15:10:25 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2010/07/29 15:10:22 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2010/07/29 15:10:22 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
    [2010/07/29 15:10:21 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
    [2010/07/29 15:10:20 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2010/07/29 15:10:20 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2010/07/29 15:10:18 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
    [2010/07/29 15:10:15 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
    [2010/07/29 15:10:08 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2010/07/29 15:10:03 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2010/07/29 15:09:59 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2010/07/29 15:09:56 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2010/07/29 15:09:45 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2010/07/29 15:09:42 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2010/07/29 15:09:29 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2010/07/29 15:09:27 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2010/07/29 15:09:24 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2010/07/29 15:09:14 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2010/07/29 15:08:39 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
    [2010/07/29 15:08:36 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2010/07/29 15:08:26 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2010/07/29 15:08:25 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2010/07/29 15:08:22 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2010/07/29 15:07:48 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2010/07/29 15:07:46 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2010/07/29 15:07:43 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2010/07/29 15:07:41 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2010/07/29 15:07:24 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2010/07/29 15:07:13 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2010/07/29 15:07:11 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2010/07/29 15:07:08 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
    [2010/07/29 15:07:07 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2010/07/29 15:07:00 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2010/07/29 15:06:57 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2010/07/29 15:06:51 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2010/07/29 15:06:48 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2010/07/29 15:06:46 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2010/07/29 15:06:43 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2010/07/29 15:06:41 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2010/07/29 15:06:38 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2010/07/29 15:06:31 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2010/07/29 15:06:28 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2010/07/29 15:06:26 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2010/07/29 15:06:24 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2010/07/29 15:06:21 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2010/07/29 15:06:18 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
    [2010/07/29 15:05:18 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2010/07/29 15:05:00 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2010/07/29 15:04:58 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2010/07/29 15:04:57 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2010/07/29 15:04:55 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2010/07/29 15:04:54 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2010/07/29 15:04:52 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2010/07/29 15:04:44 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2010/07/29 15:04:42 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2010/07/29 15:04:40 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2010/07/29 15:04:37 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2010/07/29 15:04:34 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2010/07/29 15:04:31 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2010/07/29 15:04:01 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2010/07/29 15:03:55 | 000,045,632 | ---- | C] (Interphase (R) Corporation a Windows (R) 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
    [2010/07/29 15:03:21 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2010/07/29 15:01:57 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2010/07/29 15:01:47 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2010/07/29 15:01:25 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2010/07/29 15:01:23 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2010/07/29 15:01:21 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2010/07/29 15:01:10 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2010/07/29 15:01:01 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2010/07/29 15:00:59 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2010/07/29 15:00:56 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2010/07/29 15:00:54 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2010/07/29 15:00:52 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2010/07/29 15:00:51 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2010/07/29 15:00:39 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2010/07/29 15:00:36 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2010/07/29 15:00:34 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2010/07/29 15:00:10 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
    [2010/07/29 14:59:25 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2010/07/29 14:59:21 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2010/07/29 14:59:14 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2010/07/29 14:59:13 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2010/07/29 14:59:12 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2010/07/29 14:59:07 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2010/07/29 14:59:06 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2010/07/29 14:59:05 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2010/07/29 14:59:04 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
     
