Redirecting websites to ads in firefox, IE, google chrome, random pop up

Solved
By sunbeam08
Dec 17, 2010
Topic Status:
Not open for further replies.
  1. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\system32\\igfxsrvc.exe"=
    "c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
  2. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "c:\\WINDOWS\\system32\\lxddcoms.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  3. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "443:UDP"= 443:UDP:*:Disabled:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
  4. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "37674:UDP"= 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:*:Disabled:eek:oVoo UDP port 37675
  5. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [8/30/2009 10:26 PM 111232]
    R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [8/30/2009 10:26 PM 38912]
    R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 7:26 AM 46142]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
    R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 4:22 AM 80936]
    R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11/18/2008 11:49 AM 98304]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 3:39 PM 431456]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 4:47 PM 3968]
    R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 8:37 AM 3328]
    R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [8/5/2005 1:31 PM 57728]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2010 3:11 PM 135664]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [11/1/2010 8:54 AM 99248]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
    S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 1:42 PM 73600]
    S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [8/30/2009 10:26 PM 14976]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-11-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4280864326.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

    2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
    - c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
    - c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Notify-ACNotify - ACNotify.dll
    AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE
    AddRemove-HP PSC 1200 Series - c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe
    AddRemove-{7FC3BBEC-5A91-41B0-9CB8-960EC4421411} - c:\program files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe
    AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-17 19:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2935761307-200697175-915879435-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:34,d5,3c,b9,ed,9d,0d,6d,92,be,86,35,58,8f,a4,f8,b7,ea,49,1c,16,7a,ae,
    09,ba,34,ab,0d,64,72,ef,a1,0f,40,a1,88,21,d1,d4,fe,1e,95,29,cd,43,67,d6,78,\
    "??"=hex:19,27,5b,5b,73,11,f8,ae,39,c1,1e,dd,0b,6d,f7,f6

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(776)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkVantage Fingerprint Software\psfus.dll
    c:\program files\Common Files\Virtual Token\psutil.dll
    c:\program files\Common Files\Virtual Token\Remote.dll
    c:\windows\system32\tphklock.dll
    c:\program files\Common Files\Virtual Token\passport.dll

    - - - - - - - > 'explorer.exe'(3156)
    c:\windows\system32\PROCHLP.DLL
    c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Virtual Token\vtserver.exe
    c:\windows\system32\ibmpmsvc.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxddcoms.exe
    c:\windows\System32\TPHDEXLG.EXE
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
    c:\windows\system32\acs.exe
    c:\windows\system32\msiexec.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\windows\system32\MsiExec.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-17 19:45:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-18 03:45

    Pre-Run: 28,841,910,272 bytes free
    Post-Run: 30,093,504,512 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

    - - End Of File - - 1D21E33B9704AC57DD3408CD3935F7FF
  6. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    How did that look? Is everything ok now? Which file was causing the problem?
  7. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    I can see two AV program running, Norton and Sophos.
    Which one is your current security program?
  8. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    I already uninstalled Norton. Is it still running??? Using Sophos usually. Only d/l the Norton when the computer started becoming weird. Then uninstalled that because it didn't work, and installed AVG. That didn't work either, so uninstalled that. Right now, back to Sophos. Which AV is more trustworthy? There are so many of them out there.
  9. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    Sophos is fine. I just needed to know. Hold on there...
  10. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\documents and settings\camron\Application Data\Avira
    c:\documents and settings\All Users\Application Data\AVG
    c:\documents and settings\LocalService\Application Data\McAfee
    c:\documents and settings\camron\Application Data\AVG10
    c:\windows\system32\drivers\AVG
    c:\program files\AVG
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
    "DisableMonitoring"=-
    
    
    SecCenter::
    {FB06448E-52B8-493A-90F3-E43226D3305C}
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  11. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    ComboFix 10-12-16.05 - camron 12/17/2010 21:39:10.2.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.863 [GMT -8:00]
    Running from: c:\documents and settings\camron\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\camron\Desktop\CFScript.txt
    AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\AVG
    c:\documents and settings\All Users\Application Data\AVG\PC Tuneup 2011\Disabled Startup\Digital Line Detect.lnk
    c:\documents and settings\All Users\Application Data\AVG\PC Tuneup 2011\Disabled Startup\Microsoft Office.lnk
    c:\documents and settings\camron\Application Data\AVG10
    c:\documents and settings\camron\Application Data\AVG10\cfgall\usergui.cfg
    c:\documents and settings\camron\Application Data\Avira
    c:\documents and settings\LocalService\Application Data\McAfee
    c:\documents and settings\LocalService\Application Data\McAfee\sacore\sacore_cache.db
    c:\program files\AVG
    c:\program files\AVG\AVG10\Notification\avgxobni_installerxTE.exe
    c:\program files\AVG\AVG10\Notification\XobniMiniAVGSetup.exe
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366761886093750_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366847707031250.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366847707031250_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366847707031250_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366909698125000.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366909698125000_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366909698125000_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367393155312500.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367393155312500_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367393155312500_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367415242812500.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367415242812500_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367415242812500_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367476138750000.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367476138750000_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367476138750000_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367559970937500.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367559970937500_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367559970937500_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368578569375000_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368590456093750.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368590456093750_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368590456093750_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368609411875000.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368609411875000_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368609411875000_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368636471718750.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368636471718750_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368636471718750_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369463880937500.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369463880937500_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369463880937500_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369523928281250.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369523928281250_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369523928281250_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369547509218750.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369547509218750_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369547509218750_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370250022968750.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370250022968750_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370250022968750_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370329121406250.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370329121406250_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370329121406250_m.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370847092656250.exh
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370847092656250_f.dmp
    c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370847092656250_m.dmp
    c:\windows\system32\drivers\AVG
    c:\windows\system32\drivers\AVG\incavi.avm.old

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
    .

