Solved Redirecting websites to ads in firefox, IE, google chrome, random pop up

Status
Not open for further replies.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
 
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:eek:oVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
 
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [8/30/2009 10:26 PM 111232]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [8/30/2009 10:26 PM 38912]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 7:26 AM 46142]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 4:22 AM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11/18/2008 11:49 AM 98304]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 3:39 PM 431456]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 4:47 PM 3968]
R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 8:37 AM 3328]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [8/5/2005 1:31 PM 57728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2010 3:11 PM 135664]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [11/1/2010 8:54 AM 99248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 1:42 PM 73600]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [8/30/2009 10:26 PM 14976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-11-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4280864326.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
- c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
- c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
- c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
- c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-ACNotify - ACNotify.dll
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE
AddRemove-HP PSC 1200 Series - c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe
AddRemove-{7FC3BBEC-5A91-41B0-9CB8-960EC4421411} - c:\program files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 19:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2935761307-200697175-915879435-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:34,d5,3c,b9,ed,9d,0d,6d,92,be,86,35,58,8f,a4,f8,b7,ea,49,1c,16,7a,ae,
09,ba,34,ab,0d,64,72,ef,a1,0f,40,a1,88,21,d1,d4,fe,1e,95,29,cd,43,67,d6,78,\
"??"=hex:19,27,5b,5b,73,11,f8,ae,39,c1,1e,dd,0b,6d,f7,f6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkVantage Fingerprint Software\psfus.dll
c:\program files\Common Files\Virtual Token\psutil.dll
c:\program files\Common Files\Virtual Token\Remote.dll
c:\windows\system32\tphklock.dll
c:\program files\Common Files\Virtual Token\passport.dll

- - - - - - - > 'explorer.exe'(3156)
c:\windows\system32\PROCHLP.DLL
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Virtual Token\vtserver.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
c:\windows\system32\acs.exe
c:\windows\system32\msiexec.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-12-17 19:45:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-18 03:45

Pre-Run: 28,841,910,272 bytes free
Post-Run: 30,093,504,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 1D21E33B9704AC57DD3408CD3935F7FF
 
I can see two AV program running, Norton and Sophos.
Which one is your current security program?
 
I already uninstalled Norton. Is it still running??? Using Sophos usually. Only d/l the Norton when the computer started becoming weird. Then uninstalled that because it didn't work, and installed AVG. That didn't work either, so uninstalled that. Right now, back to Sophos. Which AV is more trustworthy? There are so many of them out there.
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Folder::
c:\documents and settings\camron\Application Data\Avira
c:\documents and settings\All Users\Application Data\AVG
c:\documents and settings\LocalService\Application Data\McAfee
c:\documents and settings\camron\Application Data\AVG10
c:\windows\system32\drivers\AVG
c:\program files\AVG


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=-


SecCenter::
{FB06448E-52B8-493A-90F3-E43226D3305C}


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 10-12-16.05 - camron 12/17/2010 21:39:10.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.863 [GMT -8:00]
Running from: c:\documents and settings\camron\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\camron\Desktop\CFScript.txt
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AVG
c:\documents and settings\All Users\Application Data\AVG\PC Tuneup 2011\Disabled Startup\Digital Line Detect.lnk
c:\documents and settings\All Users\Application Data\AVG\PC Tuneup 2011\Disabled Startup\Microsoft Office.lnk
c:\documents and settings\camron\Application Data\AVG10
c:\documents and settings\camron\Application Data\AVG10\cfgall\usergui.cfg
c:\documents and settings\camron\Application Data\Avira
c:\documents and settings\LocalService\Application Data\McAfee
c:\documents and settings\LocalService\Application Data\McAfee\sacore\sacore_cache.db
c:\program files\AVG
c:\program files\AVG\AVG10\Notification\avgxobni_installerxTE.exe
c:\program files\AVG\AVG10\Notification\XobniMiniAVGSetup.exe
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366761886093750_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366847707031250.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366847707031250_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366847707031250_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366909698125000.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366909698125000_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129366909698125000_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367393155312500.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367393155312500_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367393155312500_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367415242812500.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367415242812500_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367415242812500_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367476138750000.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367476138750000_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367476138750000_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367559970937500.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367559970937500_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129367559970937500_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368578569375000_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368590456093750.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368590456093750_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368590456093750_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368609411875000.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368609411875000_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368609411875000_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368636471718750.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368636471718750_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129368636471718750_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369463880937500.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369463880937500_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369463880937500_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369523928281250.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369523928281250_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369523928281250_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369547509218750.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369547509218750_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129369547509218750_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370250022968750.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370250022968750_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370250022968750_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370329121406250.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370329121406250_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370329121406250_m.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370847092656250.exh
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370847092656250_f.dmp
c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll_129370847092656250_m.dmp
c:\windows\system32\drivers\AVG
c:\windows\system32\drivers\AVG\incavi.avm.old

.
((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.

