Malwarebytes detected malware but did not remove, can't find it in specified folder

Solved
By sunbeam08
Mar 23, 2011
Topic Status:
Not open for further replies.
  1. Hello,

    I detected a lag in the response of my keyboard when I played Tetris Battle on Facebook. Also there's a delayed reaction of my computer when I click on things. So I did a Malwarebyte scan of my C:/ drive. It detected 2 malware files, but took no action. I went into the specified folders to remove them manually, but one of the files was not in the folder that it specified. Is it hidden? How do I remove it? I removed 'ESUGMSI.exe' manually. Would greatly appreciate your help.

    Here's the log from the scan:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6137

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/22/2011 11:28:50 PM
    mbam-log-2011-03-22 (23-28-33).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 296998
    Time elapsed: 1 hour(s), 28 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\SymNoNav\esugdlgcontrol.exe (Malware.Gen) -> No action taken.
    c:\SymNoNav\ESUGMSI.exe (Malware.Gen) -> No action taken.
  2. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    You posted in malware removal forum before, so you should know what the drill is....
  3. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    ah, ok. didn't know malware and rootkit are in the same category. scanning...
  4. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6137

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/23/2011 10:06:05 PM
    mbam-log-2011-03-23 (22-06-05).txt

    Scan type: Quick scan
    Objects scanned: 201160
    Time elapsed: 8 minute(s), 53 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)





    GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit quick scan 2011-03-23 22:43:10
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9500420AS rev.0002SDM1
    Running: xxg1d8tc.exe; Driver: C:\DOCUME~1\camron\LOCALS~1\Temp\kwryyfoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  5. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by camron at 22:49:00.25 on Wed 03/23/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.213 [GMT -7:00]
    .
    AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Common Files\Virtual Token\vtserver.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxddcoms.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    C:\Program Files\Cisco\Cisco Secure Desktop\Storage.exe
    C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\Program Files\Real\RealPlayer\update\realsched.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Sophos\AutoUpdate\almon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\camron\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Documents and Settings\camron\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No File
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [PPAP] "c:\program files\common files\pplivenetwork\PPAP.exe" -background
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
    mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
    mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
    mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
    mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
    mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    StartupFolder: c:\docume~1\camron\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
    IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\PkgMgr.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.yorkphoto.com/YorkActivia.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://sunbeam08.multiply.com/photos/uploader.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - c:\program files\thinkvantage fingerprint software\psfus.dll
    Notify: tpfnf2 - notifyf2.dll
    Notify: tphotkey - tphklock.dll
    AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\camron\applic~1\mozilla\firefox\profiles\5rsz2f7g.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\camron\application data\facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\camron\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\camron\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\documents and settings\camron\application data\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\camron\application data\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\documents and settings\camron\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\documents and settings\camron\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\camron\application data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2008-12-16 153344]
    R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2008-12-16 24064]
    R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
    R2 PrivateDisk;PrivateDisk;c:\program files\ibm thinkvantage\safeguard privatedisk\privatediskm.sys [2005-6-28 46142]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
    R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]
    R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2009-10-16 431456]
    R2 smi2;smi2;c:\program files\smi2\smi2.sys [2005-8-2 3968]
    R2 SmiHlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2005-7-12 3328]
    R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]
    R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]
    R2 twingostoragedriver;twingostoragedriver;c:\program files\cisco\cisco secure desktop\CSD37189d.sys [2011-1-12 73856]
    R2 TwingoStorageService;Cisco Systems Secure Desktop;c:\program files\cisco\cisco secure desktop\Storage.exe [2011-1-12 34312]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-8-20 370872]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [2011-3-1 44416]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
    R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [2005-8-5 57728]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-29 135664]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [2010-11-1 99248]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [2005-8-5 73600]
    S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-12-16 14976]
    .
    =============== Created Last 30 ================
    .
    2011-03-15 07:12:39 -------- d-----w- c:\program files\iPod
    2011-03-15 07:12:24 -------- d-----w- c:\program files\iTunes
    2011-03-02 18:27:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sophos Web Intelligence
    2011-03-02 18:26:05 -------- d-----w- c:\program files\common files\Cisco Systems
    2011-03-02 18:25:55 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
    2011-03-02 03:12:47 40800 ----a-w- c:\windows\system32\drivers\point32.sys
    2011-03-02 03:12:21 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-03-02 03:11:53 44416 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2011-03-02 03:11:53 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2011-03-02 03:11:45 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2011-03-02 02:41:17 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2011-03-02 02:41:17 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
    2011-02-26 21:28:13 -------- d-----w- c:\docume~1\camron\locals~1\applic~1\Yahoo!
    2011-02-25 07:14:50 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ==================== Find3M ====================
    .
    2011-03-20 08:00:06 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2011-02-25 07:14:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-25 07:14:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll
    2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57:06 677888 ------w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44:37 439296 ------w- c:\windows\system32\shimgvw.dll
    2011-01-13 02:26:32 4096 ----a-w- c:\windows\system32\CiscoSD.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys
    2010-12-14 06:57:50 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe
    2010-12-02 03:30:19 133432520 ----a-w- c:\program files\Ad-AwareInstall.exe
    2010-12-02 03:22:29 16409960 ----a-w- c:\program files\spybotsd162.exe
    2010-11-24 23:24:08 6153352 ----a-w- c:\program files\malware-setup-1.46.exe
    2007-02-12 17:17:30 1286944 ------w- c:\program files\SetupAnyDVD6114.exe
    2006-12-03 20:28:42 6083152 ------w- c:\program files\SightSpeedInstall.exe
    2006-11-29 22:53:06 739240 ------w- c:\program files\vnc-4_1_2-x86_win32.exe
    2006-10-30 18:16:16 482288 ------w- c:\program files\YorkPhotoShow.exe
    2006-09-05 10:30:45 3800811 ------w- c:\program files\wace265i.exe
    2003-04-22 15:46:52 2719744 ------w- c:\program files\aiodrv.msi
    2003-04-22 15:42:04 2588672 ------w- c:\program files\aiosw.msi
    2003-03-10 02:30:44 184320 ----a-w- c:\program files\hpzscr07.dll
    2003-03-10 02:30:42 274432 ----a-w- c:\program files\hpzglu07.exe
    2003-03-10 02:30:42 237568 ----a-w- c:\program files\hpzc3212.dll
    2002-09-09 23:48:20 22608 ----a-w- c:\program files\usbprint.sys
    2002-09-09 23:48:12 12288 ----a-w- c:\program files\usbmon.dll
    2002-09-09 23:47:52 254005 ----a-w- c:\program files\msvcrt.dll
    2002-09-09 23:47:44 70656 ----a-w- c:\program files\msvcirt.dll
    2002-09-09 23:47:00 212992 ----a-w- c:\program files\hpzpnp07.dll
    2002-09-09 23:46:50 49212 ----a-w- c:\program files\hpzjvp01.dll
    2002-09-09 23:46:42 249913 ----a-w- c:\program files\hpzjut01.dll
    2002-09-09 23:46:32 417849 ----a-w- c:\program files\hpzjpp01.dll
    2002-09-09 23:46:24 28722 ----a-w- c:\program files\hpzjlog.dll
    2002-09-06 15:54:56 995383 ----a-w- c:\program files\MFC42.DLL
    .
    ============= FINISH: 22:49:43.17 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/24/2006 10:49:37 PM
    System Uptime: 3/23/2011 9:52:19 PM (1 hours ago)
    .
    Motherboard: IBM | | 25137BU
    Processor: Intel(R) Pentium(R) M processor 1.86GHz | None | 1862/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 100 GiB total, 22.978 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is FIXED (NTFS) - 294 GiB total, 224.901 GiB free.
    G: is FIXED (NTFS) - 51 GiB total, 12.681 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Broadcom NetXtreme Gigabit Ethernet
    Device ID: PCI\VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11\4&111A1FD8&0&00E0
    Manufacturer: Broadcom
    Name: Broadcom NetXtreme Gigabit Ethernet
    PNP Device ID: PCI\VEN_14E4&DEV_167D&SUBSYS_05771014&REV_11\4&111A1FD8&0&00E0
    Service: b57w2k
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Sierra Wireless 1xEV-DO Network Adapter
    Device ID: SWMUXBUS\SW_NETEVDO01\6&12C83729&0&0&2
    Manufacturer: Sierra Wireless
    Name: Sierra Wireless 1xEV-DO Network Adapter
    PNP Device ID: SWMUXBUS\SW_NETEVDO01\6&12C83729&0&0&2
    Service: SWNC5E01
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    ==== System Restore Points ===================
    .
    RP34: 1/14/2011 12:29:46 PM - System Checkpoint
    RP35: 1/16/2011 2:21:36 PM - System Checkpoint
    RP36: 1/17/2011 4:25:56 PM - System Checkpoint
    RP37: 1/20/2011 10:00:03 PM - System Checkpoint
    RP38: 1/21/2011 1:00:29 PM - Installed ArtRage Studio Pro Demo
    RP39: 1/22/2011 3:23:44 PM - System Checkpoint
    RP40: 1/23/2011 3:45:12 PM - System Checkpoint
    RP41: 1/24/2011 6:36:05 PM - System Checkpoint
    RP42: 1/25/2011 7:00:41 PM - System Checkpoint
    RP43: 1/28/2011 11:55:05 AM - System Checkpoint
    RP44: 1/29/2011 3:47:31 PM - System Checkpoint
    RP45: 1/29/2011 9:47:22 PM - Configured Microsoft Office Professional Plus 2010
    RP46: 1/29/2011 10:07:05 PM - Removed Microsoft Office Professional Plus 2010
    RP47: 1/30/2011 12:10:29 PM - Software Distribution Service 3.0
    RP48: 2/1/2011 6:44:45 PM - System Checkpoint
    RP49: 2/2/2011 10:05:57 PM - System Checkpoint
    RP50: 2/4/2011 6:19:36 PM - System Checkpoint
    RP51: 2/5/2011 1:25:01 PM - Installed Microsoft Office Professional Plus 2010
    RP52: 2/5/2011 1:58:22 PM - Installed Microsoft Office Professional Plus 2010
    RP53: 2/5/2011 3:08:16 PM - Installed Microsoft Office Professional 2010 Trial
    RP54: 2/5/2011 3:21:22 PM - Printer Driver Send To Microsoft OneNote 2010 Driver Installed
    RP55: 2/6/2011 5:45:27 PM - System Checkpoint
    RP56: 2/7/2011 9:51:08 AM - Software Distribution Service 3.0
    RP57: 2/8/2011 6:14:52 PM - System Checkpoint
    RP58: 2/9/2011 6:15:46 PM - System Checkpoint
    RP59: 2/10/2011 6:45:47 PM - Software Distribution Service 3.0
    RP60: 2/11/2011 7:42:18 PM - System Checkpoint
    RP61: 2/13/2011 12:22:22 AM - System Checkpoint
    RP62: 2/14/2011 12:49:01 AM - System Checkpoint
    RP63: 2/14/2011 9:32:12 PM - Installed Microsoft Office Enterprise 2007
    RP64: 2/14/2011 9:22:07 PM - Printer Driver Send To Microsoft OneNote Driver Installed
    RP65: 2/15/2011 10:11:58 PM - System Checkpoint
    RP66: 2/16/2011 4:54:25 PM - Software Distribution Service 3.0
    RP67: 2/17/2011 11:53:27 PM - System Checkpoint
    RP68: 2/18/2011 11:41:15 AM - Software Distribution Service 3.0
    RP69: 2/20/2011 10:05:30 PM - System Checkpoint
    RP70: 2/22/2011 6:17:04 PM - System Checkpoint
    RP71: 2/22/2011 9:34:53 PM - Configured Microsoft Office Enterprise 2007
    RP72: 2/24/2011 7:24:50 AM - System Checkpoint
    RP73: 2/24/2011 11:13:12 PM - Removed Java(TM) 6 Update 13
    RP74: 2/24/2011 11:14:04 PM - Installed Java(TM) 6 Update 24
    RP75: 2/25/2011 11:21:26 PM - System Checkpoint
    RP76: 2/27/2011 10:39:39 AM - System Checkpoint
    RP77: 2/28/2011 9:29:15 PM - System Checkpoint
    RP78: 3/1/2011 7:12:21 PM - Installed Windows XP Wdf01009.
    RP79: 3/2/2011 10:36:05 PM - System Checkpoint
    RP80: 3/5/2011 6:32:06 PM - System Checkpoint
    RP81: 3/6/2011 6:35:04 PM - System Checkpoint
    RP82: 3/7/2011 7:53:24 PM - System Checkpoint
    RP83: 3/12/2011 3:49:13 PM - Software Distribution Service 3.0
    RP84: 3/13/2011 10:38:07 PM - System Checkpoint
    RP85: 3/15/2011 10:37:18 AM - System Checkpoint
    RP86: 3/16/2011 11:01:30 PM - System Checkpoint
    RP87: 3/18/2011 12:23:10 AM - System Checkpoint
    RP88: 3/19/2011 12:23:11 PM - System Checkpoint
    RP89: 3/20/2011 5:21:23 PM - System Checkpoint
    RP90: 3/21/2011 11:31:15 PM - System Checkpoint
    RP91: 3/23/2011 12:14:16 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    Access Help
    Adobe Acrobat 6.0 Standard
    Adobe AIR
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArtRage Studio Pro Demo
    Before You Know It 3.6
    Bonjour
    Byki
    Byki Express for camron
    Canon MP160
    Cisco AnyConnect VPN Client
    Cisco Secure Desktop
    Citrix XenApp Web Plugin
    Corel WinDVD 2010
    Coupon Printer for Windows
    Definition update for Microsoft Office 2010 (KB982726)
    Diskeeper Lite
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DLA
    Facebook Plug-In
    FileHippo.com Update Checker
    Fingerprint Tutorial
    Foxit Reader
    Garmin City Navigator North America NT 2010.20
    Garmin Communicator Plugin
    Garmin USB Drivers
    Google Chrome
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Help Center
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2443685)
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    hp psc 1200 series
    Intel(R) Graphics Media Accelerator Driver for Mobile
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Lenovo Battery Program
    Lexmark 2500 Series
    Logitech QuickCam Driver Package
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 8.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Premium
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Software Update for Web Folders (English) 14
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Monopoly by Parker Brothers
    Move Media Player
    Mozilla Firefox (3.6.16)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    palmOne
    Photosynth 2.0.1519.16
    PPTV V2.7.0.0031
    Productivity Center Supplement for ThinkPad
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    RecordNow Audio
    RecordNow Copy
    RecordNow Data
    Rescue and Recovery - Client Security Solution
    Rosetta Stone Ltd Services
    Seagate*DiscWizard
    Secunia PSI
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Segoe UI
    Sierra Wireless MC5720 Package for Access Connections
    Skype™ 5.0
    Software Installer
    Sonic Express Labeler
    Sonic Update Manager
    Sophos Anti-Virus
    Sophos AutoUpdate
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    System Migration Assistant 5.0
    ThinkPad Bluetooth with Enhanced Data Rate Software
    ThinkPad Configuration
    ThinkPad EasyEject Utility
    ThinkPad FullScreen Magnifier
    ThinkPad Hotkey Features Setup
    ThinkPad Keyboard Customizer Utility
    ThinkPad PC Card Power Policy
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad Presentation Director
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Wizard
    ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
    ThinkVantage Access Connections
    ThinkVantage Active Protection System
    ThinkVantage Away Manager
    ThinkVantage Fingerprint Software 4.6.0
    ThinkVantage Productivity Center
    ThinkVantage System Update
    ThinkVantage Technologies Welcome Message
    TrackPoint Accessibility Features
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Update for Outlook 2007 Junk Email Filter (KB2508979)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB971029)
    VC80CRTRedist - 8.0.50727.4053
    VZAccess Manager for Lenovo
    Wallpapers
    WebFldrs XP
    WinAce Archiver
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WOT for Internet Explorer
    XP Codec Pack
    XP Themes
    Yahoo! BrowserPlus 2.9.8
    YouTube Downloader 2.6.1
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/23/2011 9:53:42 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
    3/22/2011 5:26:29 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
    3/22/2011 5:26:29 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
    3/22/2011 5:26:29 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
    3/20/2011 7:57:57 PM, error: Service Control Manager [7023] - The Sophos Anti-Virus service terminated with the following error: Unspecified error