    2010-12-18 01:38 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-18 01:38 . 2010-12-18 01:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-18 01:38 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-13 01:55 . 2010-12-13 01:55 -------- d-sh--w- c:\documents and settings\camron\IECompatCache
    2010-12-13 01:34 . 2010-12-13 01:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-12-13 01:31 . 2010-12-13 01:31 -------- d-sh--w- c:\documents and settings\camron\PrivacIE
    2010-12-13 01:25 . 2010-12-13 01:25 -------- d-sh--w- c:\documents and settings\camron\IETldCache
    2010-12-13 01:24 . 2010-12-13 01:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-12-13 01:13 . 2010-12-13 01:18 -------- dc-h--w- c:\windows\ie8
    2010-12-10 04:26 . 2010-12-10 04:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2010-12-10 04:25 . 2010-12-17 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2010-12-10 04:09 . 2010-12-10 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-12-02 03:26 . 2010-12-02 03:30 133432520 ----a-w- c:\program files\Ad-AwareInstall.exe
    2010-12-02 03:21 . 2010-12-02 03:22 16409960 ----a-w- c:\program files\spybotsd162.exe
    2010-12-02 03:18 . 2010-12-14 06:57 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe
    2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
    2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2010-12-01 07:30 . 2010-12-01 07:30 -------- d-----w- c:\program files\Windows Sidebar
    2010-12-01 07:30 . 2010-12-09 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-12-01 01:29 . 2010-12-01 01:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-11-24 23:22 . 2010-11-24 23:24 6153352 ----a-w- c:\program files\malware-setup-1.46.exe
    2010-11-24 22:21 . 2010-11-24 22:21 -------- d-----w- c:\documents and settings\mom\Application Data\Malwarebytes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-12 23:47 . 2006-05-18 14:54 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2007-02-12 17:17 . 2007-02-12 17:17 1286944 ------w- c:\program files\SetupAnyDVD6114.exe
    2006-12-03 20:28 . 2006-12-03 20:28 6083152 ------w- c:\program files\SightSpeedInstall.exe
    2006-11-29 22:53 . 2006-11-29 22:52 739240 ------w- c:\program files\vnc-4_1_2-x86_win32.exe
    2006-10-30 18:16 . 2006-10-30 18:16 482288 ------w- c:\program files\YorkPhotoShow.exe
    2006-09-05 10:30 . 2006-09-05 10:30 3800811 ------w- c:\program files\wace265i.exe
    2003-04-22 15:46 . 2003-04-22 15:46 2719744 ------w- c:\program files\aiodrv.msi
    2003-04-22 15:42 . 2003-04-22 15:42 2588672 ------w- c:\program files\aiosw.msi
    2003-03-10 02:30 . 2003-03-10 02:30 184320 ----a-w- c:\program files\hpzscr07.dll
    2003-03-10 02:30 . 2003-03-10 02:30 274432 ----a-w- c:\program files\hpzglu07.exe
    2003-03-10 02:30 . 2003-03-10 02:30 237568 ----a-w- c:\program files\hpzc3212.dll
    2002-09-09 23:48 . 2002-09-09 23:48 22608 ----a-w- c:\program files\usbprint.sys
    2002-09-09 23:48 . 2002-09-09 23:48 12288 ----a-w- c:\program files\usbmon.dll
    2002-09-09 23:47 . 2002-09-09 23:47 254005 ----a-w- c:\program files\msvcrt.dll
    2002-09-09 23:47 . 2002-09-09 23:47 70656 ----a-w- c:\program files\msvcirt.dll
    2002-09-09 23:47 . 2002-09-09 23:47 212992 ----a-w- c:\program files\hpzpnp07.dll
    2002-09-09 23:46 . 2002-09-09 23:46 49212 ----a-w- c:\program files\hpzjvp01.dll
    2002-09-09 23:46 . 2002-09-09 23:46 249913 ----a-w- c:\program files\hpzjut01.dll
    2002-09-09 23:46 . 2002-09-09 23:46 417849 ----a-w- c:\program files\hpzjpp01.dll
    2002-09-09 23:46 . 2002-09-09 23:46 28722 ----a-w- c:\program files\hpzjlog.dll
    2002-09-06 15:54 . 2002-09-06 15:54 995383 ----a-w- c:\program files\MFC42.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-09-09 114688]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-11-24 106496]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 196696]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-16 409600]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-16 98304]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
    "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
    "Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-6-11 245760]
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2005-07-12 16:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-06-17 05:23 24576 ------w- c:\windows\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
    @="service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\system32\\igfxsrvc.exe"=
    "c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "c:\\WINDOWS\\system32\\lxddcoms.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "443:UDP"= 443:UDP:*:Disabled:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
  12. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "37674:UDP"= 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:*:Disabled:eek:oVoo UDP port 37675

    R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [8/30/2009 10:26 PM 111232]
    R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [8/30/2009 10:26 PM 38912]
    R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 7:26 AM 46142]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
    R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 4:22 AM 80936]
    R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11/18/2008 11:49 AM 98304]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 3:39 PM 431456]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 4:47 PM 3968]
    R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 8:37 AM 3328]
    R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [8/5/2005 1:31 PM 57728]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2010 3:11 PM 135664]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [11/1/2010 8:54 AM 99248]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
    S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 1:42 PM 73600]
    S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [8/30/2009 10:26 PM 14976]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-11-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4280864326.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

    2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
    - c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
    - c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-17 21:45
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2935761307-200697175-915879435-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:34,d5,3c,b9,ed,9d,0d,6d,92,be,86,35,58,8f,a4,f8,b7,ea,49,1c,16,7a,ae,
    09,ba,34,ab,0d,64,72,ef,a1,0f,40,a1,88,21,d1,d4,fe,1e,95,29,cd,43,67,d6,78,\
    "??"=hex:19,27,5b,5b,73,11,f8,ae,39,c1,1e,dd,0b,6d,f7,f6

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(776)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkVantage Fingerprint Software\psfus.dll
    c:\program files\Common Files\Virtual Token\psutil.dll
    c:\program files\Common Files\Virtual Token\Remote.dll
    c:\windows\system32\tphklock.dll
    c:\program files\Common Files\Virtual Token\passport.dll
    .
    Completion time: 2010-12-17 21:47:36
    ComboFix-quarantined-files.txt 2010-12-18 05:47
    ComboFix2.txt 2010-12-18 03:45

    Pre-Run: 30,032,060,416 bytes free
    Post-Run: 29,974,482,944 bytes free

    - - End Of File - - 4E836A353D8BBF53439BDF932AD858AF
  13. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    Looks good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    2 logs popped up, here's the 2nd one


    ComboFix 10-12-16.05 - camron 12/17/2010 19:33:13.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.897 [GMT -8:00]
    Running from: c:\documents and settings\camron\Desktop\ComboFix.exe
    AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
    AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
    .