2010-12-18 01:38 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 01:38 . 2010-12-18 01:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 01:38 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 01:55 . 2010-12-13 01:55 -------- d-sh--w- c:\documents and settings\camron\IECompatCache
2010-12-13 01:34 . 2010-12-13 01:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-13 01:31 . 2010-12-13 01:31 -------- d-sh--w- c:\documents and settings\camron\PrivacIE
2010-12-13 01:25 . 2010-12-13 01:25 -------- d-sh--w- c:\documents and settings\camron\IETldCache
2010-12-13 01:24 . 2010-12-13 01:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-13 01:13 . 2010-12-13 01:18 -------- dc-h--w- c:\windows\ie8
2010-12-10 04:26 . 2010-12-10 04:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-10 04:25 . 2010-12-17 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-12-10 04:09 . 2010-12-10 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-02 03:26 . 2010-12-02 03:30 133432520 ----a-w- c:\program files\Ad-AwareInstall.exe
2010-12-02 03:21 . 2010-12-02 03:22 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-12-02 03:18 . 2010-12-14 06:57 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe
2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-01 07:30 . 2010-12-01 07:30 -------- d-----w- c:\program files\Windows Sidebar
2010-12-01 07:30 . 2010-12-09 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-01 01:29 . 2010-12-01 01:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-24 23:22 . 2010-11-24 23:24 6153352 ----a-w- c:\program files\malware-setup-1.46.exe
2010-11-24 22:21 . 2010-11-24 22:21 -------- d-----w- c:\documents and settings\mom\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 23:47 . 2006-05-18 14:54 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2007-02-12 17:17 . 2007-02-12 17:17 1286944 ------w- c:\program files\SetupAnyDVD6114.exe
2006-12-03 20:28 . 2006-12-03 20:28 6083152 ------w- c:\program files\SightSpeedInstall.exe
2006-11-29 22:53 . 2006-11-29 22:52 739240 ------w- c:\program files\vnc-4_1_2-x86_win32.exe
2006-10-30 18:16 . 2006-10-30 18:16 482288 ------w- c:\program files\YorkPhotoShow.exe
2006-09-05 10:30 . 2006-09-05 10:30 3800811 ------w- c:\program files\wace265i.exe
2003-04-22 15:46 . 2003-04-22 15:46 2719744 ------w- c:\program files\aiodrv.msi
2003-04-22 15:42 . 2003-04-22 15:42 2588672 ------w- c:\program files\aiosw.msi
2003-03-10 02:30 . 2003-03-10 02:30 184320 ----a-w- c:\program files\hpzscr07.dll
2003-03-10 02:30 . 2003-03-10 02:30 274432 ----a-w- c:\program files\hpzglu07.exe
2003-03-10 02:30 . 2003-03-10 02:30 237568 ----a-w- c:\program files\hpzc3212.dll
2002-09-09 23:48 . 2002-09-09 23:48 22608 ----a-w- c:\program files\usbprint.sys
2002-09-09 23:48 . 2002-09-09 23:48 12288 ----a-w- c:\program files\usbmon.dll
2002-09-09 23:47 . 2002-09-09 23:47 254005 ----a-w- c:\program files\msvcrt.dll
2002-09-09 23:47 . 2002-09-09 23:47 70656 ----a-w- c:\program files\msvcirt.dll
2002-09-09 23:47 . 2002-09-09 23:47 212992 ----a-w- c:\program files\hpzpnp07.dll
2002-09-09 23:46 . 2002-09-09 23:46 49212 ----a-w- c:\program files\hpzjvp01.dll
2002-09-09 23:46 . 2002-09-09 23:46 249913 ----a-w- c:\program files\hpzjut01.dll
2002-09-09 23:46 . 2002-09-09 23:46 417849 ----a-w- c:\program files\hpzjpp01.dll
2002-09-09 23:46 . 2002-09-09 23:46 28722 ----a-w- c:\program files\hpzjlog.dll
2002-09-06 15:54 . 2002-09-06 15:54 995383 ----a-w- c:\program files\MFC42.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-09-09 114688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-11-24 106496]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-16 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-16 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-6-11 245760]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-07-12 16:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-17 05:23 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:eek:oVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
 
"37674:UDP"= 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:eek:oVoo UDP port 37675

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [8/30/2009 10:26 PM 111232]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [8/30/2009 10:26 PM 38912]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 7:26 AM 46142]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 4:22 AM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11/18/2008 11:49 AM 98304]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 3:39 PM 431456]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 4:47 PM 3968]
R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 8:37 AM 3328]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [8/5/2005 1:31 PM 57728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2010 3:11 PM 135664]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [11/1/2010 8:54 AM 99248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 1:42 PM 73600]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [8/30/2009 10:26 PM 14976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-11-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4280864326.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
- c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
- c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
- c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
- c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 21:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2935761307-200697175-915879435-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:34,d5,3c,b9,ed,9d,0d,6d,92,be,86,35,58,8f,a4,f8,b7,ea,49,1c,16,7a,ae,
09,ba,34,ab,0d,64,72,ef,a1,0f,40,a1,88,21,d1,d4,fe,1e,95,29,cd,43,67,d6,78,\
"??"=hex:19,27,5b,5b,73,11,f8,ae,39,c1,1e,dd,0b,6d,f7,f6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkVantage Fingerprint Software\psfus.dll
c:\program files\Common Files\Virtual Token\psutil.dll
c:\program files\Common Files\Virtual Token\Remote.dll
c:\windows\system32\tphklock.dll
c:\program files\Common Files\Virtual Token\passport.dll
.
Completion time: 2010-12-17 21:47:36
ComboFix-quarantined-files.txt 2010-12-18 05:47
ComboFix2.txt 2010-12-18 03:45

Pre-Run: 30,032,060,416 bytes free
Post-Run: 29,974,482,944 bytes free

- - End Of File - - 4E836A353D8BBF53439BDF932AD858AF
 
Looks good :)

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
2 logs popped up, here's the 2nd one


ComboFix 10-12-16.05 - camron 12/17/2010 19:33:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.897 [GMT -8:00]
Running from: c:\documents and settings\camron\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))
.