  14. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    OTL Continued

    [2010/07/29 14:59:03 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2010/07/29 14:58:44 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2010/07/29 14:58:43 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2010/07/29 14:58:40 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2010/07/29 14:58:22 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2010/07/29 14:58:21 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2010/07/29 14:58:20 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2010/07/29 14:58:19 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2010/07/29 14:58:18 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2010/07/29 14:58:17 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2010/07/29 14:58:16 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2010/07/29 14:58:14 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2010/07/29 14:58:07 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2010/07/29 14:58:06 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
    [2010/07/29 14:57:58 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2010/07/29 14:57:51 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2010/07/29 14:57:47 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2010/07/29 14:57:47 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2010/07/29 14:57:46 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2010/07/29 14:57:45 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2010/07/29 14:57:45 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2010/07/29 14:57:43 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2010/07/29 14:57:42 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2010/07/29 14:57:42 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2010/07/29 14:57:41 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2010/07/29 14:57:40 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2010/07/29 14:57:39 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2010/07/29 14:57:38 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
    [2010/07/29 14:57:09 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2010/07/29 14:57:08 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2010/07/29 14:57:07 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2010/07/29 14:57:07 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2010/07/29 14:57:06 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2010/07/29 14:57:06 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2010/07/29 14:57:05 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2010/07/29 14:57:04 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2010/07/29 14:57:03 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2010/07/29 14:57:03 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2010/07/29 14:57:02 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2010/07/29 14:57:01 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2010/07/29 14:57:00 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2010/07/29 14:57:00 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2010/07/29 14:56:59 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2010/07/29 14:56:59 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2010/07/29 14:56:58 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2010/07/29 14:56:58 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2010/07/29 14:56:55 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2010/07/29 14:56:52 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2010/07/29 14:56:52 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2010/07/29 14:56:51 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2010/07/29 14:56:50 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2010/07/29 14:56:50 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2010/07/29 14:56:49 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2010/07/29 14:56:48 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2010/07/29 14:56:34 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
    [2010/07/29 14:56:32 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2010/07/29 14:56:28 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2010/07/29 14:56:20 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2010/07/29 14:56:19 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2010/07/29 14:56:19 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2010/07/29 14:56:18 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2010/07/29 14:56:18 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2010/07/29 14:56:17 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
    [2010/07/29 14:56:16 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2010/07/29 14:56:15 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
    [2010/07/29 14:56:14 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2010/07/29 14:56:14 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2010/07/29 14:56:10 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2010/07/29 14:56:10 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2010/07/29 14:56:09 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2010/07/04 23:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Cha-zam\Local Settings\Application Data\AIM
    [2010/07/04 23:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/07/04 23:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
    [2010/06/07 12:15:26 | 000,681,472 | ---- | C] (KM-Software) -- C:\Documents and Settings\Peter Cha-zam\My Documents\msvcrt(DEBUG).dll
    [2010/06/02 18:26:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Cha-zam\Application Data\uTorrent
    [2010/05/10 01:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
    [2007/08/02 10:55:31 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
    [2007/08/02 10:55:31 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

    ========== Files - Modified Within 90 Days ==========

    [2010/08/06 00:04:10 | 000,702,442 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/06 00:04:10 | 000,572,556 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/06 00:04:10 | 000,116,844 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/06 00:00:36 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
    [2010/08/06 00:00:27 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/06 00:00:22 | 000,143,075 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
    [2010/08/05 23:59:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
    [2010/08/05 23:59:49 | 000,184,158 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2010/08/05 23:59:16 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
    [2010/08/05 23:58:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/05 23:58:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/05 23:57:57 | 020,533,248 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\ntuser.dat
    [2010/08/05 23:57:32 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Peter Cha-zam\ntuser.ini
    [2010/08/05 23:55:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4215469638-1473632133-3761401410-1008UA.job
    [2010/08/05 23:53:17 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Cha-zam\Desktop\OTL.exe
    [2010/08/05 23:24:26 | 000,001,891 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/08/05 22:33:20 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/05 21:17:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/05 21:17:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/05 21:05:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/05 17:55:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4215469638-1473632133-3761401410-1008Core.job
    [2010/08/04 21:15:49 | 000,143,075 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
    [2010/08/03 21:52:42 | 001,577,596 | -H-- | M] () -- C:\Documents and Settings\Peter Cha-zam\Local Settings\Application Data\IconCache.db
    [2010/07/30 16:40:51 | 000,009,263 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\Company.xlsx
    [2010/07/28 23:39:42 | 000,300,593 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\Chem_E_Car_Official_Rules.pdf
    [2010/07/28 23:08:04 | 000,021,004 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\psych_min4_09.pdf
    [2010/07/21 16:48:37 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\CCleaner.lnk
    [2010/07/21 16:21:04 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\Microsoft Office Word 2007 (2).lnk
    [2010/07/20 07:25:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/07/04 23:58:08 | 000,002,167 | -H-- | M] () -- C:\IPH.PH
    [2010/07/04 23:57:57 | 000,001,597 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2010/06/19 17:29:33 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\Microsoft Office Excel 2007.lnk
    [2010/06/10 11:52:36 | 000,276,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/05 19:25:21 | 000,016,393 | ---- | M] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\Interview Questions.docx