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The TVT Scheduler service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The TVT Backup Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The ThinkVantage System Update service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The ThinkPad HDD APS Logging Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The Sophos AutoUpdate Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The Sophos Anti-Virus status reporter service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The Seagate Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The RosettaStoneDaemon service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The Protexis Licensing V2 service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The lxdd_device service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The IBM KCU Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The ACU Configuration Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7034] - The Access Connections Main Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:52:30 PM, error: Service Control Manager [7031] - The Cisco Systems Secure Desktop service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    3/20/2011 7:52:30 PM, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/20/2011 7:52:30 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Cisco AnyConnect VPN Agent service to connect.
    3/20/2011 7:52:30 PM, error: Service Control Manager [7000] - The Cisco AnyConnect VPN Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/20/2011 7:51:59 PM, error: Service Control Manager [7034] - The IPS Core Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:51:59 PM, error: Service Control Manager [7034] - The Ac Profile Manager Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:51:59 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/20/2011 7:51:58 PM, error: Service Control Manager [7034] - The ThinkPad PM Service service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:51:58 PM, error: Service Control Manager [7034] - The Protector Suite Virtual Token service terminated unexpectedly. It has done this 1 time(s).
    3/20/2011 7:51:58 PM, error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    3/18/2011 4:38:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService service to connect.
    3/18/2011 4:38:52 PM, error: Service Control Manager [7001] - The Infrared Monitor service depends on the Terminal Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    3/18/2011 4:38:52 PM, error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/16/2011 5:56:52 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the JavaQuickStarterService service.
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    It looks clean, so far...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  7. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    ComboFix 11-03-24.02 - camron 03/24/2011 21:16:27.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.663 [GMT -7:00]
    Running from: c:\documents and settings\camron\Desktop\ComboFix.exe
    AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
    .
    The following files were disabled during the run:
    c:\program files\Cisco\Cisco Secure Desktop\CscoCSD.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\camron\Application Data\Local
    c:\documents and settings\camron\Application Data\Local\Temp\DDM\Settings\0.ddi
    c:\documents and settings\camron\Application Data\Local\Temp\DDM\Settings\1.ddi
    c:\documents and settings\camron\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
    c:\documents and settings\camron\Application Data\Local\Temp\DDM\Settings\settings.ddi
    c:\documents and settings\camron\Application Data\Local\Temp\DDM\Settings\SherlockHolmes_trailer_592.divx.ddr
    c:\documents and settings\camron\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
    c:\documents and settings\camron\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\SherlockHolmes_trailer_592.divx
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-15 07:12 . 2011-03-15 07:12 -------- d-----w- c:\program files\iPod
    2011-03-15 07:12 . 2011-03-15 07:13 -------- d-----w- c:\program files\iTunes
    2011-03-02 18:27 . 2011-03-02 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos Web Intelligence
    2011-03-02 18:26 . 2011-03-02 18:26 -------- d-----w- c:\program files\Common Files\Cisco Systems
    2011-03-02 18:25 . 2010-07-23 17:31 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
    2011-03-02 03:12 . 2011-01-07 23:56 40800 ----a-w- c:\windows\system32\drivers\point32.sys
    2011-03-02 03:12 . 2008-11-08 02:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-03-02 03:11 . 2011-01-07 23:56 44416 ----a-w- c:\windows\system32\drivers\dc3d.sys
    2011-03-02 03:11 . 2011-01-07 23:56 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
    2011-03-02 03:11 . 2011-03-02 03:11 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2011-03-02 02:41 . 2008-04-14 04:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
    2011-03-02 02:41 . 2008-04-14 04:39 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
    2011-02-26 21:28 . 2011-02-26 21:28 -------- d-----w- c:\documents and settings\camron\Local Settings\Application Data\Yahoo!
    2011-02-25 07:14 . 2011-02-25 07:14 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-20 08:00 . 2006-05-18 14:54 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2011-02-25 07:14 . 2010-06-03 15:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-25 07:14 . 2009-05-31 09:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-09 13:53 . 1980-01-01 07:00 270848 ------w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 1980-01-01 07:00 186880 ------w- c:\windows\system32\encdec.dll
    2011-02-02 07:58 . 2004-08-09 17:51 2067456 ------w- c:\windows\system32\mstscax.dll
    2011-01-27 11:57 . 2004-08-09 17:51 677888 ------w- c:\windows\system32\mstsc.exe
    2011-01-21 14:44 . 1980-01-01 07:00 439296 ------w- c:\windows\system32\shimgvw.dll
    2011-01-13 02:26 . 2011-01-13 02:26 4096 ----a-w- c:\windows\system32\CiscoSD.dll
    2011-01-07 14:09 . 1980-01-01 07:00 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10 . 1980-01-01 07:00 1854976 ------w- c:\windows\system32\win32k.sys
    2010-12-14 06:57 . 2010-12-02 03:18 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe
    2010-12-02 03:30 . 2010-12-02 03:26 133432520 ----a-w- c:\program files\Ad-AwareInstall.exe
    2010-12-02 03:22 . 2010-12-02 03:21 16409960 ----a-w- c:\program files\spybotsd162.exe
    2010-11-24 23:24 . 2010-11-24 23:22 6153352 ----a-w- c:\program files\malware-setup-1.46.exe
    2007-02-12 17:17 . 2007-02-12 17:17 1286944 ------w- c:\program files\SetupAnyDVD6114.exe
    2006-12-03 20:28 . 2006-12-03 20:28 6083152 ------w- c:\program files\SightSpeedInstall.exe
    2006-11-29 22:53 . 2006-11-29 22:52 739240 ------w- c:\program files\vnc-4_1_2-x86_win32.exe
    2006-10-30 18:16 . 2006-10-30 18:16 482288 ------w- c:\program files\YorkPhotoShow.exe
    2006-09-05 10:30 . 2006-09-05 10:30 3800811 ------w- c:\program files\wace265i.exe
    2003-04-22 15:46 . 2003-04-22 15:46 2719744 ------w- c:\program files\aiodrv.msi
    2003-04-22 15:42 . 2003-04-22 15:42 2588672 ------w- c:\program files\aiosw.msi
    2003-03-10 02:30 . 2003-03-10 02:30 184320 ----a-w- c:\program files\hpzscr07.dll
    2003-03-10 02:30 . 2003-03-10 02:30 274432 ----a-w- c:\program files\hpzglu07.exe
    2003-03-10 02:30 . 2003-03-10 02:30 237568 ----a-w- c:\program files\hpzc3212.dll
    2002-09-09 23:48 . 2002-09-09 23:48 22608 ----a-w- c:\program files\usbprint.sys
    2002-09-09 23:48 . 2002-09-09 23:48 12288 ----a-w- c:\program files\usbmon.dll
    2002-09-09 23:47 . 2002-09-09 23:47 254005 ----a-w- c:\program files\msvcrt.dll
    2002-09-09 23:47 . 2002-09-09 23:47 70656 ----a-w- c:\program files\msvcirt.dll
    2002-09-09 23:47 . 2002-09-09 23:47 212992 ----a-w- c:\program files\hpzpnp07.dll
    2002-09-09 23:46 . 2002-09-09 23:46 49212 ----a-w- c:\program files\hpzjvp01.dll
    2002-09-09 23:46 . 2002-09-09 23:46 249913 ----a-w- c:\program files\hpzjut01.dll
    2002-09-09 23:46 . 2002-09-09 23:46 417849 ----a-w- c:\program files\hpzjpp01.dll
    2002-09-09 23:46 . 2002-09-09 23:46 28722 ----a-w- c:\program files\hpzjlog.dll
    2002-09-06 15:54 . 2002-09-06 15:54 995383 ----a-w- c:\program files\MFC42.DLL
    2008-08-17 01:42 . 2008-08-17 01:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2008-08-17 01:42 . 2008-08-17 01:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2008-08-17 01:42 . 2008-08-17 01:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2008-08-17 01:42 . 2008-08-17 01:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2008-08-17 01:43 . 2008-08-17 01:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2008-08-17 01:42 . 2008-08-17 01:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2008-08-17 01:42 . 2008-08-17 01:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2008-05-21 16:41 . 2008-05-21 16:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
    2008-05-21 16:41 . 2008-05-21 16:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
    2008-05-21 16:41 . 2008-05-21 16:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
    2008-06-05 21:58 . 2008-06-05 21:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2008-08-17 01:42 . 2008-08-17 01:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-12-04 16862600]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-10 68856]
    "PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-12-10 185784]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-09-09 114688]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-11-24 106496]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 196696]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-16 409600]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-16 98304]
    "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
    "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
    "Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-19 274608]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 1797488]
    "Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-21 439536]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    c:\documents and settings\camron\Start Menu\Programs\Startup\
    Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2005-07-12 16:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-06-17 05:23 24576 ------w- c:\windows\system32\tphklock.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\system32\\igfxsrvc.exe"=
    "c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
    "c:\\WINDOWS\\system32\\lxddcoms.exe"=
    "c:\\Program Files\\PPLive\\PPTV\\PPLive.exe"=
    "c:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe"=
    "c:\\Program Files\\PPLive\\PPTV\\PPLiveU.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "443:UDP"= 443:UDP:*:Disabled:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
  8. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "37674:UDP"= 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:*:Disabled:eek:oVoo UDP port 37675
    .
    R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [12/16/2008 3:11 PM 153344]
    R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [12/16/2008 3:11 PM 24064]
    R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 8:26 AM 46142]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 4:44 PM 444224]
    R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/8/2010 8:15 AM 163056]
    R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [6/4/2010 4:23 AM 97520]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 4:39 PM 431456]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 5:47 PM 3968]
    R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 9:37 AM 3328]
    R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [10/8/2010 8:15 AM 1541360]
    R2 twingostoragedriver;twingostoragedriver;c:\program files\Cisco\Cisco Secure Desktop\CSD37189d.sys [1/12/2011 7:26 PM 73856]
    R2 TwingoStorageService;Cisco Systems Secure Desktop;c:\program files\Cisco\Cisco Secure Desktop\Storage.exe [1/12/2011 7:26 PM 34312]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [8/20/2008 8:42 PM 370872]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [3/1/2011 8:11 PM 44416]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 7:05 AM 14904]
    R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [8/5/2005 2:31 PM 57728]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2010 4:11 PM 135664]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [11/1/2010 9:54 AM 99248]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
    S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 2:42 PM 73600]
    S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [12/16/2008 3:11 PM 14976]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
    .
    2010-11-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4280864326.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
    .
    2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]
    .
    2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]
    .
    2011-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]
    .
    2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]
    .
    2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
    - c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]
    .
    2011-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
    - c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]
    .
    2011-03-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2935761307-200697175-915879435-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
    .
    2011-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2935761307-200697175-915879435-1005.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
    FF - ProfilePath - c:\documents and settings\camron\Application Data\Mozilla\Firefox\Profiles\5rsz2f7g.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: network.proxy.type - 0
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\camron\Application Data\Move Networks
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-24 21:29
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    detected NTDLL code modification:
    ZwOpenFile
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2935761307-200697175-915879435-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:4b,00,e8,59,ae,4f,21,13,5f,8f,db,a8,5c,4e,ee,47,b5,c2,38,d8,e0,40,7b,
    ab,42,2e,59,08,82,36,6e,aa,b4,c1,06,7b,0c,9b,85,d4,ab,f4,a8,f4,91,bf,8f,f9,\
    "??"=hex:19,27,5b,5b,73,11,f8,ae,39,c1,1e,dd,0b,6d,f7,f6
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(780)
    c:\program files\ThinkVantage Fingerprint Software\psfus.dll
    c:\program files\Common Files\Virtual Token\psutil.dll
    c:\program files\Common Files\Virtual Token\Remote.dll
    c:\windows\system32\tphklock.dll
    c:\program files\Common Files\Virtual Token\passport.dll
    c:\program files\Cisco\Cisco Secure Desktop\CscoCSD.dll
    .
    - - - - - - - > 'lsass.exe'(836)
    c:\program files\Cisco\Cisco Secure Desktop\CscoCSD.dll
    .
    - - - - - - - > 'explorer.exe'(292)
    c:\windows\system32\WININET.dll
    c:\program files\Cisco\Cisco Secure Desktop\CscoCSD.dll
    c:\windows\system32\PROCHLP.DLL
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    - - - - - - - > 'csrss.exe'(756)
    c:\program files\Cisco\Cisco Secure Desktop\CscoCSD.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Virtual Token\vtserver.exe
    c:\windows\system32\ibmpmsvc.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxddcoms.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Sophos\AutoUpdate\ALsvc.exe
    c:\windows\System32\TPHDEXLG.EXE
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
    c:\windows\system32\acs.exe
    c:\program files\Microsoft IntelliPoint\dpupdchk.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-03-24 21:35:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-03-25 04:35
    .
    Pre-Run: 24,473,448,448 bytes free
    Post-Run: 24,449,642,496 bytes free
    .
    - - End Of File - - 562A553527792F0E8124B3F5087155D8
  9. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Looks good now.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  10. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    OTL Extras logfile created on: 3/24/2011 11:23:44 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\camron\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 21.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 100.01 Gb Total Space | 22.74 Gb Free Space | 22.73% Space Free | Partition Type: NTFS
    Drive E: | 243.88 Mb Total Space | 224.70 Mb Free Space | 92.14% Space Free | Partition Type: FAT
    Drive F: | 294.00 Gb Total Space | 224.90 Gb Free Space | 76.50% Space Free | Partition Type: NTFS
    Drive G: | 51.03 Gb Total Space | 12.68 Gb Free Space | 24.85% Space Free | Partition Type: NTFS