    2010-12-18 01:38 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-18 01:38 . 2010-12-18 01:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-18 01:38 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-17 19:53 . 2010-12-17 19:53 -------- d-----w- c:\documents and settings\camron\Application Data\Avira
    2010-12-15 04:54 . 2010-12-15 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
    2010-12-14 06:49 . 2010-12-14 06:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
    2010-12-13 01:55 . 2010-12-13 01:55 -------- d-sh--w- c:\documents and settings\camron\IECompatCache
    2010-12-13 01:34 . 2010-12-13 01:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-12-13 01:31 . 2010-12-13 01:31 -------- d-sh--w- c:\documents and settings\camron\PrivacIE
    2010-12-13 01:25 . 2010-12-13 01:25 -------- d-sh--w- c:\documents and settings\camron\IETldCache
    2010-12-13 01:24 . 2010-12-13 01:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2010-12-13 01:13 . 2010-12-13 01:18 -------- dc-h--w- c:\windows\ie8
    2010-12-10 04:27 . 2010-12-10 04:27 -------- d-----w- c:\documents and settings\camron\Application Data\AVG10
    2010-12-10 04:26 . 2010-12-10 04:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2010-12-10 04:25 . 2010-12-17 22:28 -------- d-----w- c:\windows\system32\drivers\AVG
    2010-12-10 04:24 . 2010-12-16 06:04 -------- d-----w- c:\program files\AVG
    2010-12-10 04:09 . 2010-12-10 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-12-02 03:26 . 2010-12-02 03:30 133432520 ----a-w- c:\program files\Ad-AwareInstall.exe
    2010-12-02 03:21 . 2010-12-02 03:22 16409960 ----a-w- c:\program files\spybotsd162.exe
    2010-12-02 03:18 . 2010-12-14 06:57 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe
    2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
    2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
    2010-12-01 07:30 . 2010-12-01 07:30 -------- d-----w- c:\program files\Windows Sidebar
    2010-12-01 07:30 . 2010-12-09 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-12-01 01:29 . 2010-12-01 01:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-11-24 23:22 . 2010-11-24 23:24 6153352 ----a-w- c:\program files\malware-setup-1.46.exe
    2010-11-24 22:21 . 2010-11-24 22:21 -------- d-----w- c:\documents and settings\mom\Application Data\Malwarebytes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-12 23:47 . 2006-05-18 14:54 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
    2007-02-12 17:17 . 2007-02-12 17:17 1286944 ------w- c:\program files\SetupAnyDVD6114.exe
    2006-12-03 20:28 . 2006-12-03 20:28 6083152 ------w- c:\program files\SightSpeedInstall.exe
    2006-11-29 22:53 . 2006-11-29 22:52 739240 ------w- c:\program files\vnc-4_1_2-x86_win32.exe
    2006-10-30 18:16 . 2006-10-30 18:16 482288 ------w- c:\program files\YorkPhotoShow.exe
    2006-09-05 10:30 . 2006-09-05 10:30 3800811 ------w- c:\program files\wace265i.exe
    2003-04-22 15:46 . 2003-04-22 15:46 2719744 ------w- c:\program files\aiodrv.msi
    2003-04-22 15:42 . 2003-04-22 15:42 2588672 ------w- c:\program files\aiosw.msi
    2003-03-10 02:30 . 2003-03-10 02:30 184320 ----a-w- c:\program files\hpzscr07.dll
    2003-03-10 02:30 . 2003-03-10 02:30 274432 ----a-w- c:\program files\hpzglu07.exe
    2003-03-10 02:30 . 2003-03-10 02:30 237568 ----a-w- c:\program files\hpzc3212.dll
    2002-09-09 23:48 . 2002-09-09 23:48 22608 ----a-w- c:\program files\usbprint.sys
    2002-09-09 23:48 . 2002-09-09 23:48 12288 ----a-w- c:\program files\usbmon.dll
    2002-09-09 23:47 . 2002-09-09 23:47 254005 ----a-w- c:\program files\msvcrt.dll
    2002-09-09 23:47 . 2002-09-09 23:47 70656 ----a-w- c:\program files\msvcirt.dll
    2002-09-09 23:47 . 2002-09-09 23:47 212992 ----a-w- c:\program files\hpzpnp07.dll
    2002-09-09 23:46 . 2002-09-09 23:46 49212 ----a-w- c:\program files\hpzjvp01.dll
    2002-09-09 23:46 . 2002-09-09 23:46 249913 ----a-w- c:\program files\hpzjut01.dll
    2002-09-09 23:46 . 2002-09-09 23:46 417849 ----a-w- c:\program files\hpzjpp01.dll
    2002-09-09 23:46 . 2002-09-09 23:46 28722 ----a-w- c:\program files\hpzjlog.dll
    2002-09-06 15:54 . 2002-09-06 15:54 995383 ----a-w- c:\program files\MFC42.DLL
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2005-09-09 114688]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-11-24 106496]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 196696]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-16 409600]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-16 98304]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
    "AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
    "Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-6-11 245760]
    hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2005-07-12 16:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-06-17 05:23 24576 ------w- c:\windows\system32\tphklock.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
    @="service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\system32\\igfxsrvc.exe"=
    "c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
    "c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
    "c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
    "c:\\WINDOWS\\system32\\lxddcoms.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
    "c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
    "c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "443:UDP"= 443:UDP:*:Disabled:eek:oVoo UDP port 443
    "37674:TCP"= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
  15. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "37674:UDP"= 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
    "37675:UDP"= 37675:UDP:*:Disabled:eek:oVoo UDP port 37675

    R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [8/30/2009 10:26 PM 111232]
    R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [8/30/2009 10:26 PM 38912]
    R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 7:26 AM 46142]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
    R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 4:22 AM 80936]
    R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11/18/2008 11:49 AM 98304]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 3:39 PM 431456]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 4:47 PM 3968]
    R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 8:37 AM 3328]
    R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [8/5/2005 1:31 PM 57728]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2010 3:11 PM 135664]
    S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [11/1/2010 8:54 AM 99248]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
    S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 1:42 PM 73600]
    S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [8/30/2009 10:26 PM 14976]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-11-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4280864326.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

    2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
    - c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
    - c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]

    2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
    - c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Notify-ACNotify - ACNotify.dll
    AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE
    AddRemove-HP PSC 1200 Series - c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe
    AddRemove-{7FC3BBEC-5A91-41B0-9CB8-960EC4421411} - c:\program files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe
    AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-17 19:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2935761307-200697175-915879435-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:34,d5,3c,b9,ed,9d,0d,6d,92,be,86,35,58,8f,a4,f8,b7,ea,49,1c,16,7a,ae,
    09,ba,34,ab,0d,64,72,ef,a1,0f,40,a1,88,21,d1,d4,fe,1e,95,29,cd,43,67,d6,78,\
    "??"=hex:19,27,5b,5b,73,11,f8,ae,39,c1,1e,dd,0b,6d,f7,f6

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(776)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\program files\ThinkVantage Fingerprint Software\psfus.dll
    c:\program files\Common Files\Virtual Token\psutil.dll
    c:\program files\Common Files\Virtual Token\Remote.dll
    c:\windows\system32\tphklock.dll
    c:\program files\Common Files\Virtual Token\passport.dll

    - - - - - - - > 'explorer.exe'(3156)
    c:\windows\system32\PROCHLP.DLL
    c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\Virtual Token\vtserver.exe
    c:\windows\system32\ibmpmsvc.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\lxddcoms.exe
    c:\windows\System32\TPHDEXLG.EXE
    c:\windows\system32\TpKmpSVC.exe
    c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
    c:\windows\system32\acs.exe
    c:\windows\system32\msiexec.exe
    c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
    c:\windows\system32\MsiExec.exe
    .
    **************************************************************************
    .
    Completion time: 2010-12-17 19:45:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-12-18 03:45

    Pre-Run: 28,841,910,272 bytes free
    Post-Run: 30,093,504,512 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

    - - End Of File - - 1D21E33B9704AC57DD3408CD3935F7FF
  16. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    That's the old one (compare time).