    ========== Files Created - No Company Name ==========

    [2010/08/05 23:24:06 | 000,001,891 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/08/05 21:05:48 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/05 21:05:46 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/07/29 15:18:25 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2010/07/29 15:18:22 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2010/07/29 15:09:20 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2010/07/29 15:09:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2010/07/29 15:05:50 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2010/07/29 15:01:55 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2010/07/29 15:01:49 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2010/07/29 15:01:45 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2010/07/29 15:01:41 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2010/07/29 15:01:37 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2010/07/29 14:59:10 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2010/07/29 14:59:09 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2010/07/29 14:59:08 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2010/07/29 14:56:44 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2010/07/29 14:56:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2010/07/29 14:56:43 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2010/07/29 14:56:42 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2010/07/29 14:56:42 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2010/07/29 14:56:41 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2010/07/29 14:56:41 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2010/07/29 14:56:40 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2010/07/29 14:56:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2010/07/29 14:56:35 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2010/07/29 13:16:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
    [2010/07/29 13:16:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
    [2010/07/29 13:16:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
    [2010/07/29 13:16:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
    [2010/07/29 13:16:40 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
    [2010/07/29 13:16:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
    [2010/07/29 13:16:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
    [2010/07/29 13:16:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
    [2010/07/29 13:16:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
     