    Computer Name: LENOVO-190B3298 | User Name: camron | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
  11. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    [HKEY_USERS\S-1-5-21-2935761307-200697175-915879435-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
    "" =
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
     
  12. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "443:UDP" = 443:UDP:*:Disabled:eek:oVoo UDP port 443
  13. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "37674:TCP" = 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
    "37674:UDP" = 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
    "37675:UDP" = 37675:UDP:*:Disabled:eek:oVoo UDP port 37675
  14. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
    "C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:printing Application -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" = C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:*:Disabled:InstallShield Update Service Agent -- (InstallShield Software Corporation)
    "C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\camron\Local Settings\Application
  15. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
    "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
    "C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Disabled: -- (Lexmark International, Inc.)
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Disabled: -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Disabled: -- ()
  16. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Disabled:Device Monitor Application -- ()
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
    "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Disabled: -- ()
    "C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Disabled:2500 Series Server -- ( )
    "C:\Program Files\PPLive\PPTV\PPLive.exe" = C:\Program Files\PPLive\PPTV\PPLive.exe:*:Disabled:pPLive -- (PPLive Corporation)
    "C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe" = C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe:*:Disabled:pPLive -- (PPLive Corporation)
  17. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "C:\Program Files\PPLive\PPTV\PPLiveU.exe" = C:\Program Files\PPLive\PPTV\PPLiveU.exe:*:Disabled:pPLiveU -- (PPLive Corporation)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- ()
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
    "{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
    "{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
    "{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
    "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2A43FF29-0D97-4445-B82D-9324F176AED5}" = ThinkVantage System Update
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
    "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{6CE96A14-61E2-48CC-837E-22710A953ADE}" = XP Themes
    "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
    "{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7C86AF56-90B7-4E45-AD78-112C0E97B587}" = Before You Know It 3.6
    "{7DA0C101-5C7C-40C9-A485-68E12780232C}" = Sierra Wireless MC5720 Package for Access Connections
    "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
    "{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{93F4B16C-2F6C-41BE-9FAE-5062C1C40922}" = Byki
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
    "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
    "{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}" = System Migration Assistant 5.0
    "{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
    "{9C538746-C2DC-40FC-B1FB-D4EA7966ABEB}" = Skype™ 5.0
    "{9E936417-55D6-402D-97AA-07C7FEF07444}" = ThinkVantage Fingerprint Software 4.6.0
    "{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
    "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
    "{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B8BB83A5-47BC-46BA-A096-F0F175AFAF44}" = ArtRage Studio Pro Demo
    "{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
    "{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" = Software Installer
    "{D3C9E16D-AA27-491F-A29D-6FDF6B60AFC0}" = VZAccess Manager for Lenovo
    "{D5A4CE1B-59ED-4D85-A3B2-6E0AFF448E4B}" = Diskeeper Lite
    "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
    "{D9F50DFC-5894-460A-9B14-44889BF42DFB}" = Cisco AnyConnect VPN Client
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
    "{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F2655391-0C83-4360-A1A3-E93AB80FE07B}" = Fingerprint Tutorial
    "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
    "{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
    "{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
    "{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
    "{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AwayTask" = ThinkVantage Away Manager
    "Cisco Secure Desktop" = Cisco Secure Desktop
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "FileHippo.com" = FileHippo.com Update Checker
    "Foxit Reader" = Foxit Reader
    "Google Updater" = Google Updater
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Lexmark 2500 Series" = Lexmark 2500 Series
    "lvdrivers_11.50" = Logitech QuickCam Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Monopoly by Parker Brothers" = Monopoly by Parker Brothers
    "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office14.SingleImage" = Microsoft Office Professional 2010
    "PCMCIAPW" = ThinkPad PC Card Power Policy
    "Power Management Driver" = ThinkPad Power Management Driver
    "PPLive" = PPTV V2.7.0.0031
    "Presentation Director" = ThinkPad Presentation Director
    "RealPlayer 12.0" = RealPlayer
    "Secunia PSI" = Secunia PSI
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WinAce Archiver" = WinAce Archiver
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XP Codec Pack" = XP Codec Pack

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2935761307-200697175-915879435-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Byki Express for camron" = Byki Express for camron
    "Facebook Plug-In" = Facebook Plug-In
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/24/2011 3:02:10 AM | Computer Name = LENOVO-190B3298 | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3360

    Error - 3/25/2011 12:31:38 AM | Computer Name = LENOVO-190B3298 | Source = CiscoSD | ID = 0
    Description = Blocked file access to restricted area (1904 # 'Catchme.tmp -l N_\3881
    -Iqdf "C:\Documents and Settings\camron\Application Data"')

    Error - 3/25/2011 2:10:13 AM | Computer Name = LENOVO-190B3298 | Source = CiscoSD | ID = 0
    Description = Blocked file access to restricted area (3388 # '"C:\Documents and
    Settings\camron\Desktop\OTL.exe" ')

    Error - 3/25/2011 2:10:13 AM | Computer Name = LENOVO-190B3298 | Source = CiscoSD | ID = 0
    Description = Blocked file access to restricted area (3388 # '"C:\Documents and
    Settings\camron\Desktop\OTL.exe" ')

    Error - 3/25/2011 2:10:13 AM | Computer Name = LENOVO-190B3298 | Source = CiscoSD | ID = 0
    Description = Blocked file access to restricted area (3388 # '"C:\Documents and
    Settings\camron\Desktop\OTL.exe" ')

    Error - 3/25/2011 2:17:53 AM | Computer Name = LENOVO-190B3298 | Source = CiscoSD | ID = 0
    Description = Blocked file access to restricted area (3388 # '"C:\Documents and
    Settings\camron\Desktop\OTL.exe" ')

    Error - 3/25/2011 2:24:56 AM | Computer Name = LENOVO-190B3298 | Source = CiscoSD | ID = 0
    Description = Blocked file access to restricted area (3388 # '"C:\Documents and
    Settings\camron\Desktop\OTL.exe" ')

    Error - 3/25/2011 2:24:56 AM | Computer Name = LENOVO-190B3298 | Source = CiscoSD | ID = 0
    Description = Blocked file access to restricted area (3388 # '"C:\Documents and
    Settings\camron\Desktop\OTL.exe" ')