    Proceed with my previous reply.
  17. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    OTL Extras logfile created on: 12/17/2010 9:57:14 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\camron\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 100.01 Gb Total Space | 27.94 Gb Free Space | 27.94% Space Free | Partition Type: NTFS
    Drive E: | 1.88 Gb Total Space | 1.06 Gb Free Space | 56.34% Space Free | Partition Type: FAT
    Drive F: | 294.00 Gb Total Space | 231.46 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
    Drive G: | 51.03 Gb Total Space | 12.68 Gb Free Space | 24.85% Space Free | Partition Type: NTFS

    Computer Name: LENOVO-190B3298 | User Name: camron | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
  18. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "443:UDP" = 443:UDP:*:Disabled:eek:oVoo UDP port 443
    "37674:TCP" = 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
  19. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "37674:UDP" = 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
    "37675:UDP" = 37675:UDP:*:Disabled:eek:oVoo UDP port 37675

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
    "C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:printing Application -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
    "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
    "C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" = C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:*:Disabled:InstallShield Update Service Agent -- (InstallShield Software Corporation)
    "C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
    "C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)
    "C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:2500 Series Server -- ( )
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
  20. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Disabled: -- (Lexmark International, Inc.)
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Disabled: -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Disabled: -- ()
  21. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Disabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
    "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Disabled:Device Monitor Application -- ()
    "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
    "C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
    "{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
    "{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
    "{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
    "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
    "{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
    "{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
    "{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
    "{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
    "{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
    "{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
    "{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
    "{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
    "{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
    "{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
    "{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
    "{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
    "{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
    "{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
    "{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
    "{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
    "{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
    "{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
    "{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
    "{2A43FF29-0D97-4445-B82D-9324F176AED5}" = ThinkVantage System Update
    "{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
    "{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6CE96A14-61E2-48CC-837E-22710A953ADE}" = XP Themes
    "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
    "{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C86AF56-90B7-4E45-AD78-112C0E97B587}" = Before You Know It 3.6
    "{7DA0C101-5C7C-40C9-A485-68E12780232C}" = Sierra Wireless MC5720 Package for Access Connections
    "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{93F4B16C-2F6C-41BE-9FAE-5062C1C40922}" = Byki
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
    "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
    "{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}" = System Migration Assistant 5.0
    "{9E936417-55D6-402D-97AA-07C7FEF07444}" = ThinkVantage Fingerprint Software 4.6.0
    "{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
    "{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
    "{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
    "{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate*DiscWizard
    "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
    "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" = Software Installer
    "{D3C9E16D-AA27-491F-A29D-6FDF6B60AFC0}" = VZAccess Manager for Lenovo
    "{D5A4CE1B-59ED-4D85-A3B2-6E0AFF448E4B}" = Diskeeper Lite
    "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
    "{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F2655391-0C83-4360-A1A3-E93AB80FE07B}" = Fingerprint Tutorial
    "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
    "{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe AIR" = Adobe AIR
    "Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AwayTask" = ThinkVantage Away Manager
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "Google Updater" = Google Updater
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
    "Lexmark 2500 Series" = Lexmark 2500 Series
    "lvdrivers_11.50" = Logitech QuickCam Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Monopoly by Parker Brothers" = Monopoly by Parker Brothers
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PCMCIAPW" = ThinkPad PC Card Power Policy
    "Power Management Driver" = ThinkPad Power Management Driver
    "Presentation Director" = ThinkPad Presentation Director
    "RealPlayer 12.0" = RealPlayer
    "SynTPDeinstKey" = ThinkPad UltraNav Driver
    "ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
    "WinAce Archiver" = WinAce Archiver
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "XP Codec Pack" = XP Codec Pack

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Byki Express for camron" = Byki Express for camron
    "Facebook Plug-In" = Facebook Plug-In
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/17/2010 2:40:21 PM | Computer Name = LENOVO-190B3298 | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

    Error - 12/17/2010 2:40:28 PM | Computer Name = LENOVO-190B3298 | Source = Application Error | ID = 1001
    Description = Fault bucket 1271752061.

    Error - 12/17/2010 3:46:38 PM | Computer Name = LENOVO-190B3298 | Source = Sophos Anti-Virus | ID = 131078
    Description = E_FAILURE. CManager::Unregister in the ComponentManager component encountered
    a catastrophic error that it could not recover from.

    Error - 12/17/2010 3:46:41 PM | Computer Name = LENOVO-190B3298 | Source = Sophos Anti-Virus | ID = 131078
    Description = E_FAILURE. CManager::TriggerShutdown in the ComponentManager component
    encountered a catastrophic error that it could not recover from.

    Error - 12/17/2010 6:15:08 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11704
    Description = Product: AVG 2011 -- Error 1704. An installation for Sophos AutoUpdate
    is currently suspended. You must undo the changes made by that installation to
    continue. Do you want to undo those changes?

    Error - 12/17/2010 9:16:36 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11704
    Description = Product: Sophos AutoUpdate -- Error 1704.An installation for Microsoft
    Office 2000 SR-1 Premium is currently suspended. You must undo the changes made
    by that installation to continue. Do you want to undo those changes?

    Error - 12/17/2010 9:16:43 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11706
    Description = Product: Sophos AutoUpdate -- Error 1706.No valid source could be
    found for product Sophos AutoUpdate. The Windows Installer cannot continue.

    Error - 12/17/2010 9:57:28 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11706
    Description = Product: Sophos AutoUpdate -- Error 1706.No valid source could be
    found for product Sophos AutoUpdate. The Windows Installer cannot continue.

    Error - 12/17/2010 10:50:40 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11706
    Description = Product: Sophos AutoUpdate -- Error 1706.No valid source could be
    found for product Sophos AutoUpdate. The Windows Installer cannot continue.

    Error - 12/17/2010 11:22:38 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11706
    Description = Product: Sophos AutoUpdate -- Error 1706.No valid source could be
    found for product Sophos AutoUpdate. The Windows Installer cannot continue.

    [ System Events ]
    Error - 12/17/2010 11:39:55 PM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7001
    Description = The Infrared Monitor service depends on the Terminal Services service
    which failed to start because of the following error: %%1058

    Error - 12/17/2010 11:39:55 PM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
    service to connect.

    Error - 12/17/2010 11:39:55 PM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7000
    Description = The lxddCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 12/17/2010 11:39:57 PM | Computer Name = LENOVO-190B3298 | Source = Print | ID = 19
    Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
    share name Printer.

    Error - 12/18/2010 12:04:00 AM | Computer Name = LENOVO-190B3298 | Source = DCOM | ID = 10010
    Description = The server {BBA960BE-6A97-4996-9ECB-AA313BEBF37A} did not register
    with DCOM within the required timeout.

    Error - 12/18/2010 1:36:14 AM | Computer Name = LENOVO-190B3298 | Source = DCOM | ID = 10010
    Description = The server {BBA960BE-6A97-4996-9ECB-AA313BEBF37A} did not register
    with DCOM within the required timeout.

    Error - 12/18/2010 1:38:56 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
    Description = The IBM KCU Service service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 12/18/2010 1:38:56 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
    Description = The ThinkVantage System Update service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 12/18/2010 1:38:56 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
    Description = The Ac Profile Manager Service service terminated unexpectedly. It
    has done this 1 time(s).

    Error - 12/18/2010 1:38:56 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
    Description = The ACU Configuration Service service terminated unexpectedly. It
    has done this 1 time(s).


    < End of report >
  22. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    This Oovo is killing me with the image limits. Sorry for the multiple posts.