2010-12-18 01:38 . 2010-11-30 01:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-18 01:38 . 2010-12-18 01:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-18 01:38 . 2010-11-30 01:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 19:53 . 2010-12-17 19:53 -------- d-----w- c:\documents and settings\camron\Application Data\Avira
2010-12-15 04:54 . 2010-12-15 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2010-12-14 06:49 . 2010-12-14 06:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-12-13 01:55 . 2010-12-13 01:55 -------- d-sh--w- c:\documents and settings\camron\IECompatCache
2010-12-13 01:34 . 2010-12-13 01:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-12-13 01:31 . 2010-12-13 01:31 -------- d-sh--w- c:\documents and settings\camron\PrivacIE
2010-12-13 01:25 . 2010-12-13 01:25 -------- d-sh--w- c:\documents and settings\camron\IETldCache
2010-12-13 01:24 . 2010-12-13 01:24 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-12-13 01:13 . 2010-12-13 01:18 -------- dc-h--w- c:\windows\ie8
2010-12-10 04:27 . 2010-12-10 04:27 -------- d-----w- c:\documents and settings\camron\Application Data\AVG10
2010-12-10 04:26 . 2010-12-10 04:26 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-12-10 04:25 . 2010-12-17 22:28 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-10 04:24 . 2010-12-16 06:04 -------- d-----w- c:\program files\AVG
2010-12-10 04:09 . 2010-12-10 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-02 03:26 . 2010-12-18 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-02 03:26 . 2010-12-02 03:30 133432520 ----a-w- c:\program files\Ad-AwareInstall.exe
2010-12-02 03:21 . 2010-12-02 03:22 16409960 ----a-w- c:\program files\spybotsd162.exe
2010-12-02 03:18 . 2010-12-14 06:57 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe
2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer
2010-12-01 20:57 . 2010-12-01 20:57 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2010-12-01 07:30 . 2010-12-01 07:30 -------- d-----w- c:\program files\Windows Sidebar
2010-12-01 07:30 . 2010-12-09 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-12-01 01:29 . 2010-12-01 01:30 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-11-24 23:22 . 2010-11-24 23:24 6153352 ----a-w- c:\program files\malware-setup-1.46.exe
2010-11-24 22:21 . 2010-11-24 22:21 -------- d-----w- c:\documents and settings\mom\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 23:47 . 2006-05-18 14:54 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2007-02-12 17:17 . 2007-02-12 17:17 1286944 ------w- c:\program files\SetupAnyDVD6114.exe
2006-12-03 20:28 . 2006-12-03 20:28 6083152 ------w- c:\program files\SightSpeedInstall.exe
2006-11-29 22:53 . 2006-11-29 22:52 739240 ------w- c:\program files\vnc-4_1_2-x86_win32.exe
2006-10-30 18:16 . 2006-10-30 18:16 482288 ------w- c:\program files\YorkPhotoShow.exe
2006-09-05 10:30 . 2006-09-05 10:30 3800811 ------w- c:\program files\wace265i.exe
2003-04-22 15:46 . 2003-04-22 15:46 2719744 ------w- c:\program files\aiodrv.msi
2003-04-22 15:42 . 2003-04-22 15:42 2588672 ------w- c:\program files\aiosw.msi
2003-03-10 02:30 . 2003-03-10 02:30 184320 ----a-w- c:\program files\hpzscr07.dll
2003-03-10 02:30 . 2003-03-10 02:30 274432 ----a-w- c:\program files\hpzglu07.exe
2003-03-10 02:30 . 2003-03-10 02:30 237568 ----a-w- c:\program files\hpzc3212.dll
2002-09-09 23:48 . 2002-09-09 23:48 22608 ----a-w- c:\program files\usbprint.sys
2002-09-09 23:48 . 2002-09-09 23:48 12288 ----a-w- c:\program files\usbmon.dll
2002-09-09 23:47 . 2002-09-09 23:47 254005 ----a-w- c:\program files\msvcrt.dll
2002-09-09 23:47 . 2002-09-09 23:47 70656 ----a-w- c:\program files\msvcirt.dll
2002-09-09 23:47 . 2002-09-09 23:47 212992 ----a-w- c:\program files\hpzpnp07.dll
2002-09-09 23:46 . 2002-09-09 23:46 49212 ----a-w- c:\program files\hpzjvp01.dll
2002-09-09 23:46 . 2002-09-09 23:46 249913 ----a-w- c:\program files\hpzjut01.dll
2002-09-09 23:46 . 2002-09-09 23:46 417849 ----a-w- c:\program files\hpzjpp01.dll
2002-09-09 23:46 . 2002-09-09 23:46 28722 ----a-w- c:\program files\hpzjlog.dll
2002-09-06 15:54 . 2002-09-06 15:54 995383 ----a-w- c:\program files\MFC42.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-09-09 114688]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2005-11-24 106496]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-26 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-16 409600]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-16 98304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2009-10-16 1325936]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2009-10-16 904840]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2009-10-16 136544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2009-6-11 245760]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-07-12 16:45 109664 ------w- c:\program files\ThinkVantage Fingerprint Software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ------w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-06-17 05:23 24576 ------w- c:\windows\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\ThinkVantage\\SystemUpdate\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\camron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services
"c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe"= c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:eek:oVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
 