    Error - 3/25/2011 2:24:56 AM | Computer Name = LENOVO-190B3298 | Source = CiscoSD | ID = 0
    Description = Blocked file access to restricted area (3388 # '"C:\Documents and
    Settings\camron\Desktop\OTL.exe" ')

    Error - 3/25/2011 2:34:24 AM | Computer Name = LENOVO-190B3298 | Source = CiscoSD | ID = 0
    Description = Blocked file access to restricted area (3388 # '"C:\Documents and
    Settings\camron\Desktop\OTL.exe" ')

    [ Cisco AnyConnect VPN Client Events ]
    Error - 3/16/2011 9:01:23 PM | Computer Name = LENOVO-190B3298 | Source = vpnagent | ID = 50331669
    Description = Failed Route change: Action: AddRoute Destination: 192.168.1.255 Netmask:
    255.255.255.255 Gateway: 10.233.192.1 Interface: 10.233.222.3 Metric: 1

    Error - 3/16/2011 9:01:23 PM | Computer Name = LENOVO-190B3298 | Source = vpnagent | ID = 50331649
    Description = Function: AddRouteChange Return code: 0xFE07000D File: .\ChangeRouteHelper.cpp
    Line:
    212 Description: ROUTETABLE_ERROR_CREATEIPFORWARDENTRY_FAILED

    Error - 3/16/2011 9:01:26 PM | Computer Name = LENOVO-190B3298 | Source = vpnui | ID = 50724865
    Description = Function: AgentIfc::AgentAttach Return code: 0xFE000009 File: .\AgentIfc.cpp
    Line:
    104 Description: unknown Initial state not received as expected.

    Error - 3/16/2011 9:01:50 PM | Computer Name = LENOVO-190B3298 | Source = vpnui | ID = 50724865
    Description = Function: AgentIfc::AgentAttach Return code: 0xFE000009 File: .\AgentIfc.cpp
    Line:
    104 Description: unknown Initial state not received as expected.

    Error - 3/16/2011 9:01:57 PM | Computer Name = LENOVO-190B3298 | Source = vpnagent | ID = 50331649
    Description = Function: WSAGetOverlappedResult Return code: 10054 File: .\IPC\SocketTransport.cpp
    Line:
    1237 Description: An existing connection was forcibly closed by the remote host.



    Error - 3/16/2011 9:01:57 PM | Computer Name = LENOVO-190B3298 | Source = vpnagent | ID = 50331649
    Description = Function: WSARecv/WSARecvFrom Return code: 10054 File: .\IPC\SocketTransport.cpp
    Line:
    1238 Description: An existing connection was forcibly closed by the remote host.



    Error - 3/16/2011 9:01:57 PM | Computer Name = LENOVO-190B3298 | Source = vpnagent | ID = 50331649
    Description = Function: CSocketTransport::readSocket Return code: 0xFE1F000F File:
    .\IPC\IPCTransport.cpp Line: 770 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE


    Error - 3/16/2011 9:01:57 PM | Computer Name = LENOVO-190B3298 | Source = vpnagent | ID = 50331649
    Description = Function: CIpcTransport::OnSocketReadComplete Return code: 0xFE1F000F
    File:
    .\IPC\IPCDepot.cpp Line: 787 Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE


    Error - 3/16/2011 9:01:57 PM | Computer Name = LENOVO-190B3298 | Source = vpnagent | ID = 50331649
    Description = Function: WSASend Return code: 10054 File: .\IPC\SocketTransport.cpp
    Line:
    1612 Description: An existing connection was forcibly closed by the remote host.



    Error - 3/16/2011 9:01:57 PM | Computer Name = LENOVO-190B3298 | Source = vpnagent | ID = 50331649
    Description = Function: CSocketTransport::writeSocketBlocking Return code: 0xFE1F000B
    File:
    .\IPC\IPCTransport.cpp Line: 370 Description: SOCKETTRANSPORT_ERROR_WRITE

    [ System Events ]
    Error - 3/24/2011 12:53:44 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7001
    Description = The Infrared Monitor service depends on the Terminal Services service
    which failed to start because of the following error: %%1058

    Error - 3/24/2011 12:53:44 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
    service to connect.

    Error - 3/24/2011 12:53:44 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7000
    Description = The lxddCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 3/25/2011 12:16:11 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
    Description = The IBM KCU Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 3/25/2011 12:16:11 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
    Description = The ThinkVantage System Update service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 3/25/2011 12:16:12 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
    Description = The Ac Profile Manager Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 3/25/2011 12:16:12 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
    Description = The ACU Configuration Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 3/25/2011 12:26:15 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7001
    Description = The Infrared Monitor service depends on the Terminal Services service
    which failed to start because of the following error: %%1058

    Error - 3/25/2011 12:26:15 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
    service to connect.

    Error - 3/25/2011 12:26:15 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7000
    Description = The lxddCATSCustConnectService service failed to start due to the
    following error: %%1053


    < End of report >
  18. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    OTL logfile created on: 3/24/2011 11:23:43 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\camron\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 21.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 57.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 100.01 Gb Total Space | 22.74 Gb Free Space | 22.73% Space Free | Partition Type: NTFS
    Drive E: | 243.88 Mb Total Space | 224.70 Mb Free Space | 92.14% Space Free | Partition Type: FAT
    Drive F: | 294.00 Gb Total Space | 224.90 Gb Free Space | 76.50% Space Free | Partition Type: NTFS
    Drive G: | 51.03 Gb Total Space | 12.68 Gb Free Space | 24.85% Space Free | Partition Type: NTFS

    Computer Name: LENOVO-190B3298 | User Name: camron | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/24 23:06:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    PRC - [2011/01/12 19:26:32 | 000,034,312 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco Secure Desktop\Storage.exe
    PRC - [2010/12/18 19:45:18 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2010/12/09 22:18:28 | 000,185,784 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe
    PRC - [2010/12/09 12:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/12/08 14:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    PRC - [2010/10/14 20:24:07 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Documents and Settings\camron\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/10/08 08:15:18 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    PRC - [2010/10/08 08:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    PRC - [2010/09/21 09:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    PRC - [2010/09/21 09:16:17 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    PRC - [2010/07/21 04:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
    PRC - [2010/06/04 04:23:16 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    PRC - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009/10/16 16:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    PRC - [2009/10/16 16:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    PRC - [2009/10/16 16:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    PRC - [2009/10/16 16:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    PRC - [2009/09/03 16:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    PRC - [2008/08/20 20:42:44 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/25 07:41:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
    PRC - [2005/12/15 17:14:46 | 000,143,360 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2005/12/15 17:14:34 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    PRC - [2005/12/15 17:14:14 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    PRC - [2005/12/15 17:13:54 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    PRC - [2005/11/08 16:07:02 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
    PRC - [2005/09/27 23:26:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2005/09/02 01:00:00 | 000,073,728 | ---- | M] (Lenovo Ltd.) -- C:\WINDOWS\system32\IPSSVC.EXE
    PRC - [2005/08/02 19:12:44 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    PRC - [2005/08/02 19:06:54 | 000,032,768 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Logger\logmon.exe
    PRC - [2005/08/02 19:02:20 | 001,372,160 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    PRC - [2005/08/02 18:17:30 | 000,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    PRC - [2005/08/01 17:32:40 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    PRC - [2005/07/21 15:55:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    PRC - [2005/07/12 09:40:08 | 000,040,551 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
    PRC - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
    PRC - [2003/04/09 16:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    PRC - [2003/04/09 16:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    PRC - [2003/04/09 15:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
    PRC - [2003/04/09 15:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/24 23:06:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    MOD - [2011/01/12 19:26:32 | 000,801,792 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco Secure Desktop\CscoCSD.dll
    MOD - [2010/12/09 22:18:24 | 000,099,760 | ---- | M] (PPLive Corporation) -- C:\Program Files\Common Files\PPLiveNetwork\kernel\VAProxyD.dll
    MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2009/07/11 23:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2009/07/11 10:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
    MOD - [2005/09/02 01:00:00 | 000,086,016 | ---- | M] (Lenovo Ltd.) -- C:\WINDOWS\system32\PROCHLP.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
    SRV - [2011/01/12 19:26:32 | 000,034,312 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco Secure Desktop\Storage.exe -- (TwingoStorageService)
    SRV - [2010/10/08 08:15:18 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
    SRV - [2010/10/08 08:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
    SRV - [2010/09/21 09:16:17 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
    SRV - [2010/06/04 04:23:16 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
    SRV - [2010/03/11 15:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/10/16 16:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
    SRV - [2009/09/03 16:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
    SRV - [2008/08/20 20:42:44 | 000,370,872 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
    SRV - [2007/05/25 07:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
    SRV - [2007/05/25 07:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
    SRV - [2005/12/15 17:14:46 | 000,143,360 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2005/12/15 17:13:54 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2005/11/08 16:07:02 | 000,036,864 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
    SRV - [2005/09/27 23:26:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2005/09/02 01:00:00 | 000,073,728 | ---- | M] (Lenovo Ltd.) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
    SRV - [2005/08/02 19:12:44 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2005/08/02 19:02:20 | 001,372,160 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
    SRV - [2005/08/02 18:17:30 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
    SRV - [2005/08/01 17:32:40 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
    SRV - [2005/07/21 15:55:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2005/07/12 09:40:08 | 000,040,551 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
    SRV - [2005/06/06 21:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/01/12 19:26:32 | 000,073,856 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Cisco\Cisco Secure Desktop\CSD37189d.sys -- (twingostoragedriver)
    DRV - [2011/01/07 16:56:12 | 000,044,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
    DRV - [2010/10/08 08:14:59 | 000,153,344 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
    DRV - [2010/10/08 08:14:59 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
    DRV - [2010/09/02 09:35:41 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2010/09/02 09:35:41 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2010/09/02 09:35:14 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2010/09/02 09:34:51 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
    DRV - [2010/07/07 07:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
    DRV - [2008/08/20 19:57:28 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
    DRV - [2008/05/23 01:38:25 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
    DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
    DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/10/12 09:56:33 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2006/05/18 07:52:34 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2005/12/08 17:32:16 | 000,470,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2005/11/08 09:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
    DRV - [2005/11/08 09:27:20 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
    DRV - [2005/09/02 01:00:00 | 000,005,120 | ---- | M] (Lenovo Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
    DRV - [2005/08/10 01:50:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
    DRV - [2005/08/10 01:50:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
    DRV - [2005/08/10 01:10:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
    DRV - [2005/08/08 02:40:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2005/08/05 14:42:18 | 000,073,600 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E01.sys -- (SWNC5E01) Sierra Wireless MUX NDIS Driver (#01)
    DRV - [2005/08/05 14:31:30 | 000,057,728 | ---- | M] (Sierra Wireless Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmx01.sys -- (swmx01) Sierra Wireless USB MUX Driver (#01)
    DRV - [2005/08/02 18:15:38 | 000,013,184 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
    DRV - [2005/07/21 15:48:38 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2005/07/21 15:46:14 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2005/07/21 15:44:28 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2005/07/21 15:43:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2005/07/21 15:40:54 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2005/07/12 09:37:08 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (SmiHlp)
    DRV - [2005/06/28 08:26:02 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
    DRV - [2005/05/12 16:06:40 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/05/12 16:05:44 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/05/12 16:05:40 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2002/09/20 14:15:42 | 000,472,396 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
    DRV - [2002/09/20 14:14:54 | 000,012,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2935761307-200697175-915879435-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2935761307-200697175-915879435-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2935761307-200697175-915879435-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: " http://www.google.com/ig"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/18 18:29:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/18 18:29:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 17:55:53 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 17:55:53 | 000,000,000 | ---D | M]