    OTL logfile created on: 12/17/2010 9:57:14 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\camron\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 100.01 Gb Total Space | 27.94 Gb Free Space | 27.94% Space Free | Partition Type: NTFS
    Drive E: | 1.88 Gb Total Space | 1.06 Gb Free Space | 56.34% Space Free | Partition Type: FAT
    Drive F: | 294.00 Gb Total Space | 231.46 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
    Drive G: | 51.03 Gb Total Space | 12.68 Gb Free Space | 24.85% Space Free | Partition Type: NTFS

    Computer Name: LENOVO-190B3298 | User Name: camron | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/17 21:56:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    PRC - [2010/02/18 08:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    PRC - [2009/10/16 15:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
    PRC - [2009/10/16 15:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
    PRC - [2009/10/16 15:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    PRC - [2009/10/16 15:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
    PRC - [2009/10/05 04:22:15 | 000,080,936 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    PRC - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    PRC - [2009/06/11 00:37:04 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    PRC - [2008/11/18 11:49:43 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/25 06:41:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
    PRC - [2005/12/15 16:14:46 | 000,143,360 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    PRC - [2005/12/15 16:14:34 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    PRC - [2005/12/15 16:14:14 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    PRC - [2005/11/24 00:02:00 | 000,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
    PRC - [2005/09/30 00:32:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
    PRC - [2005/09/27 22:26:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    PRC - [2005/09/02 00:00:00 | 000,073,728 | ---- | M] (Lenovo Ltd.) -- C:\WINDOWS\system32\IPSSVC.EXE
    PRC - [2005/08/02 18:12:44 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    PRC - [2005/08/02 18:02:20 | 001,372,160 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    PRC - [2005/08/02 17:17:30 | 000,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    PRC - [2005/07/21 14:55:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
    PRC - [2005/07/12 08:40:08 | 000,040,551 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
    PRC - [2005/06/06 14:03:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
    PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    PRC - [2003/04/09 15:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    PRC - [2003/04/09 15:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    PRC - [2003/04/09 14:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
    PRC - [2003/04/09 14:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/17 21:56:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2005/09/02 00:00:00 | 000,086,016 | ---- | M] (Lenovo Ltd.) -- C:\WINDOWS\system32\PROCHLP.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
    SRV - [2010/05/27 00:16:38 | 000,172,032 | ---- | M] (Sophos Plc) [On_Demand | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
    SRV - [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2009/10/16 15:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
    SRV - [2009/10/05 04:22:15 | 000,080,936 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
    SRV - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
    SRV - [2008/11/18 11:49:43 | 000,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
    SRV - [2007/05/25 06:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
    SRV - [2007/05/25 06:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
    SRV - [2005/12/15 16:14:46 | 000,143,360 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
    SRV - [2005/12/15 16:13:54 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
    SRV - [2005/11/08 15:07:02 | 000,036,864 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
    SRV - [2005/09/30 00:32:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
    SRV - [2005/09/27 22:26:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
    SRV - [2005/09/02 00:00:00 | 000,073,728 | ---- | M] (Lenovo Ltd.) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
    SRV - [2005/08/02 18:12:44 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
    SRV - [2005/08/02 18:02:20 | 001,372,160 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
    SRV - [2005/08/02 17:17:30 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
    SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
    SRV - [2005/07/21 14:55:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2005/07/12 08:40:08 | 000,040,551 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
    SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
    SRV - [2005/06/06 14:03:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvpopflt.sys -- (lvpopflt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService)
    DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/12/12 15:47:08 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
    DRV - [2010/09/02 08:35:41 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
    DRV - [2010/09/02 08:35:41 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
    DRV - [2010/09/02 08:35:14 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
    DRV - [2010/09/02 08:34:51 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
    DRV - [2010/04/13 01:20:25 | 000,111,232 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
    DRV - [2010/04/13 01:20:12 | 000,038,912 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
    DRV - [2008/05/22 23:38:25 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
    DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/13 10:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
    DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2006/10/12 08:56:33 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
    DRV - [2006/05/18 06:52:34 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2005/12/08 16:32:16 | 000,470,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
    DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
    DRV - [2005/11/08 08:27:20 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
    DRV - [2005/09/30 00:32:00 | 000,013,456 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
    DRV - [2005/09/02 00:00:00 | 000,005,120 | ---- | M] (Lenovo Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
    DRV - [2005/08/23 15:59:02 | 000,167,424 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
    DRV - [2005/08/10 00:50:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
    DRV - [2005/08/10 00:50:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
    DRV - [2005/08/10 00:10:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
    DRV - [2005/08/08 01:40:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
    DRV - [2005/08/05 13:42:18 | 000,073,600 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E01.sys -- (SWNC5E01) Sierra Wireless MUX NDIS Driver (#01)
    DRV - [2005/08/05 13:31:30 | 000,057,728 | ---- | M] (Sierra Wireless Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmx01.sys -- (swmx01) Sierra Wireless USB MUX Driver (#01)
    DRV - [2005/08/02 17:15:38 | 000,013,184 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
    DRV - [2005/08/02 16:47:20 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
    DRV - [2005/08/01 09:43:46 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/07/21 14:48:38 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2005/07/21 14:46:14 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2005/07/21 14:44:28 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2005/07/21 14:43:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2005/07/21 14:40:54 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2005/07/12 08:37:08 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (SmiHlp)
    DRV - [2005/07/05 13:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
    DRV - [2005/06/30 11:59:00 | 000,026,240 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
    DRV - [2005/06/28 07:26:02 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
    DRV - [2005/06/06 10:59:00 | 000,059,904 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
    DRV - [2005/06/06 10:59:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
    DRV - [2005/05/19 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2005/05/19 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2005/05/19 04:33:00 | 000,086,940 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2005/05/19 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2005/05/19 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2005/05/19 04:33:00 | 000,014,909 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2005/05/19 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2005/05/19 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2005/05/19 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2005/05/12 15:06:40 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/05/12 15:05:44 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/05/12 15:05:40 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/03/24 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2005/03/24 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2005/03/17 15:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/02/23 19:13:38 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
    DRV - [2004/12/02 10:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/12/02 10:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/09/10 22:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2002/09/20 13:15:42 | 000,472,396 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
    DRV - [2002/09/20 13:14:54 | 000,012,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 11:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
    DRV - [2000/05/31 19:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (pmem)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/12/17 21:45:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
    O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
    O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
    O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
    O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
    O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
    O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
    O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.yorkphoto.com/YorkActivia.cab (Snapfish Activia)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://sunbeam08.multiply.com/photos/uploader.cab (Aurigma Image Uploader 3.0 Control)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.146.192.16 24.113.32.30
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll (UPEK Inc.)
    O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
    O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
    O24 - Desktop WallPaper: C:\Documents and Settings\camron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\camron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/17 21:56:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    [2010/12/17 19:31:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/17 19:28:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/17 19:28:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/17 19:28:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/17 19:28:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/12/17 19:28:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/12/17 19:28:00 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/17 18:46:24 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\camron\Desktop\TDSSKiller.exe
    [2010/12/17 17:38:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/17 17:38:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/17 17:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/12/17 17:38:14 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\camron\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/17 14:57:51 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\TFC.exe
    [2010/12/12 17:55:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\camron\IECompatCache
    [2010/12/12 17:31:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\camron\PrivacIE
    [2010/12/12 17:25:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\camron\IETldCache
    [2010/12/12 17:13:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
    [2010/12/09 20:26:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/12/09 20:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/12/09 20:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/12/03 17:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/12/01 19:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/12/01 19:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2010/12/01 19:26:03 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
    [2010/12/01 19:21:59 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2010/12/01 19:18:36 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.0.0.exe
    [2010/12/01 18:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2010/12/01 12:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
    [2010/12/01 12:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
    [2010/11/30 23:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
    [2010/11/30 23:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2010/11/30 23:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    [2010/11/30 17:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/11/29 20:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/11/29 19:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/11/29 19:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/11/24 15:22:53 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\malware-setup-1.46.exe
    [2010/11/01 08:53:18 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
    [2010/11/01 08:53:18 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
    [2010/11/01 08:53:18 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
    [2010/11/01 08:53:18 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
    [2010/11/01 08:53:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
    [2010/11/01 08:53:17 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
    [2010/11/01 08:53:17 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
    [2010/11/01 08:53:17 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
    [2010/11/01 08:53:17 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
    [2010/11/01 08:53:16 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
    [2010/11/01 08:53:15 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
    [2010/11/01 08:53:15 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
    [2006/12/03 12:28:42 | 006,083,152 | ---- | C] (SightSpeed Inc.) -- C:\Program Files\SightSpeedInstall.exe
    [2006/11/29 14:52:58 | 000,739,240 | ---- | C] (RealVNC Ltd. ) -- C:\Program Files\vnc-4_1_2-x86_win32.exe
    [2006/10/30 10:16:16 | 000,482,288 | ---- | C] (Simple Star, Inc.) -- C:\Program Files\YorkPhotoShow.exe
    [2006/09/05 02:30:40 | 003,800,811 | ---- | C] (e-merge GmbH) -- C:\Program Files\wace265i.exe
    [2004/11/24 10:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
    [2003/03/09 18:30:44 | 000,184,320 | ---- | C] (HP) -- C:\Program Files\hpzscr07.dll
    [2003/03/09 18:30:42 | 000,274,432 | ---- | C] (HP) -- C:\Program Files\hpzglu07.exe
    [2003/03/09 18:30:42 | 000,237,568 | ---- | C] (Hewlett-Packard Co.) -- C:\Program Files\hpzc3212.dll
    [2002/09/09 15:48:20 | 000,022,608 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbprint.sys
    [2002/09/09 15:48:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbmon.dll
    [2002/09/09 15:47:52 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
    [2002/09/09 15:47:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
    [2002/09/09 15:47:00 | 000,212,992 | ---- | C] (HP) -- C:\Program Files\hpzpnp07.dll
    [2002/09/09 15:46:50 | 000,049,212 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjvp01.dll
    [2002/09/09 15:46:42 | 000,249,913 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjut01.dll
    [2002/09/09 15:46:32 | 000,417,849 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjpp01.dll
    [2002/09/09 15:46:24 | 000,028,722 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjlog.dll
    [2002/09/06 07:54:56 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MFC42.DLL
  23. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    ========== Files - Modified Within 30 Days ==========