  15. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    OTL Continued

    [2010/07/29 13:16:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
    [2010/07/29 13:16:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
    [2010/07/29 13:16:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
    [2010/07/29 13:16:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
    [2010/07/29 13:16:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
    [2010/07/29 13:16:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
    [2010/07/29 13:16:36 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
    [2010/07/29 13:16:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
    [2010/07/29 13:16:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
    [2010/07/29 13:16:35 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
    [2010/07/29 13:16:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
    [2010/07/29 13:16:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
    [2010/07/29 13:16:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
    [2010/07/29 13:16:34 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
    [2010/07/29 13:16:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
    [2010/07/29 13:16:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
    [2010/07/29 13:16:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
    [2010/07/29 13:16:33 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
    [2010/07/29 13:16:32 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
    [2010/07/29 13:16:32 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
    [2010/07/29 13:16:32 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
    [2010/07/29 13:16:31 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
    [2010/07/29 13:16:31 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
    [2010/07/29 13:16:31 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
    [2010/07/29 13:16:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
    [2010/07/29 13:16:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
    [2010/07/29 13:16:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
    [2010/07/29 13:16:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
    [2010/07/29 13:16:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
    [2010/07/29 13:16:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
    [2010/07/29 13:16:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
    [2010/07/29 13:16:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
    [2010/07/29 13:16:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
    [2010/07/29 13:16:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
    [2010/07/29 13:16:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
    [2010/07/29 13:16:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
    [2010/07/29 13:16:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
    [2010/07/29 13:16:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
    [2010/07/28 23:39:42 | 000,300,593 | ---- | C] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\Chem_E_Car_Official_Rules.pdf
    [2010/07/28 23:08:04 | 000,021,004 | ---- | C] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\psych_min4_09.pdf
    [2010/07/24 12:34:10 | 020,533,248 | ---- | C] () -- C:\Documents and Settings\Peter Cha-zam\ntuser.dat
    [2010/07/04 23:57:57 | 000,001,597 | ---- | C] () -- C:\Documents and Settings\Peter Cha-zam\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2010/06/19 17:32:54 | 000,009,263 | ---- | C] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\Company.xlsx
    [2010/06/07 12:15:25 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
    [2010/06/07 12:15:23 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
    [2010/06/07 12:15:23 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
    [2010/06/07 12:15:23 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
    [2010/06/07 12:15:23 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
    [2010/06/05 17:07:06 | 000,016,393 | ---- | C] () -- C:\Documents and Settings\Peter Cha-zam\Desktop\Interview Questions.docx
    [2009/10/20 17:21:26 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
    [2009/10/16 00:08:05 | 000,000,103 | ---- | C] () -- C:\WINDOWS\CHEMENG.INI
    [2009/10/16 00:08:05 | 000,000,052 | ---- | C] () -- C:\WINDOWS\EZSOLVE.INI
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/07/18 22:06:05 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
    [2008/09/27 20:18:06 | 000,251,904 | ---- | C] () -- C:\WINDOWS\System32\orant71.dll
    [2008/09/27 20:18:04 | 000,903,168 | ---- | C] () -- C:\WINDOWS\System32\mitmdl30.dll
    [2008/09/27 20:18:04 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\lffax60n.dll
    [2008/09/27 20:18:04 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\lfcmp60n.dll
    [2008/09/27 20:18:04 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\lfpng60n.dll
    [2008/09/27 20:18:04 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\lftif60n.dll
    [2008/09/27 20:18:04 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\lfpcx60n.dll
    [2008/09/27 20:18:04 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfpct60n.dll
    [2008/09/27 20:18:04 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\lfeps60n.dll
    [2008/09/27 20:18:04 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\lfbmp60n.dll
    [2008/09/27 20:18:04 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\lfpsd60n.dll
    [2008/09/27 20:18:04 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\lftga60n.dll
    [2008/09/27 20:18:04 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwpg60n.dll
    [2008/09/27 20:18:04 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\lfwmf60n.dll
    [2008/09/27 20:18:04 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\lfmsp60n.dll
    [2008/09/27 20:18:04 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\lfmac60n.dll
    [2008/08/24 01:44:46 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2008/06/28 12:21:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2008/03/25 15:15:18 | 000,000,323 | ---- | C] () -- C:\WINDOWS\game.ini
    [2008/02/28 15:08:15 | 000,031,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\livecamv.sys
    [2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/02/20 22:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
    [2008/02/20 22:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
    [2008/02/20 22:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2007/12/18 16:31:28 | 000,000,074 | ---- | C] () -- C:\WINDOWS\Battle.ini
    [2007/12/18 16:31:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\progman.ini
    [2007/10/12 22:24:32 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
    [2007/08/16 06:39:56 | 000,000,034 | ---- | C] () -- C:\WINDOWS\9DSetup.ini
    [2007/08/15 10:14:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2007/08/02 11:42:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/08/02 11:18:45 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
    [2007/08/02 11:12:19 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2007/08/02 11:10:39 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2007/08/02 11:10:39 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2007/08/02 11:10:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2007/08/02 11:10:39 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2007/08/02 11:10:39 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2007/08/02 11:10:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2007/08/02 11:02:03 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2007/08/02 11:02:03 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2007/08/02 11:02:02 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2007/08/02 11:02:02 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2007/08/02 10:57:35 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
    [2007/08/02 10:56:21 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
    [2007/08/02 10:55:33 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
    [2007/08/02 10:55:32 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
    [2007/08/02 10:54:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [2007/08/02 10:54:16 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2007/08/02 10:54:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2007/08/02 10:36:41 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2007/03/02 08:15:36 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
    [2007/03/02 08:15:25 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
    [2007/02/27 20:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
    [2007/02/27 20:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2007/01/16 11:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/09/28 14:55:34 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
    [2006/09/26 14:01:40 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2006/09/08 09:01:50 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2006/09/05 17:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
    [2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2005/02/17 14:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005/02/17 14:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== LOP Check ==========