    [2010/12/18 18:52:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\camron\Application Data\Mozilla\Extensions
    [2011/03/24 21:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\camron\Application Data\Mozilla\Firefox\Profiles\5rsz2f7g.default\extensions
    [2010/12/22 19:57:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\camron\Application Data\Mozilla\Firefox\Profiles\5rsz2f7g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/03/24 21:36:25 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\camron\Application Data\Mozilla\Firefox\Profiles\5rsz2f7g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/03/24 21:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/02/25 00:14:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2010/06/27 12:57:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CAMRON\APPLICATION DATA\MOVE NETWORKS
    [2010/12/18 18:29:30 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
    [2010/12/18 18:29:31 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
    [2011/02/25 00:14:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
    [2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
    [2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
    [2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
    [2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
    [2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
    [2011/02/25 00:14:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
    [2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

    O1 HOSTS File: ([2011/03/24 21:29:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKU\S-1-5-21-2935761307-200697175-915879435-1005\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKU\S-1-5-21-2935761307-200697175-915879435-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKU\S-1-5-21-2935761307-200697175-915879435-1005\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
    O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
    O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
    O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-2935761307-200697175-915879435-1005..\Run: [PPAP] C:\Program Files\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
    O4 - Startup: C:\Documents and Settings\camron\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2935761307-200697175-915879435-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2935761307-200697175-915879435-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKU\S-1-5-21-2935761307-200697175-915879435-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-2935761307-200697175-915879435-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
    O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPTV\PPLive.exe (PPLive Corporation)
    O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.yorkphoto.com/YorkActivia.cab (Snapfish Activia)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://sunbeam08.multiply.com/photos/uploader.cab (Aurigma Image Uploader 3.0 Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
    O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.146.192.16 24.113.32.30
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll (UPEK Inc.)
    O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
    O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\camron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\camron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/24 23:06:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    [2011/03/24 21:13:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/03/24 21:13:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/03/24 21:13:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/03/24 21:13:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/03/24 21:11:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/23 22:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\camron\Desktop\Clean Comp
    [2011/03/15 00:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
    [2011/03/15 00:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/03/15 00:12:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/03/02 11:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
    [2011/03/02 11:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
    [2011/03/02 11:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
    [2011/03/02 11:25:55 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
    [2011/03/01 20:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse
    [2011/03/01 20:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
    [2011/02/26 14:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\camron\Start Menu\Programs\BrowserPlus
    [2011/02/26 14:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\camron\Local Settings\Application Data\Yahoo!
    [2010/12/01 20:26:03 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
    [2010/12/01 20:21:59 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2010/12/01 20:18:36 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.0.0.exe
    [2010/11/24 16:22:53 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\malware-setup-1.46.exe
    [2010/11/01 09:53:18 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
    [2010/11/01 09:53:18 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
    [2010/11/01 09:53:18 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
    [2010/11/01 09:53:18 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
    [2010/11/01 09:53:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
    [2010/11/01 09:53:17 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
    [2010/11/01 09:53:17 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
    [2010/11/01 09:53:17 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
    [2010/11/01 09:53:17 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
    [2010/11/01 09:53:17 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
    [2010/11/01 09:53:16 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
    [2010/11/01 09:53:15 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
    [2010/11/01 09:53:15 | 000,537,520 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcoms.exe
    [2010/11/01 09:53:15 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
    [2010/11/01 09:53:15 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
    [2006/12/03 13:28:42 | 006,083,152 | ---- | C] (SightSpeed Inc.) -- C:\Program Files\SightSpeedInstall.exe
    [2006/11/29 15:52:58 | 000,739,240 | ---- | C] (RealVNC Ltd. ) -- C:\Program Files\vnc-4_1_2-x86_win32.exe
    [2006/10/30 11:16:16 | 000,482,288 | ---- | C] (Simple Star, Inc.) -- C:\Program Files\YorkPhotoShow.exe
    [2006/09/05 03:30:40 | 003,800,811 | ---- | C] (e-merge GmbH) -- C:\Program Files\wace265i.exe
    [2004/11/24 11:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
    [2003/03/09 19:30:44 | 000,184,320 | ---- | C] (HP) -- C:\Program Files\hpzscr07.dll
    [2003/03/09 19:30:42 | 000,274,432 | ---- | C] (HP) -- C:\Program Files\hpzglu07.exe
    [2003/03/09 19:30:42 | 000,237,568 | ---- | C] (Hewlett-Packard Co.) -- C:\Program Files\hpzc3212.dll
    [2002/09/09 16:48:20 | 000,022,608 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbprint.sys
    [2002/09/09 16:48:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbmon.dll
    [2002/09/09 16:47:52 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
    [2002/09/09 16:47:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
    [2002/09/09 16:47:00 | 000,212,992 | ---- | C] (HP) -- C:\Program Files\hpzpnp07.dll
    [2002/09/09 16:46:50 | 000,049,212 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjvp01.dll
    [2002/09/09 16:46:42 | 000,249,913 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjut01.dll
    [2002/09/09 16:46:32 | 000,417,849 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjpp01.dll
    [2002/09/09 16:46:24 | 000,028,722 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjlog.dll
    [2002/09/06 08:54:56 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MFC42.DLL

    ========== Files - Modified Within 30 Days ==========

    [2011/03/24 23:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
    [2011/03/24 23:29:04 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
    [2011/03/24 23:06:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    [2011/03/24 22:36:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/03/24 22:29:02 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
    [2011/03/24 21:29:40 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/03/24 21:29:33 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/03/24 21:29:31 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2935761307-200697175-915879435-1005.job
    [2011/03/24 21:29:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/03/24 21:25:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/03/24 21:25:56 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/24 18:02:01 | 004,301,769 | R--- | M] () -- C:\Documents and Settings\camron\Desktop\ComboFix.exe
    [2011/03/23 16:30:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
    [2011/03/21 21:54:18 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2011/03/19 12:10:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/03/15 22:39:55 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/03/15 22:39:55 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/03/12 19:47:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2935761307-200697175-915879435-1005.job
    [2011/03/12 17:12:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2011/03/02 23:20:29 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/03/01 20:12:58 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_point32_01009.Wdf
    [2011/03/01 20:12:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2011/03/01 20:12:31 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2011/02/26 14:24:12 | 000,083,968 | ---- | M] () -- C:\Documents and Settings\camron\My Documents\Volunteer Sign-Up Form 2010.pub