    [2010/12/17 21:56:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    [2010/12/17 21:45:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/17 21:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/17 21:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
    [2010/12/17 21:29:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
    [2010/12/17 19:40:27 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/17 19:40:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/17 19:39:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/17 19:39:39 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/17 19:31:59 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
    [2010/12/17 19:19:52 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\Fix Comp.doc
    [2010/12/17 19:09:40 | 003,993,691 | R--- | M] () -- C:\Documents and Settings\camron\Desktop\ComboFix.exe
    [2010/12/17 18:44:55 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\tdsskiller.zip
    [2010/12/17 18:04:17 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\d4ox7wnw.exe
    [2010/12/17 17:38:19 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\camron\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/17 16:30:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
    [2010/12/17 16:11:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/12/17 14:58:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\TFC.exe
    [2010/12/16 22:29:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\camron\Desktop\TDSSKiller.exe
    [2010/12/13 22:57:50 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.0.0.exe
    [2010/12/12 17:25:33 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\camron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/12/12 17:18:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/12/08 17:30:21 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\My Computer.lnk
    [2010/12/06 17:54:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/12/02 20:16:18 | 000,074,052 | ---- | M] () -- C:\Program Files\bookmarks.html
    [2010/12/01 19:30:19 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
    [2010/12/01 19:22:29 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2010/11/30 21:35:02 | 000,008,141 | ---- | M] () -- C:\WINDOWS\System32\5123.js
    [2010/11/29 19:53:20 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/29 19:53:20 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/25 14:53:47 | 002,949,174 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\Hotel Cancel.bmp
    [2010/11/24 15:24:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\malware-setup-1.46.exe
    [2010/11/21 13:20:19 | 002,853,174 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\Bremerton Hotels.bmp
    [2010/11/21 12:39:35 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1280864326.job