    [2009/01/02 12:08:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
    [2010/07/04 23:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2009/10/03 18:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CambridgeSoft
    [2008/07/01 22:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
    [2009/06/18 14:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
    [2007/08/15 09:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2008/08/24 01:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2007/10/10 23:18:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
    [2008/02/28 15:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
    [2008/07/07 18:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2007/08/02 11:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
    [2009/06/15 22:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2007/12/30 02:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/08/02 11:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
    [2009/07/02 00:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2007/08/02 11:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
    [2010/04/26 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/02/27 05:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2007/08/14 17:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\acccore
    [2008/07/02 16:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\BitZipper
    [2008/01/28 01:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\ChessBase
    [2007/12/17 15:58:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\Free Download Manager
    [2007/08/15 09:06:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\HotSync
    [2008/02/10 02:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\InterVideo
    [2008/08/24 01:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\iolo
    [2008/08/10 13:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\JAM Software
    [2007/08/15 10:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\Leadertech
    [2009/02/14 14:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\Lenovo
    [2008/02/29 18:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\muvee Technologies
    [2010/04/04 16:36:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\NeopleLauncherDFO
    [2009/06/18 15:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\SystemRequirementsLab
    [2008/02/28 15:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\tmp
    [2010/06/07 12:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\uTorrent
    [2007/08/20 18:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Cha-zam\Application Data\Viewpoint
    [2010/08/05 23:59:58 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/07/01 22:29:26 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2008/02/28 15:16:08 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2009/04/30 21:50:35 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/05 21:05:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/08/05 21:24:37 | 000,025,514 | ---- | M] () -- C:\ComboFix.txt
    [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2006/04/14 01:55:44 | 000,000,529 | ---- | M] () -- C:\dsbHSM.inf
    [2009/06/08 20:21:34 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2006/04/30 03:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/07/04 23:58:08 | 000,002,167 | -H-- | M] () -- C:\IPH.PH
    [2006/04/30 03:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/28 20:51:36 | 000,250,048 | RHS- | M] () -- C:\NTLDR
    [2010/08/05 23:58:51 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2008/02/28 15:10:27 | 000,000,174 | ---- | M] () -- C:\Setup.log
    [2007/08/28 05:30:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
    [2007/08/28 05:30:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
    [2007/08/02 10:36:43 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl
    [2008/05/28 12:59:12 | 000,007,476 | ---- | M] () -- C:\TPHKLOCK.TXT
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 22:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >
     
  16. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    OTL Final + Extras File Begin

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/04/29 20:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/04/29 20:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/04/29 20:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
    < End of report >


    Extras.txt File:


    OTL Extras logfile created on: 8/6/2010 12:07:53 AM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Peter Cha-zam\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 103.65 Gb Total Space | 19.32 Gb Free Space | 18.64% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DARKNESSHADE
    Current User Name: Peter Cha-zam
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\YourStuffz\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\YourStuffz\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\YourStuffz\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\YourStuffz\Media Stuffs\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\YourStuffz\Media Stuffs\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1
     