    ========== Files Created - No Company Name ==========

    [2011/03/24 21:13:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/03/24 21:13:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/03/24 21:13:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/03/24 21:13:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/03/24 21:13:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/03/24 18:01:46 | 004,301,769 | R--- | C] () -- C:\Documents and Settings\camron\Desktop\ComboFix.exe
    [2011/03/01 20:12:58 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_point32_01009.Wdf
    [2011/03/01 20:12:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
    [2011/03/01 20:12:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
    [2011/02/26 14:24:12 | 000,083,968 | ---- | C] () -- C:\Documents and Settings\camron\My
  19. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    Documents\Volunteer Sign-Up Form 2010.pub
    [2010/12/02 21:16:18 | 000,074,052 | ---- | C] () -- C:\Program Files\bookmarks.html
    [2010/11/01 09:54:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
    [2010/11/01 09:54:56 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
    [2010/11/01 09:54:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
    [2010/11/01 09:54:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
    [2010/11/01 09:54:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
    [2010/11/01 09:53:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
    [2010/11/01 09:53:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
    [2010/11/01 09:53:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
    [2010/08/03 12:33:14 | 000,019,558 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
    [2010/08/03 12:33:14 | 000,016,606 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
    [2010/04/01 12:26:03 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\camron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/25 23:58:08 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
    [2010/02/23 19:30:19 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
    [2010/02/23 19:29:20 | 000,010,628 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2010/02/23 13:04:53 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\camron\Application Data\setup_ldm.iss
    [2010/02/23 12:46:44 | 000,001,056 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    [2009/08/01 15:22:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
    [2009/07/25 12:38:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2009/05/29 07:54:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2008/09/01 10:39:13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2008/02/27 10:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
    [2007/06/02 11:46:32 | 000,153,840 | ---- | C] () -- C:\WINDOWS\System32\ARThumb.dll
    [2007/03/03 15:44:32 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2007/02/12 10:17:18 | 001,286,944 | ---- | C] () -- C:\Program Files\SetupAnyDVD6114.exe
    [2007/01/20 15:48:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2006/11/09 12:23:27 | 000,002,934 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2006/10/13 15:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2006/10/13 14:19:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
    [2006/07/17 15:00:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
    [2006/06/12 15:38:43 | 000,002,153 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/05/24 21:31:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/05/18 07:56:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/05/18 07:55:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
    [2006/05/18 07:55:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
    [2006/05/18 07:55:31 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
    [2006/05/18 07:55:04 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
    [2006/05/18 07:52:34 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
    [2006/05/18 07:51:08 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
    [2006/05/18 07:48:44 | 000,000,160 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/05/18 07:42:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006/05/18 07:42:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006/05/18 07:42:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006/05/18 07:42:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006/05/18 07:42:11 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006/05/18 07:42:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006/05/18 07:09:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
    [2006/05/18 07:09:28 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
    [2006/05/18 07:07:05 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2006/05/18 07:07:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2006/05/18 07:07:05 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
    [2006/05/18 07:06:31 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
    [2006/05/18 06:55:44 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/09/02 13:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/07/21 15:50:58 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2005/06/24 01:05:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
    [2005/06/21 18:46:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
    [2005/05/23 08:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
    [2005/05/23 08:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
    [2004/11/29 07:43:20 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
    [2004/10/11 22:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2004/10/11 22:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2004/10/11 22:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
    [2004/10/08 22:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2004/10/05 00:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2004/10/03 09:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
    [2004/08/09 11:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/09 11:01:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/09 10:51:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/09 10:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/09 10:45:31 | 000,289,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2003/04/22 08:46:52 | 002,719,744 | ---- | C] () -- C:\Program Files\aiodrv.msi
    [2003/04/22 08:42:04 | 002,588,672 | ---- | C] () -- C:\Program Files\aiosw.msi
    [2003/04/22 08:23:58 | 000,000,267 | ---- | C] () -- C:\Program Files\readme.html
    [2003/04/10 16:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
    [2003/04/09 16:19:46 | 000,002,848 | ---- | C] () -- C:\Program Files\hpound08.inf
    [2003/04/09 16:19:42 | 000,014,157 | ---- | C] () -- C:\Program Files\hpousc08.inf
    [2003/04/09 16:00:50 | 000,002,889 | ---- | C] () -- C:\Program Files\hpousb08.inf
    [2003/04/09 16:00:48 | 000,004,715 | ---- | C] () -- C:\Program Files\hpoglu08.inf
    [2003/03/20 14:20:50 | 000,022,523 | ---- | C] () -- C:\Program Files\HPZius12.cat
    [2003/03/20 14:20:48 | 000,022,082 | ---- | C] () -- C:\Program Files\hpzist12.cat
    [2003/03/20 14:20:44 | 000,022,082 | ---- | C] () -- C:\Program Files\HPZid412.cat
    [2003/03/20 14:20:40 | 000,024,285 | ---- | C] () -- C:\Program Files\hposcu08.cat
    [2003/03/09 19:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2003/03/09 19:30:44 | 000,014,285 | ---- | C] () -- C:\Program Files\hpzius12.inf
    [2003/03/09 19:30:44 | 000,010,325 | ---- | C] () -- C:\Program Files\hpzipr12.inf
    [2003/03/09 19:30:44 | 000,003,667 | ---- | C] () -- C:\Program Files\hpzist12.inf
    [2003/03/09 19:30:42 | 000,063,562 | ---- | C] () -- C:\Program Files\hposcu08.inf
    [2003/03/09 19:30:42 | 000,051,266 | ---- | C] () -- C:\Program Files\hpoprn08.inf
    [2003/03/09 19:30:42 | 000,033,952 | ---- | C] () -- C:\Program Files\hpzid412.inf
    [2003/03/09 19:30:42 | 000,023,186 | ---- | C] () -- C:\Program Files\hpzcin06.ex_
    [2003/03/09 19:30:42 | 000,003,898 | ---- | C] () -- C:\Program Files\hpounp08.inf
    [2002/09/09 16:47:36 | 000,055,155 | ---- | C] () -- C:\Program Files\hpzusb00.sy_
    [2002/09/09 16:47:26 | 000,005,705 | ---- | C] () -- C:\Program Files\hpzuci02.dl_
    [2002/09/09 16:47:08 | 000,025,639 | ---- | C] () -- C:\Program Files\hpzpom04.dl_
    [2002/09/09 16:46:16 | 000,052,552 | ---- | C] () -- C:\Program Files\hpziou01.dl_
    [2002/01/25 00:04:50 | 000,005,440 | ---- | C] () -- C:\WINDOWS\System32\mciwa16.dll
    [2002/01/25 00:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
    [2002/01/25 00:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
    [2002/01/25 00:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
    [2002/01/25 00:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
    [2002/01/25 00:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
    [2002/01/25 00:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mciwaw95.ini
    [2002/01/25 00:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
    [2002/01/25 00:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
    [2002/01/25 00:04:50 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
    [2002/01/25 00:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
    [2002/01/25 00:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
    [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
    [1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [1980/01/01 00:00:00 | 000,444,596 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [1980/01/01 00:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [1980/01/01 00:00:00 | 000,072,306 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [1980/01/01 00:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
    [1980/01/01 00:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
    [1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [1980/01/01 00:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
    [1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [1980/01/01 00:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
    [1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [1980/01/01 00:00:00 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI

    ========== LOP Check ==========

    [2006/05/18 07:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
    [2006/05/24 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ThinkVantage
    [2010/11/06 19:29:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2011/01/12 19:23:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco
    [2010/12/09 21:26:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/12/31 14:21:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
    [2010/02/23 12:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
    [2009/10/28 13:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2006/10/12 09:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2006/05/18 07:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
    [2010/12/18 19:09:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jlcm
    [2006/05/18 07:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
    [2010/12/09 21:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/05/15 17:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2010/02/23 12:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2010/12/18 19:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLive
    [2010/01/28 15:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
    [2010/09/02 09:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2011/03/02 11:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
    [2011/03/02 11:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
    [2010/12/15 23:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/08/27 10:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
    [2010/09/06 16:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2011/01/21 14:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Ambient Design
    [2011/01/12 19:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Cisco
    [2010/04/12 12:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Facebook
    [2009/05/15 14:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\FairStars Audio Converter
    [2010/12/20 18:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Foxit Software
    [2008/07/16 10:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\FreeCall
    [2009/10/28 02:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\GARMIN
    [2006/10/12 09:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\HotSync
    [2006/05/18 07:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\IBM
    [2011/01/17 16:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\ICAClient
    [2008/11/02 16:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\InternetCalls
    [2006/05/24 23:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\InterVideo
    [2006/05/26 14:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Leadertech
    [2007/01/20 15:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Lenovo
    [2010/11/01 09:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Lexmark Productivity Studio
    [2009/05/26 03:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\NCH Swift Sound
    [2010/04/22 18:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\ooVoo Details
    [2010/12/18 19:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\PPLive
    [2007/03/03 15:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\SlySoft
    [2006/10/14 08:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Snapfish
    [2006/05/24 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\ThinkVantage
    [2010/09/23 10:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Transparent
    [2008/05/18 15:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Unyte
    [2008/07/15 12:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\VoipBuster
    [2010/06/26 21:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\VoipStunt
    [2006/05/18 07:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\IBM
    [2006/05/24 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\ThinkVantage
    [2006/05/18 07:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\IBM
    [2007/08/23 04:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\InterVideo
    [2006/05/24 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\ThinkVantage
    [2006/05/18 07:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Lenovo
    [2006/05/18 07:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mom\Application Data\IBM
    [2006/05/24 22:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mom\Application Data\ThinkVantage
    [2010/11/21 13:39:35 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1280864326.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/05/24 22:49:29 | 000,000,194 | ---- | M] () -- C:\Boot.bak
    [2010/12/17 20:31:59 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
    [2004/08/09 10:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/03/24 21:35:57 | 000,025,660 | ---- | M] () -- C:\ComboFix.txt
    [2011/03/24 21:25:56 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/20 14:10:22 | 000,000,518 | ---- | M] () -- C:\hpfr3420.xml
    [2010/10/20 14:10:26 | 000,029,130 | ---- | M] () -- C:\hpfr3425.log
    [2010/10/20 13:58:51 | 000,000,393 | -H-- | M] () -- C:\hpothb07.dat
    [2010/10/20 13:58:51 | 000,000,987 | -H-- | M] () -- C:\hpothb07.tif
    [2010/12/17 23:51:17 | 000,007,225 | ---- | M] () -- C:\JavaRa.log
    [2006/10/28 09:26:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/30 22:04:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/03/24 21:25:52 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2011/03/23 12:00:22 | 000,000,692 | ---- | M] () -- C:\rr.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/09 10:54:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/09/13 03:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
    [2006/09/13 03:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2009/07/09 09:54:52 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp091.dll
    [2007/03/28 14:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    [2007/02/27 03:16:26 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >
    [2005/01/30 08:50:26 | 000,012,151 | ---- | M] () -- C:\WINDOWS\system32\logoxp.jpg