    ========== Files Created - No Company Name ==========

    [2010/12/17 19:31:59 | 000,000,194 | ---- | C] () -- C:\Boot.bak
    [2010/12/17 19:31:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/17 19:28:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/17 19:28:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/17 19:28:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/17 19:28:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/17 19:28:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/17 19:09:40 | 003,993,691 | R--- | C] () -- C:\Documents and Settings\camron\Desktop\ComboFix.exe
    [2010/12/17 18:44:45 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\tdsskiller.zip
    [2010/12/17 18:02:31 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\d4ox7wnw.exe
    [2010/12/16 20:52:03 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\Fix Comp.doc
    [2010/12/08 17:30:21 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\My Computer.lnk
    [2010/12/02 20:16:18 | 000,074,052 | ---- | C] () -- C:\Program Files\bookmarks.html
    [2010/12/01 23:04:34 | 1600,638,976 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/29 19:35:02 | 000,008,141 | ---- | C] () -- C:\WINDOWS\System32\5123.js
    [2010/11/25 14:53:46 | 002,949,174 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\Hotel Cancel.bmp
    [2010/11/24 14:25:26 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
    [2010/11/24 14:25:24 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
    [2010/11/21 13:20:06 | 002,853,174 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\Bremerton Hotels.bmp
    [2010/11/01 08:54:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
    [2010/11/01 08:54:56 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
    [2010/11/01 08:54:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
    [2010/11/01 08:54:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
    [2010/11/01 08:54:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
    [2010/11/01 08:53:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
    [2010/11/01 08:53:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
    [2010/11/01 08:53:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
    [2010/04/01 11:26:03 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\camron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/23 18:30:19 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
    [2010/02/23 18:29:20 | 000,010,628 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2010/02/23 12:04:53 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\camron\Application Data\setup_ldm.iss
    [2010/02/23 11:46:44 | 000,001,056 | ---- | C] () -- C:\WINDOWS\_delis32.ini
    [2010/02/22 10:09:54 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/08/01 14:22:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
    [2008/02/27 09:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
    [2007/03/03 14:44:32 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2007/02/12 09:17:18 | 001,286,944 | ---- | C] () -- C:\Program Files\SetupAnyDVD6114.exe
    [2007/01/20 14:48:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
    [2006/11/09 11:23:27 | 000,002,934 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2006/10/13 14:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
    [2006/10/13 13:19:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
    [2006/07/17 14:00:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
    [2006/06/12 14:38:43 | 000,002,153 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/05/24 20:31:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/05/18 06:56:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/05/18 06:55:31 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
    [2006/05/18 06:55:04 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
    [2006/05/18 06:48:44 | 000,000,160 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/05/18 06:42:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2006/05/18 06:42:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2006/05/18 06:42:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2006/05/18 06:42:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2006/05/18 06:42:11 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2006/05/18 06:42:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2006/05/18 06:30:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
    [2006/05/18 06:09:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
    [2006/05/18 06:09:28 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
    [2006/05/18 06:07:05 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2006/05/18 06:07:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
    [2006/05/18 05:55:44 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/09/02 12:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/07/21 14:50:58 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2005/06/21 17:46:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
    [2004/10/11 21:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2004/10/11 21:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2004/10/11 21:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
    [2004/10/08 21:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2004/10/04 23:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2004/10/03 08:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
    [2004/08/09 10:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/09 09:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/04/22 07:46:52 | 002,719,744 | ---- | C] () -- C:\Program Files\aiodrv.msi
    [2003/04/22 07:42:04 | 002,588,672 | ---- | C] () -- C:\Program Files\aiosw.msi
    [2003/04/22 07:23:58 | 000,000,267 | ---- | C] () -- C:\Program Files\readme.html
    [2003/04/10 15:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
    [2003/04/09 15:19:46 | 000,002,848 | ---- | C] () -- C:\Program Files\hpound08.inf
    [2003/04/09 15:19:42 | 000,014,157 | ---- | C] () -- C:\Program Files\hpousc08.inf
    [2003/04/09 15:00:50 | 000,002,889 | ---- | C] () -- C:\Program Files\hpousb08.inf
    [2003/04/09 15:00:48 | 000,004,715 | ---- | C] () -- C:\Program Files\hpoglu08.inf
    [2003/03/20 13:20:50 | 000,022,523 | ---- | C] () -- C:\Program Files\HPZius12.cat
    [2003/03/20 13:20:48 | 000,022,082 | ---- | C] () -- C:\Program Files\hpzist12.cat
    [2003/03/20 13:20:44 | 000,022,082 | ---- | C] () -- C:\Program Files\HPZid412.cat
    [2003/03/20 13:20:40 | 000,024,285 | ---- | C] () -- C:\Program Files\hposcu08.cat
    [2003/03/09 18:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2003/03/09 18:30:44 | 000,014,285 | ---- | C] () -- C:\Program Files\hpzius12.inf
    [2003/03/09 18:30:44 | 000,010,325 | ---- | C] () -- C:\Program Files\hpzipr12.inf
    [2003/03/09 18:30:44 | 000,003,667 | ---- | C] () -- C:\Program Files\hpzist12.inf
    [2003/03/09 18:30:42 | 000,063,562 | ---- | C] () -- C:\Program Files\hposcu08.inf
    [2003/03/09 18:30:42 | 000,051,266 | ---- | C] () -- C:\Program Files\hpoprn08.inf
    [2003/03/09 18:30:42 | 000,033,952 | ---- | C] () -- C:\Program Files\hpzid412.inf
    [2003/03/09 18:30:42 | 000,023,186 | ---- | C] () -- C:\Program Files\hpzcin06.ex_
    [2003/03/09 18:30:42 | 000,003,898 | ---- | C] () -- C:\Program Files\hpounp08.inf
    [2002/09/09 15:47:36 | 000,055,155 | ---- | C] () -- C:\Program Files\hpzusb00.sy_
    [2002/09/09 15:47:26 | 000,005,705 | ---- | C] () -- C:\Program Files\hpzuci02.dl_
    [2002/09/09 15:47:08 | 000,025,639 | ---- | C] () -- C:\Program Files\hpzpom04.dl_
    [2002/09/09 15:46:16 | 000,052,552 | ---- | C] () -- C:\Program Files\hpziou01.dl_
    [2002/01/24 23:04:50 | 000,005,440 | ---- | C] () -- C:\WINDOWS\System32\mciwa16.dll
    [2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
    [2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
    [2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
    [2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
    [2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
    [2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mciwaw95.ini
    [2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
    [2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
    [2002/01/24 23:04:50 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
    [2002/01/24 23:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
    [2002/01/24 23:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
    [2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
    [1999/01/22 10:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
    [1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
    [1979/12/31 23:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
    [1979/12/31 23:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
    [1979/12/31 23:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
    [1979/12/31 23:00:00 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI

    ========== LOP Check ==========

    [2010/12/17 14:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/11/06 18:29:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
    [2010/12/09 20:26:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/02/23 11:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
    [2009/10/28 12:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
    [2006/10/12 08:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
    [2006/05/18 06:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
    [2006/05/18 06:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
    [2010/12/09 20:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/05/15 16:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2010/02/23 11:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2010/01/28 14:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
    [2010/09/02 08:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2009/08/30 22:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
    [2010/12/15 22:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2008/08/27 09:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
    [2010/02/25 22:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/09/06 15:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/04/12 11:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Facebook
    [2009/05/15 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\FairStars Audio Converter
    [2008/07/16 09:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\FreeCall
    [2009/10/28 01:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\GARMIN
    [2006/10/12 08:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\HotSync
    [2006/05/18 06:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\IBM
    [2008/11/02 15:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\InternetCalls
    [2006/05/24 22:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\InterVideo
    [2006/05/26 13:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Leadertech
    [2007/01/20 14:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Lenovo
    [2010/11/01 08:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Lexmark Productivity Studio
    [2009/05/26 02:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\NCH Swift Sound
    [2010/04/22 17:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\ooVoo Details
    [2007/03/03 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\SlySoft
    [2006/10/14 07:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Snapfish
    [2006/05/24 21:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\ThinkVantage
    [2010/09/23 09:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Transparent
    [2008/10/06 10:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Uniblue
    [2008/05/18 14:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Unyte
    [2008/07/15 11:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\VoipBuster
    [2010/06/26 20:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\VoipStunt
    [2010/11/21 12:39:35 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1280864326.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/05/24 21:49:29 | 000,000,194 | ---- | M] () -- C:\Boot.bak
    [2010/12/17 19:31:59 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
    [2004/08/09 09:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/12/17 21:47:37 | 000,021,587 | ---- | M] () -- C:\ComboFix.txt
    [2010/12/17 19:39:39 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/20 13:10:22 | 000,000,518 | ---- | M] () -- C:\hpfr3420.xml
    [2010/10/20 13:10:26 | 000,029,130 | ---- | M] () -- C:\hpfr3425.log
    [2010/10/20 12:58:51 | 000,000,393 | -H-- | M] () -- C:\hpothb07.dat
    [2010/10/20 12:58:51 | 000,000,987 | -H-- | M] () -- C:\hpothb07.tif
    [2006/10/28 08:26:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/09/30 21:04:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/12/17 19:39:37 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
    [2010/12/08 17:19:15 | 000,138,450 | ---- | M] () -- C:\rr.log
    [2010/12/17 18:47:45 | 000,062,432 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_17.12.2010_18.46.30_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 13:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 12:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 13:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 12:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/09 09:54:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/09/13 02:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
    [2006/09/13 02:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
    [2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2009/07/09 08:54:52 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp091.dll
    [2007/02/27 02:16:26 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
    [2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >
    [2005/01/30 07:50:26 | 000,012,151 | ---- | M] () -- C:\WINDOWS\system32\logoxp.jpg