  17. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    Extras Continued

    OTL Extras logfile created on: 8/6/2010 12:07:53 AM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Peter Cha-zam\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.11)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 103.65 Gb Total Space | 19.32 Gb Free Space | 18.64% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: DARKNESSHADE
    Current User Name: Peter Cha-zam
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\YourStuffz\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\YourStuffz\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\YourStuffz\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\YourStuffz\Media Stuffs\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\YourStuffz\Media Stuffs\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "9842:TCP" = 9842:TCP:*:Enabled:SolidNetworkManager
    "9842:UDP" = 9842:UDP:*:Enabled:SolidNetworkManager
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
    "C:\YourStuffz\CombatArms\Combat Arms\CombatArms.exe" = C:\YourStuffz\CombatArms\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
    "C:\YourStuffz\CombatArms\Combat Arms\Engine.exe" = C:\YourStuffz\CombatArms\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\YourStuffz\Mozilla Firefox\firefox.exe" = C:\YourStuffz\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
    "C:\Valve\Steam\steamapps\xsouldragonx\age of chivalry\hl2.exe" = C:\Valve\Steam\steamapps\xsouldragonx\age of chivalry\hl2.exe:*:Enabled:hl2 -- ()
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
    "C:\Program Files\Microsoft Office\Office12\EXCEL.EXE" = C:\Program Files\Microsoft Office\Office12\EXCEL.EXE:*:Enabled:Microsoft Office Excel -- (Microsoft Corporation)
    "C:\Documents and Settings\Peter Cha-zam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Peter Cha-zam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Peter Cha-zam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Peter Cha-zam\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\YourStuffz\AoM\aomx.exe" = C:\YourStuffz\AoM\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\YourStuffz\uTorrent\uTorrent.exe" = C:\YourStuffz\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
    "C:\Valve\Steam\steamapps\xsouldragonx\condition zero\hl.exe" = C:\Valve\Steam\steamapps\xsouldragonx\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
    "C:\Valve\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Valve\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
    "C:\Valve\Steam\steamapps\xsouldragonx\counter-strike source\hl2.exe" = C:\Valve\Steam\steamapps\xsouldragonx\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
    "C:\Valve\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Valve\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
    "{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{41894269-0DD1-4C85-B3DD-1EB41B07621D}" = ThinkVantage Fingerprint Software 5.6
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
    "{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v6.10.05
    "{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
    "{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_ONENOTER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
     
  18. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    Extras Final

    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_ONENOTER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ONENOTER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_ONENOTER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}_ONENOTER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_ONENOTER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
    "{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
    "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
    "{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
    "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
    "{ABDEBB00-96E9-47A2-94CC-BB0CCC4630DE}_is1" = Savage: The Battle For Newerth (Version: 1.0RC3)
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
    "{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
    "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
    "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7B6C0BE-C919-425C-A493-DF9FF11249F5}" = Enemy Territory - QUAKE Wars(TM) Demo 1.1 Patch
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
    "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
    "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
    "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
    "{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
    "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
    "{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Advanced Video FX Engine" = Advanced Video FX Engine
    "Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
    "AIM_7" = AIM 7
    "AwayTask" = Maintenance Manager
    "BitZipper_is1" = BitZipper 5.0.4
    "Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
    "CCleaner" = CCleaner
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
    "Counter-Strike: Condition Zero" = Counter-Strike: Condition Zero
    "Creative Live! Cam Center" = Creative Live! Cam Center
    "Creative Live! Cam FX Creator" = Creative Live! Cam FX Creator
    "Creative Live! Cam Manager" = Creative Live! Cam Manager
    "Creative Live! Cam User's Guide" = Creative Live! Cam User's Guide
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative VF0380" = Creative Live! Cam Optia Pro Driver (1.00.06.0000)
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "ESET Online Scanner" = ESET Online Scanner v3
    "Graboid Video" = Graboid Video 1.71
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{B7B6C0BE-C919-425C-A493-DF9FF11249F5}" = Enemy Territory - QUAKE Wars(TM) Demo 1.1 Patch
    "InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "ONENOTER" = Microsoft Office OneNote 2007
    "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
    "PCMCIAPW" = ThinkPad PC Card Power Policy
    "Power Management Driver" = ThinkPad Power Management Driver
    "PROHYBRIDR" = 2007 Microsoft Office system
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "RealPlayer 6.0" = RealPlayer
    "Remove Multimedia Center" = Remove Multimedia Center
    "Security Task Manager" = Security Task Manager 1.7h
    "SolidStateIONIE" = Solid State ION Internet Explorer Plugin
    "Steam" = Steam
    "Steam App 240" = Counter-Strike: Source
    "Steam App 302" = Day of Defeat: Source Beta
    "Steam App 550" = Left 4 Dead 2
    "Steam App 630" = Alien Swarm
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "SysInfo" = Creative System Information
    "SystemRequirementsLab" = System Requirements Lab
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "TreeSize Free_is1" = TreeSize Free V2.2.1
    "uTorrent" = µTorrent
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 1.0.1
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMCSetup" = Windows Media Connect
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Steam App 10" = Counter-Strike
    "Steam App 80" = Condition Zero