"37674:UDP"= 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:eek:oVoo UDP port 37675

R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [8/30/2009 10:26 PM 111232]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [8/30/2009 10:26 PM 38912]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [6/28/2005 7:26 AM 46142]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [9/3/2009 3:44 PM 444224]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/5/2009 4:22 AM 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [11/18/2008 11:49 AM 98304]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [10/16/2009 3:39 PM 431456]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 4:47 PM 3968]
R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [7/12/2005 8:37 AM 3328]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);c:\windows\system32\drivers\swmx01.sys [8/5/2005 1:31 PM 57728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2010 3:11 PM 135664]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [11/1/2010 8:54 AM 99248]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [10/29/2009 10:22 AM 30603640]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [9/26/2009 4:28 AM 4639136]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);c:\windows\system32\drivers\SWNC5E01.sys [8/5/2005 1:42 PM 73600]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [8/30/2009 10:26 PM 14976]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-11-21 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4280864326.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-29 23:10]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
- c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
- c:\documents and settings\camron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-23 18:57]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
- c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]

2010-12-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
- c:\documents and settings\mom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-24 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-ACNotify - ACNotify.dll
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\HXFSETUP.EXE
AddRemove-HP PSC 1200 Series - c:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe
AddRemove-{7FC3BBEC-5A91-41B0-9CB8-960EC4421411} - c:\program files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-17 19:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2935761307-200697175-915879435-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:34,d5,3c,b9,ed,9d,0d,6d,92,be,86,35,58,8f,a4,f8,b7,ea,49,1c,16,7a,ae,
09,ba,34,ab,0d,64,72,ef,a1,0f,40,a1,88,21,d1,d4,fe,1e,95,29,cd,43,67,d6,78,\
"??"=hex:19,27,5b,5b,73,11,f8,ae,39,c1,1e,dd,0b,6d,f7,f6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\ThinkVantage Fingerprint Software\psfus.dll
c:\program files\Common Files\Virtual Token\psutil.dll
c:\program files\Common Files\Virtual Token\Remote.dll
c:\windows\system32\tphklock.dll
c:\program files\Common Files\Virtual Token\passport.dll

- - - - - - - > 'explorer.exe'(3156)
c:\windows\system32\PROCHLP.DLL
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Virtual Token\vtserver.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
c:\program files\ThinkVantage\SystemUpdate\UCLauncherService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\IBM ThinkVantage\Common\Logger\logmon.exe
c:\windows\system32\acs.exe
c:\windows\system32\msiexec.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2010-12-17 19:45:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-18 03:45

Pre-Run: 28,841,910,272 bytes free
Post-Run: 30,093,504,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 1D21E33B9704AC57DD3408CD3935F7FF
 
OTL Extras logfile created on: 12/17/2010 9:57:14 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\camron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.01 Gb Total Space | 27.94 Gb Free Space | 27.94% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.06 Gb Free Space | 56.34% Space Free | Partition Type: FAT
Drive F: | 294.00 Gb Total Space | 231.46 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
Drive G: | 51.03 Gb Total Space | 12.68 Gb Free Space | 24.85% Space Free | Partition Type: NTFS

Computer Name: LENOVO-190B3298 | User Name: camron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"443:UDP" = 443:UDP:*:Disabled:eek:oVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
 
"37674:UDP" = 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:eek:oVoo UDP port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
"C:\Program Files\Lexmark 2500 Series\app4r.exe" = C:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:printing Application -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe" = C:\Program Files\ThinkVantage\SystemUpdate\jre\bin\javaw.exe:*:Enabled:ThinkVantage System Update -- (IBM)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe" = C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe:*:Disabled:InstallShield Update Service Agent -- (InstallShield Software Corporation)
"C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\camron\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)
"C:\WINDOWS\system32\lxddcoms.exe" = C:\WINDOWS\system32\lxddcoms.exe:*:Enabled:2500 Series Server -- ( )
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddtime.exe:*:Disabled: -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddpswx.exe:*:Disabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxddjswx.exe:*:Disabled: -- ()
 