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2010/12/01 19:30:19 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
    [2003/04/22 07:46:52 | 002,719,744 | ---- | M] () -- C:\Program Files\aiodrv.msi
    [2003/04/22 07:42:04 | 002,588,672 | ---- | M] () -- C:\Program Files\aiosw.msi
    [2010/12/02 20:16:18 | 000,074,052 | ---- | M] () -- C:\Program Files\bookmarks.html
    [2003/04/09 15:00:48 | 000,004,715 | ---- | M] () -- C:\Program Files\hpoglu08.inf
    [2003/03/09 18:30:42 | 000,051,266 | ---- | M] () -- C:\Program Files\hpoprn08.inf
    [2003/03/20 13:20:40 | 000,024,285 | ---- | M] () -- C:\Program Files\hposcu08.cat
    [2003/03/09 18:30:42 | 000,063,562 | ---- | M] () -- C:\Program Files\hposcu08.inf
    [2003/04/09 15:19:46 | 000,002,848 | ---- | M] () -- C:\Program Files\hpound08.inf
    [2003/03/09 18:30:42 | 000,003,898 | ---- | M] () -- C:\Program Files\hpounp08.inf
    [2003/04/09 15:00:50 | 000,002,889 | ---- | M] () -- C:\Program Files\hpousb08.inf
    [2003/04/09 15:19:42 | 000,014,157 | ---- | M] () -- C:\Program Files\hpousc08.inf
    [2003/03/09 18:30:42 | 000,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\hpzc3212.dll
    [2003/03/09 18:30:42 | 000,023,186 | ---- | M] () -- C:\Program Files\hpzcin06.ex_
    [2003/03/09 18:30:42 | 000,274,432 | ---- | M] (HP) -- C:\Program Files\hpzglu07.exe
    [2003/03/20 13:20:44 | 000,022,082 | ---- | M] () -- C:\Program Files\HPZid412.cat
    [2003/03/09 18:30:42 | 000,033,952 | ---- | M] () -- C:\Program Files\hpzid412.inf
    [2002/09/09 15:46:16 | 000,052,552 | ---- | M] () -- C:\Program Files\hpziou01.dl_
    [2003/03/09 18:30:44 | 000,010,325 | ---- | M] () -- C:\Program Files\hpzipr12.inf
    [2003/03/20 13:20:48 | 000,022,082 | ---- | M] () -- C:\Program Files\hpzist12.cat
    [2003/03/09 18:30:44 | 000,003,667 | ---- | M] () -- C:\Program Files\hpzist12.inf
    [2003/03/20 13:20:50 | 000,022,523 | ---- | M] () -- C:\Program Files\HPZius12.cat
    [2003/03/09 18:30:44 | 000,014,285 | ---- | M] () -- C:\Program Files\hpzius12.inf
    [2002/09/09 15:46:24 | 000,028,722 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjlog.dll
    [2002/09/09 15:46:32 | 000,417,849 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjpp01.dll
    [2002/09/09 15:46:42 | 000,249,913 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjut01.dll
    [2002/09/09 15:46:50 | 000,049,212 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjvp01.dll
    [2002/09/09 15:47:00 | 000,212,992 | ---- | M] (HP) -- C:\Program Files\hpzpnp07.dll
    [2002/09/09 15:47:08 | 000,025,639 | ---- | M] () -- C:\Program Files\hpzpom04.dl_
    [2003/03/09 18:30:44 | 000,184,320 | ---- | M] (HP) -- C:\Program Files\hpzscr07.dll
    [2002/09/09 15:47:26 | 000,005,705 | ---- | M] () -- C:\Program Files\hpzuci02.dl_
    [2002/09/09 15:47:36 | 000,055,155 | ---- | M] () -- C:\Program Files\hpzusb00.sy_
    [2010/11/24 15:24:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\malware-setup-1.46.exe
    [2010/12/13 22:57:50 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.0.0.exe
    [2002/09/06 07:54:56 | 000,995,383 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MFC42.DLL
    [2002/09/09 15:47:44 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
    [2002/09/09 15:47:52 | 000,254,005 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
    [2003/04/22 07:23:58 | 000,000,267 | ---- | M] () -- C:\Program Files\readme.html
    [2007/02/12 09:17:30 | 001,286,944 | ---- | M] () -- C:\Program Files\SetupAnyDVD6114.exe
    [2006/12/03 12:28:42 | 006,083,152 | ---- | M] (SightSpeed Inc.) -- C:\Program Files\SightSpeedInstall.exe
    [2010/12/01 19:22:29 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
    [2002/09/09 15:48:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\usbmon.dll
    [2002/09/09 15:48:20 | 000,022,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\usbprint.sys
    [2006/11/29 14:53:06 | 000,739,240 | ---- | M] (RealVNC Ltd. ) -- C:\Program Files\vnc-4_1_2-x86_win32.exe
    [2006/09/05 02:30:45 | 003,800,811 | ---- | M] (e-merge GmbH) -- C:\Program Files\wace265i.exe
    [2006/10/30 10:16:16 | 000,482,288 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\YorkPhotoShow.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/09 09:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/09 09:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/09 09:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2008/09/30 21:18:06 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2006/05/24 21:50:25 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\camron\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/09 10:03:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\camron\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/17 19:09:40 | 003,993,691 | R--- | M] () -- C:\Documents and Settings\camron\Desktop\ComboFix.exe
    [2010/12/17 18:04:17 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\d4ox7wnw.exe
    [2010/12/17 17:38:19 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\camron\Desktop\mbam-setup-1.50.0.0.exe
    [2010/12/17 21:56:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
    [2010/06/26 20:11:53 | 004,161,624 | ---- | M] (Finarea S.A. Switzerland ) -- C:\Documents and Settings\camron\Desktop\setupvoipstunt.exe
    [2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\camron\Desktop\TDSSKiller.exe
    [2010/12/17 14:58:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/05/24 21:50:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\camron\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/11/04 20:36:45 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/12/17 21:49:52 | 000,638,976 | ---- | M] () -- C:\Documents and Settings\camron\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/11 00:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
    @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
  24. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    Can you explain a little what we are doing and I can learn a little from this. Also any advices for what to do or not do in the future to keep the computer from freezing up/slowing down will be much appreciated.
  25. sunbeam08

    sunbeam08 Newcomer, in training Topic Starter Posts: 78

    I noticed there are programs that I have uninstalled show up on the logs. What does that mean?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.