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 7/29/2010 7:03:40 PM | Computer Name = DARKNESSHADE | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    took longer than 90000 ms to complete a request. The process will be terminated.
    Thread
    id : 3920 (0xf50) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.2.133
    / 5400.1158 Object being scanned = \Device\HarddiskVolume3\Laptop Backup July04_2008\YourStuffz\AA28FullInstaller_Generic.exe

    by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

    5006(0)(0) 5004(0)(0)

    Error - 7/29/2010 7:03:42 PM | Computer Name = DARKNESSHADE | Source = McLogEvent | ID = 1008
    Description = The McShield service terminated unexpectedly. Please review event 5019
    or 5051 for details. The McShield service will be restarted in 5 seconds;

    Error - 7/29/2010 7:06:32 PM | Computer Name = DARKNESSHADE | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    took longer than 90000 ms to complete a request. The process will be terminated.
    Thread
    id : 3952 (0xf70) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.2.133
    / 5400.1158 Object being scanned = \Device\HarddiskVolume3\Laptop Backup July04_2008\YourStuffz\AA28FullInstaller_Generic.exe

    by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

    5006(0)(0) 5004(0)(0)

    Error - 7/29/2010 7:06:33 PM | Computer Name = DARKNESSHADE | Source = McLogEvent | ID = 1008
    Description = The McShield service terminated unexpectedly. Please review event 5019
    or 5051 for details. The McShield service will be restarted in 10 seconds;

    Error - 8/2/2010 2:55:05 PM | Computer Name = DARKNESSHADE | Source = Google Update | ID = 20
    Description =

    Error - 8/2/2010 8:09:36 PM | Computer Name = DARKNESSHADE | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    took longer than 90000 ms to complete a request. The process will be terminated.
    Thread
    id : 2832 (0xb10) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.2.133
    / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\iPod\iPod
    Updater 2005-09-23\iPod Updater 2005-09-23.exe by C:\WINDOWS\Explorer.EXE 4(0)(0)

    4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

    Error - 8/2/2010 8:09:36 PM | Computer Name = DARKNESSHADE | Source = McLogEvent | ID = 1008
    Description = The McShield service terminated unexpectedly. Please review event 5019
    or 5051 for details. The McShield service will be restarted in 5 seconds;

    Error - 8/5/2010 9:54:24 PM | Computer Name = DARKNESSHADE | Source = Application Hang | ID = 1002
    Description = Hanging application SUPERAntiSpyware.exe, version 4.41.0.1000, hang
    module hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/5/2010 11:57:32 PM | Computer Name = DARKNESSHADE | Source = McLogEvent | ID = 5051
    Description = A thread in process C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    took longer than 90000 ms to complete a request. The process will be terminated.
    Thread
    id : 5144 (0x1418) Thread address : 0x7C90E514 Thread message : Build VSCORE.13.3.2.133
    / 5400.1158 Object being scanned = \Device\HarddiskVolume1\Program Files\Java\jre6\lib\rt.jar

    by C:\Program Files\Java\jre6\bin\jqs.exe 22304(15016)(0) 22302(15016)(0) 22301(15016)(0)

    226(15016)(0) 223(15016)(0) 220(15016)(0) 4(0)(0) 4(0)(0)

    Error - 8/5/2010 11:57:32 PM | Computer Name = DARKNESSHADE | Source = McLogEvent | ID = 1008
    Description = The McShield service terminated unexpectedly. Please review event 5019
    or 5051 for details. The McShield service will be restarted in 5 seconds;

    [ OSession Events ]
    Error - 11/13/2009 11:09:58 AM | Computer Name = DARKNESSHADE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 73
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/5/2010 9:08:42 PM | Computer Name = DARKNESSHADE | Source = Service Control Manager | ID = 7034
    Description = The tvtnetwk service terminated unexpectedly. It has done this 1
    time(s).

    Error - 8/5/2010 9:13:22 PM | Computer Name = DARKNESSHADE | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_GUSBSTOI\0000 disappeared from the system without
    first being prepared for removal.