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Disabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe" = C:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Disabled:Device Monitor Application -- ()
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe" = C:\Program Files\Lexmark 2500 Series\lxddmon.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{03737893-5BEE-4C78-9C58-3AE7F172BBBE}" = Garmin Communicator Plugin
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14 (Beta)
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
"{2A43FF29-0D97-4445-B82D-9324F176AED5}" = ThinkVantage System Update
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{366E24C6-9097-4F63-BF42-3F3EF356A960}" = Photosynth 2.0.1519.16
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = XP Themes
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C86AF56-90B7-4E45-AD78-112C0E97B587}" = Before You Know It 3.6
"{7DA0C101-5C7C-40C9-A485-68E12780232C}" = Sierra Wireless MC5720 Package for Access Connections
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{93F4B16C-2F6C-41BE-9FAE-5062C1C40922}" = Byki
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A1E6130-8F5E-4076-899A-D51FF01EDA6C}" = System Migration Assistant 5.0
"{9E936417-55D6-402D-97AA-07C7FEF07444}" = ThinkVantage Fingerprint Software 4.6.0
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B214C3C8-FC16-42EC-B7BB-703A1BB9C790}" = Lenovo Battery Program
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate*DiscWizard
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" = Software Installer
"{D3C9E16D-AA27-491F-A29D-6FDF6B60AFC0}" = VZAccess Manager for Lenovo
"{D5A4CE1B-59ED-4D85-A3B2-6E0AFF448E4B}" = Diskeeper Lite
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2655391-0C83-4360-A1A3-E93AB80FE07B}" = Fingerprint Tutorial
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF24F097-D090-41D2-8E9C-BAFEBBFD938C}" = palmOne
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AwayTask" = ThinkVantage Away Manager
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"Lexmark 2500 Series" = Lexmark 2500 Series
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"XP Codec Pack" = XP Codec Pack

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Byki Express for camron" = Byki Express for camron
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/17/2010 2:40:21 PM | Computer Name = LENOVO-190B3298 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00023845.

Error - 12/17/2010 2:40:28 PM | Computer Name = LENOVO-190B3298 | Source = Application Error | ID = 1001
Description = Fault bucket 1271752061.

Error - 12/17/2010 3:46:38 PM | Computer Name = LENOVO-190B3298 | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::Unregister in the ComponentManager component encountered
a catastrophic error that it could not recover from.

Error - 12/17/2010 3:46:41 PM | Computer Name = LENOVO-190B3298 | Source = Sophos Anti-Virus | ID = 131078
Description = E_FAILURE. CManager::TriggerShutdown in the ComponentManager component
encountered a catastrophic error that it could not recover from.

Error - 12/17/2010 6:15:08 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11704
Description = Product: AVG 2011 -- Error 1704. An installation for Sophos AutoUpdate
is currently suspended. You must undo the changes made by that installation to
continue. Do you want to undo those changes?

Error - 12/17/2010 9:16:36 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11704
Description = Product: Sophos AutoUpdate -- Error 1704.An installation for Microsoft
Office 2000 SR-1 Premium is currently suspended. You must undo the changes made
by that installation to continue. Do you want to undo those changes?

Error - 12/17/2010 9:16:43 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11706
Description = Product: Sophos AutoUpdate -- Error 1706.No valid source could be
found for product Sophos AutoUpdate. The Windows Installer cannot continue.

Error - 12/17/2010 9:57:28 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11706
Description = Product: Sophos AutoUpdate -- Error 1706.No valid source could be
found for product Sophos AutoUpdate. The Windows Installer cannot continue.

Error - 12/17/2010 10:50:40 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11706
Description = Product: Sophos AutoUpdate -- Error 1706.No valid source could be
found for product Sophos AutoUpdate. The Windows Installer cannot continue.

Error - 12/17/2010 11:22:38 PM | Computer Name = LENOVO-190B3298 | Source = MsiInstaller | ID = 11706
Description = Product: Sophos AutoUpdate -- Error 1706.No valid source could be
found for product Sophos AutoUpdate. The Windows Installer cannot continue.

[ System Events ]
Error - 12/17/2010 11:39:55 PM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 12/17/2010 11:39:55 PM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxddCATSCustConnectService
service to connect.

Error - 12/17/2010 11:39:55 PM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7000
Description = The lxddCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 12/17/2010 11:39:57 PM | Computer Name = LENOVO-190B3298 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 12/18/2010 12:04:00 AM | Computer Name = LENOVO-190B3298 | Source = DCOM | ID = 10010
Description = The server {BBA960BE-6A97-4996-9ECB-AA313BEBF37A} did not register
with DCOM within the required timeout.

Error - 12/18/2010 1:36:14 AM | Computer Name = LENOVO-190B3298 | Source = DCOM | ID = 10010
Description = The server {BBA960BE-6A97-4996-9ECB-AA313BEBF37A} did not register
with DCOM within the required timeout.

Error - 12/18/2010 1:38:56 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
Description = The IBM KCU Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 12/18/2010 1:38:56 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
Description = The ThinkVantage System Update service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/18/2010 1:38:56 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
Description = The Ac Profile Manager Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 12/18/2010 1:38:56 AM | Computer Name = LENOVO-190B3298 | Source = Service Control Manager | ID = 7034
Description = The ACU Configuration Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >
 
This Oovo is killing me with the image limits. Sorry for the multiple posts.