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/12/01 20:30:19 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
    [2003/04/22 08:46:52 | 002,719,744 | ---- | M] () -- C:\Program Files\aiodrv.msi
    [2003/04/22 08:42:04 | 002,588,672 | ---- | M] () -- C:\Program Files\aiosw.msi
    [2010/12/02 21:16:18 | 000,074,052 | ---- | M] () -- C:\Program Files\bookmarks.html
    [2003/04/09 16:00:48 | 000,004,715 | ---- | M] () -- C:\Program Files\hpoglu08.inf
    [2003/03/09 19:30:42 | 000,051,266 | ---- | M] () -- C:\Program Files\hpoprn08.inf
    [2003/03/20 14:20:40 | 000,024,285 | ---- | M] () -- C:\Program Files\hposcu08.cat
    [2003/03/09 19:30:42 | 000,063,562 | ---- | M] () -- C:\Program Files\hposcu08.inf
    [2003/04/09 16:19:46 | 000,002,848 | ---- | M] () -- C:\Program Files\hpound08.inf
    [2003/03/09 19:30:42 | 000,003,898 | ---- | M] () -- C:\Program Files\hpounp08.inf
    [2003/04/09 16:00:50 | 000,002,889 | ---- | M] () -- C:\Program Files\hpousb08.inf
    [2003/04/09 16:19:42 | 000,014,157 | ---- | M] () -- C:\Program Files\hpousc08.inf
    [2003/03/09 19:30:42 | 000,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\hpzc3212.dll
    [2003/03/09 19:30:42 | 000,023,186 | ---- | M] () -- C:\Program Files\hpzcin06.ex_
    [2003/03/09 19:30:42 | 000,274,432 | ---- | M] (HP) -- C:\Program Files\hpzglu07.exe
    [2003/03/20 14:20:44 | 000,022,082 | ---- | M] () -- C:\Program Files\HPZid412.cat
    [2003/03/09 19:30:42 | 000,033,952 | ---- | M] () -- C:\Program Files\hpzid412.inf
    [2002/09/09 16:46:16 | 000,052,552 | ---- | M] () -- C:\Program Files\hpziou01.dl_
    [2003/03/09 19:30:44 | 000,010,325 | ---- | M] () -- C:\Program Files\hpzipr12.inf
    [2003/03/20 14:20:48 | 000,022,082 | ---- | M] () -- C:\Program Files\hpzist12.cat
    [2003/03/09 19:30:44 | 000,003,667 | ---- | M] () -- C:\Program Files\hpzist12.inf
    [2003/03/20 14:20:50 | 000,022,523 | ---- | M] () -- C:\Program Files\HPZius12.cat
    [2003/03/09 19:30:44 | 000,014,285 | ---- | M] () -- C:\Program Files\hpzius12.inf
    [2002/09/09 16:46:24 | 000,028,722 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjlog.dll
    [2002/09/09 16:46:32 | 000,417,849 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjpp01.dll
    [2002/09/09 16:46:42 | 000,249,913 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjut01.dll
    [2002/09/09 16:46:50 | 000,049,212 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjvp01.dll
    [2002/09/09 16:47:00 | 000,212,992 | ---- | M] (HP) -- C:\Program Files\hpzpnp07.dll
    [2002/09/09 16:47:08 | 000,025,639 | ---- | M] () -- C:\Program Files\hpzpom04.dl_
    [2003/03/09 19:30:44 | 000,184,320 | ---- | M] (HP) -- C:\Program Files\hpzscr07.dll
    [2002/09/09 16:47:26 | 000,005,705 | ---- | M] () -- C:\Program Files\hpzuci02.dl_
    [2002/09/09 16:47:36 | 000,055,155 | ---- | M] () -- C:\Program Files\hpzusb00.sy_
    [2010/11/24 16:24:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\malware-setup-1.46.exe
    [2010/12/13 23:57:50 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.0.0.exe
    [2002/09/06 08:54:56 | 000,995,383 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MFC42.DLL
    [2002/09/09 16:47:44 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
    [2002/09/09 16:47:52 | 000,254,005 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
    [2003/04/22 08:23:58 | 000,000,267 | ---- | M] () -- C:\Program Files\readme.html
    [2007/02/12 10:17:30 | 001,286,944 | ---- | M] () -- C:\Program Files\SetupAnyDVD6114.exe
    [2006/12/03 13:28:42 | 006,083,152 | ---- | M] (SightSpeed Inc.) -- C:\Program Files\SightSpeedInstall.exe
    [2010/12/01 20:22:29 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2002/09/09 16:48:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\usbmon.dll
    [2002/09/09 16:48:20 | 000,022,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\usbprint.sys
    [2006/11/29 15:53:06 | 000,739,240 | ---- | M] (RealVNC Ltd. ) -- C:\Program Files\vnc-4_1_2-x86_win32.exe
    [2006/09/05 03:30:45 | 003,800,811 | ---- | M] (e-merge GmbH) -- C:\Program Files\wace265i.exe
    [2006/10/30 11:16:16 | 000,482,288 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\YorkPhotoShow.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/09 10:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/09 10:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/09 10:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/30 22:18:06 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/05/24 22:50:25 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\camron\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/09 11:03:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\camron\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2011/03/24 18:02:01 | 004,301,769 | R--- | M] () -- C:\Documents and Settings\camron\Desktop\ComboFix.exe
    [2011/01/21 13:59:45 | 036,848,800 | ---- | M] (Ambient Design) -- C:\Documents and Settings\camron\Desktop\install_artrage_studiopro_demo.exe
    [2011/03/24 23:06:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    [2010/06/26 21:11:53 | 004,161,624 | ---- | M] (Finarea S.A. Switzerland ) -- C:\Documents and Settings\camron\Desktop\setupvoipstunt.exe
    [2011/01/11 19:58:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\TFC.exe
    [2011/01/12 19:17:15 | 018,148,680 | ---- | M] (US Department of Veterans Affairs ) -- C:\Documents and Settings\camron\Desktop\VA.exe
    [2009/03/31 09:17:22 | 005,118,808 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\camron\Desktop\XenAppWeb.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/05/24 22:50:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\camron\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/04 21:36:45 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2011/03/24 23:33:17 | 000,638,976 | ---- | M] () -- C:\Documents and Settings\camron\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  20. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    Hi Broni,

    I'm not sure if I will have internet the next several days. Please don't close this Topic if I don't respond. It shouldn't be longer than 6 days. Thanks.
  21. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - No CLSID value found.
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
      
      
      :Services
      
      :Reg
      "" =-
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    Ends up I will have internet afterall.
  23. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Starting removal of ActiveX control 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry key Invalid\\"" \ not found.
    Registry key Invalid\\"DisableMonitoring" \ not found.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Application Data

    User: camron
    ->Temp folder emptied: 168604 bytes
    ->Temporary Internet Files folder emptied: 1401490 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 98585972 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 2764 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: mom
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3401406 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 99.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Application Data

    User: camron
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: mom
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03252011_204723

    Files\Folders moved on Reboot...
    C:\WINDOWS\temp\vtclrg41.tmp moved successfully.

    Registry entries deleted on Reboot...
  24. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Go on.........
  25. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Sophos Anti-Virus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.16)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Sophos Sophos Anti-Virus SAVAdminService.exe
    ``````````End of Log````````````
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.