    Error - 8/5/2010 9:13:22 PM | Computer Name = DARKNESSHADE | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_XDVA259\0000 disappeared from the system without
    first being prepared for removal.

    Error - 8/5/2010 9:13:22 PM | Computer Name = DARKNESSHADE | Source = PlugPlayManager | ID = 11
    Description = The device Root\LEGACY_XDVA279\0000 disappeared from the system without
    first being prepared for removal.

    Error - 8/5/2010 9:17:15 PM | Computer Name = DARKNESSHADE | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 8/5/2010 9:18:28 PM | Computer Name = DARKNESSHADE | Source = Service Control Manager | ID = 7011
    Description = Timeout (30000 milliseconds) waiting for a transaction response from
    the NVSvc service.

    Error - 8/5/2010 9:20:48 PM | Computer Name = DARKNESSHADE | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC000000D'
    while processing the file 'ATMELTPM.INF' on the volume 'HarddiskVolume2'. It has
    stopped monitoring the volume.

    Error - 8/5/2010 11:57:32 PM | Computer Name = DARKNESSHADE | Source = Service Control Manager | ID = 7034
    Description = The McAfee McShield service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 8/5/2010 11:59:32 PM | Computer Name = DARKNESSHADE | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 8/6/2010 12:01:57 AM | Computer Name = DARKNESSHADE | Source = sr | ID = 1
    Description = The System Restore filter encountered the unexpected error '0xC000000D'
    while processing the file 'ATMELTPM.INF' on the volume 'HarddiskVolume2'. It has
    stopped monitoring the volume.


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Great!
    Thank you :)

    While I'm checking your logs...

    1. You didn't say how your computer is doing.
    2. msvcrt(DEBUG).dll is a legit file.
    3. Tracking cookies are harmless. No worries.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

    ===================================================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
      O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - Reg Error: Key error. File not found
      @Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
      "DisableMonitoring" =-
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  21. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    ???

    "Lately my computer seems to be alright though, I haven't had any trojan alerts for a while."
    I don't know how else to answer your question for #1... How is my computer doing?

    ummm.. programs seem to run smoothly, I haven't noticed any odd start-up programs, Internet surfing seems fine...
    My scans seem to be pretty clean. I'm keeping McAfee, SuperAntispyware, and Malwarebytes updated. All-in-all my laptop is running as expected for the time being.

    I'm sorry if this isn't the answer you're looking for but I don't know what else to say.
    :(
     
  22. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That's fine :)
    Maybe, I missed something from your previous replies.
    I'm tired, picking up Bobbye's topics :)

    Go ahead with my previous reply.
    This time, you can attach resulting logs.
     
  23. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    Here are the quick scan and run fix logs.
    sorry for the late replies, my internet is poopy because of my dad. :dead:
     

    Attached Files:

  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  25. Darknesshade

    Darknesshade TS Rookie Topic Starter Posts: 18

    hi

    Security Check:

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    McAfee VirusScan Enterprise
    McAfee AntiSpyware Enterprise Module
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    Java(TM) 6 Update 21
    Adobe Flash Player 10.1.53.64
    Adobe Reader 9.3.3
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    McAfee VirusScan Enterprise mcshield.exe
    McAfee VirusScan Enterprise vstskmgr.exe
    Peter Cha-zam Desktop VirusWar SecurityCheck.exe
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````




    Kaspersky scan took around 3.3 hours lol
    Kaspersky Log:

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, August 6, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, August 06, 2010 15:17:22
    Records in database: 4134525
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\

    Scan statistics:
    Objects scanned: 157052
    Threats found: 1
    Infected objects found: 1
    Suspicious objects found: 0
    Scan duration: 03:22:30


    File name / Threat / Threats count
    C:\_OTM\MovedFiles\08032010_150605\C_YourStuffz\MediaStuffs\FreeRIP_AudioConverter\freeripmp3.exe
    Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.br 1

    Selected area has been scanned.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...