OTL logfile created on: 12/17/2010 9:57:14 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\camron\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.01 Gb Total Space | 27.94 Gb Free Space | 27.94% Space Free | Partition Type: NTFS
Drive E: | 1.88 Gb Total Space | 1.06 Gb Free Space | 56.34% Space Free | Partition Type: FAT
Drive F: | 294.00 Gb Total Space | 231.46 Gb Free Space | 78.73% Space Free | Partition Type: NTFS
Drive G: | 51.03 Gb Total Space | 12.68 Gb Free Space | 24.85% Space Free | Partition Type: NTFS

Computer Name: LENOVO-190B3298 | User Name: camron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/17 21:56:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
PRC - [2010/02/18 08:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/10/16 15:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 15:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 15:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 15:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/10/05 04:22:15 | 000,080,936 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2009/06/11 00:37:04 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2008/11/18 11:49:43 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/25 06:41:38 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxddcoms.exe
PRC - [2005/12/15 16:14:46 | 000,143,360 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2005/12/15 16:14:34 | 000,409,600 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2005/12/15 16:14:14 | 000,098,304 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2005/11/24 00:02:00 | 000,106,496 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2005/09/30 00:32:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2005/09/27 22:26:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2005/09/02 00:00:00 | 000,073,728 | ---- | M] (Lenovo Ltd.) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/08/02 18:12:44 | 000,077,824 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/08/02 18:02:20 | 001,372,160 | ---- | M] () -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/08/02 17:17:30 | 000,722,480 | ---- | M] (IBM) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/07/21 14:55:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005/07/12 08:40:08 | 000,040,551 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Virtual Token\vtserver.exe
PRC - [2005/06/06 14:03:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2004/07/27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2003/04/09 15:21:38 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003/04/09 15:11:12 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003/04/09 14:59:24 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003/04/09 14:49:36 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe


========== Modules (SafeList) ==========

MOD - [2010/12/17 21:56:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/09/02 00:00:00 | 000,086,016 | ---- | M] (Lenovo Ltd.) -- C:\WINDOWS\system32\PROCHLP.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
SRV - [2010/05/27 00:16:38 | 000,172,032 | ---- | M] (Sophos Plc) [On_Demand | Stopped] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/10/16 15:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/10/05 04:22:15 | 000,080,936 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009/09/03 15:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2008/11/18 11:49:43 | 000,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2007/05/25 06:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 06:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2005/12/15 16:14:46 | 000,143,360 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2005/12/15 16:13:54 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005/11/08 15:07:02 | 000,036,864 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/09/30 00:32:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2005/09/27 22:26:12 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/09/02 00:00:00 | 000,073,728 | ---- | M] (Lenovo Ltd.) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/08/02 18:12:44 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/08/02 18:02:20 | 001,372,160 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/08/02 17:17:30 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/07/21 14:55:08 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/07/12 08:40:08 | 000,040,551 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Program Files\Common Files\Virtual Token\vtserver.exe -- (vtserver)
SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/06/06 14:03:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvpopflt.sys -- (lvpopflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys -- (FilterService)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/12/12 15:47:08 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010/09/02 08:35:41 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/09/02 08:35:41 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/09/02 08:35:14 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/09/02 08:34:51 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/04/13 01:20:25 | 000,111,232 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2010/04/13 01:20:12 | 000,038,912 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2008/05/22 23:38:25 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008/04/13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/10/12 08:56:33 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2006/05/18 06:52:34 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2005/12/08 16:32:16 | 000,470,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/08 08:27:20 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/09/30 00:32:00 | 000,013,456 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2005/09/02 00:00:00 | 000,005,120 | ---- | M] (Lenovo Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/08/23 15:59:02 | 000,167,424 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/08/10 00:50:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/08/10 00:50:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/08/10 00:10:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/08/08 01:40:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/08/05 13:42:18 | 000,073,600 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWNC5E01.sys -- (SWNC5E01) Sierra Wireless MUX NDIS Driver (#01)
DRV - [2005/08/05 13:31:30 | 000,057,728 | ---- | M] (Sierra Wireless Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmx01.sys -- (swmx01) Sierra Wireless USB MUX Driver (#01)
DRV - [2005/08/02 17:15:38 | 000,013,184 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/08/02 16:47:20 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2005/08/01 09:43:46 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/07/21 14:48:38 | 000,401,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005/07/21 14:46:14 | 001,341,466 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/07/21 14:44:28 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005/07/21 14:43:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/07/21 14:40:54 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/07/12 08:37:08 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (SmiHlp)
DRV - [2005/07/05 13:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005/06/30 11:59:00 | 000,026,240 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/06/28 07:26:02 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005/06/06 10:59:00 | 000,059,904 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2005/06/06 10:59:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2005/05/19 04:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/19 04:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/19 04:33:00 | 000,086,940 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/19 04:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/19 04:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/19 04:33:00 | 000,014,909 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/19 04:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/19 04:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/19 04:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/12 15:06:40 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/05/12 15:05:44 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/05/12 15:05:40 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/24 02:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/03/24 01:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2005/03/17 15:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/02/23 19:13:38 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/12/02 10:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 10:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/10 22:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/09/20 13:15:42 | 000,472,396 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2002/09/20 13:14:54 | 000,012,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 11:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
DRV - [2000/05/31 19:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (pmem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/12/17 21:45:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (Lenovo Group Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.yorkphoto.com/YorkActivia.cab (Snapfish Activia)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://sunbeam08.multiply.com/photos/uploader.cab (Aurigma Image Uploader 3.0 Control)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.146.192.16 24.113.32.30
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll - C:\Program Files\ThinkVantage Fingerprint Software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\camron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\camron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/17 21:56:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
[2010/12/17 19:31:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/17 19:28:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/17 19:28:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/17 19:28:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/17 19:28:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/17 19:28:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/17 19:28:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/17 18:46:24 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\camron\Desktop\TDSSKiller.exe
[2010/12/17 17:38:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/17 17:38:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/17 17:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/17 17:38:14 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\camron\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/17 14:57:51 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\TFC.exe
[2010/12/12 17:55:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\camron\IECompatCache
[2010/12/12 17:31:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\camron\PrivacIE
[2010/12/12 17:25:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\camron\IETldCache
[2010/12/12 17:13:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/12/09 20:26:46 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/12/09 20:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/12/09 20:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/03 17:39:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/12/01 19:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/01 19:26:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/12/01 19:26:03 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/12/01 19:21:59 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/12/01 19:18:36 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.0.0.exe
[2010/12/01 18:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/12/01 12:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2010/12/01 12:57:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/11/30 23:30:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2010/11/30 23:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/11/30 23:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/11/30 17:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/11/29 20:09:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/11/29 19:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/11/29 19:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/11/24 15:22:53 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\malware-setup-1.46.exe
[2010/11/01 08:53:18 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2010/11/01 08:53:18 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2010/11/01 08:53:18 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2010/11/01 08:53:18 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2010/11/01 08:53:18 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2010/11/01 08:53:17 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2010/11/01 08:53:17 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2010/11/01 08:53:17 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2010/11/01 08:53:17 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2010/11/01 08:53:16 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2010/11/01 08:53:15 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2010/11/01 08:53:15 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2006/12/03 12:28:42 | 006,083,152 | ---- | C] (SightSpeed Inc.) -- C:\Program Files\SightSpeedInstall.exe
[2006/11/29 14:52:58 | 000,739,240 | ---- | C] (RealVNC Ltd. ) -- C:\Program Files\vnc-4_1_2-x86_win32.exe
[2006/10/30 10:16:16 | 000,482,288 | ---- | C] (Simple Star, Inc.) -- C:\Program Files\YorkPhotoShow.exe
[2006/09/05 02:30:40 | 003,800,811 | ---- | C] (e-merge GmbH) -- C:\Program Files\wace265i.exe
[2004/11/24 10:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2003/03/09 18:30:44 | 000,184,320 | ---- | C] (HP) -- C:\Program Files\hpzscr07.dll
[2003/03/09 18:30:42 | 000,274,432 | ---- | C] (HP) -- C:\Program Files\hpzglu07.exe
[2003/03/09 18:30:42 | 000,237,568 | ---- | C] (Hewlett-Packard Co.) -- C:\Program Files\hpzc3212.dll
[2002/09/09 15:48:20 | 000,022,608 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbprint.sys
[2002/09/09 15:48:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\usbmon.dll
[2002/09/09 15:47:52 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
[2002/09/09 15:47:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
[2002/09/09 15:47:00 | 000,212,992 | ---- | C] (HP) -- C:\Program Files\hpzpnp07.dll
[2002/09/09 15:46:50 | 000,049,212 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjvp01.dll
[2002/09/09 15:46:42 | 000,249,913 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjut01.dll
[2002/09/09 15:46:32 | 000,417,849 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjpp01.dll
[2002/09/09 15:46:24 | 000,028,722 | ---- | C] (Hewlett-Packard) -- C:\Program Files\hpzjlog.dll
[2002/09/06 07:54:56 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Program Files\MFC42.DLL
 
========== Files - Modified Within 30 Days ==========

[2010/12/17 21:56:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
[2010/12/17 21:45:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/17 21:36:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/17 21:30:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
[2010/12/17 21:29:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005UA.job
[2010/12/17 19:40:27 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/17 19:40:24 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/17 19:39:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/17 19:39:39 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/17 19:31:59 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
[2010/12/17 19:19:52 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\Fix Comp.doc
[2010/12/17 19:09:40 | 003,993,691 | R--- | M] () -- C:\Documents and Settings\camron\Desktop\ComboFix.exe
[2010/12/17 18:44:55 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\tdsskiller.zip
[2010/12/17 18:04:17 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\d4ox7wnw.exe
[2010/12/17 17:38:19 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\camron\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/17 16:30:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
[2010/12/17 16:11:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/17 14:58:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\TFC.exe
[2010/12/16 22:29:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1005Core.job
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\camron\Desktop\TDSSKiller.exe
[2010/12/13 22:57:50 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.0.0.exe
[2010/12/12 17:25:33 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\camron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/12 17:18:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/08 17:30:21 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\My Computer.lnk
[2010/12/06 17:54:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/02 20:16:18 | 000,074,052 | ---- | M] () -- C:\Program Files\bookmarks.html
[2010/12/01 19:30:19 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/12/01 19:22:29 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2010/11/30 21:35:02 | 000,008,141 | ---- | M] () -- C:\WINDOWS\System32\5123.js
[2010/11/29 19:53:20 | 000,444,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/29 19:53:20 | 000,072,306 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/25 14:53:47 | 002,949,174 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\Hotel Cancel.bmp
[2010/11/24 15:24:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\malware-setup-1.46.exe
[2010/11/21 13:20:19 | 002,853,174 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\Bremerton Hotels.bmp
[2010/11/21 12:39:35 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1280864326.job

========== Files Created - No Company Name ==========

[2010/12/17 19:31:59 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2010/12/17 19:31:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/17 19:28:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/17 19:28:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/17 19:28:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/17 19:28:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/17 19:28:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/17 19:09:40 | 003,993,691 | R--- | C] () -- C:\Documents and Settings\camron\Desktop\ComboFix.exe
[2010/12/17 18:44:45 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\tdsskiller.zip
[2010/12/17 18:02:31 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\d4ox7wnw.exe
[2010/12/16 20:52:03 | 000,143,360 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\Fix Comp.doc
[2010/12/08 17:30:21 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\My Computer.lnk
[2010/12/02 20:16:18 | 000,074,052 | ---- | C] () -- C:\Program Files\bookmarks.html
[2010/12/01 23:04:34 | 1600,638,976 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/29 19:35:02 | 000,008,141 | ---- | C] () -- C:\WINDOWS\System32\5123.js
[2010/11/25 14:53:46 | 002,949,174 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\Hotel Cancel.bmp
[2010/11/24 14:25:26 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006UA.job
[2010/11/24 14:25:24 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2935761307-200697175-915879435-1006Core.job
[2010/11/21 13:20:06 | 002,853,174 | ---- | C] () -- C:\Documents and Settings\camron\Desktop\Bremerton Hotels.bmp
[2010/11/01 08:54:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2010/11/01 08:54:56 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2010/11/01 08:54:08 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2010/11/01 08:54:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2010/11/01 08:54:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2010/11/01 08:53:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2010/11/01 08:53:18 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2010/11/01 08:53:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2010/04/01 11:26:03 | 000,018,432 | ---- | C] () -- C:\Documents and Settings\camron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/23 18:30:19 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2010/02/23 18:29:20 | 000,010,628 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/23 12:04:53 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\camron\Application Data\setup_ldm.iss
[2010/02/23 11:46:44 | 000,001,056 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/02/22 10:09:54 | 000,000,674 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/01 14:22:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2008/02/27 09:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2007/03/03 14:44:32 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/02/12 09:17:18 | 001,286,944 | ---- | C] () -- C:\Program Files\SetupAnyDVD6114.exe
[2007/01/20 14:48:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/11/09 11:23:27 | 000,002,934 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/13 14:49:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/10/13 13:19:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKI~1.INI
[2006/07/17 14:00:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2006/06/12 14:38:43 | 000,002,153 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/24 20:31:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/18 06:56:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/18 06:55:31 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/05/18 06:55:04 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/05/18 06:48:44 | 000,000,160 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/18 06:42:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/05/18 06:42:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/05/18 06:42:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/05/18 06:42:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/05/18 06:42:11 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/05/18 06:42:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/05/18 06:30:03 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2006/05/18 06:09:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2006/05/18 06:09:28 | 000,009,340 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/05/18 06:07:05 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/05/18 06:07:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/05/18 05:55:44 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/02 12:02:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/21 14:50:58 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/06/21 17:46:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2004/10/11 21:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/11 21:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/11 21:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/08 21:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/04 23:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 08:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004/08/09 10:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 09:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/22 07:46:52 | 002,719,744 | ---- | C] () -- C:\Program Files\aiodrv.msi
[2003/04/22 07:42:04 | 002,588,672 | ---- | C] () -- C:\Program Files\aiosw.msi
[2003/04/22 07:23:58 | 000,000,267 | ---- | C] () -- C:\Program Files\readme.html
[2003/04/10 15:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/04/09 15:19:46 | 000,002,848 | ---- | C] () -- C:\Program Files\hpound08.inf
[2003/04/09 15:19:42 | 000,014,157 | ---- | C] () -- C:\Program Files\hpousc08.inf
[2003/04/09 15:00:50 | 000,002,889 | ---- | C] () -- C:\Program Files\hpousb08.inf
[2003/04/09 15:00:48 | 000,004,715 | ---- | C] () -- C:\Program Files\hpoglu08.inf
[2003/03/20 13:20:50 | 000,022,523 | ---- | C] () -- C:\Program Files\HPZius12.cat
[2003/03/20 13:20:48 | 000,022,082 | ---- | C] () -- C:\Program Files\hpzist12.cat
[2003/03/20 13:20:44 | 000,022,082 | ---- | C] () -- C:\Program Files\HPZid412.cat
[2003/03/20 13:20:40 | 000,024,285 | ---- | C] () -- C:\Program Files\hposcu08.cat
[2003/03/09 18:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/03/09 18:30:44 | 000,014,285 | ---- | C] () -- C:\Program Files\hpzius12.inf
[2003/03/09 18:30:44 | 000,010,325 | ---- | C] () -- C:\Program Files\hpzipr12.inf
[2003/03/09 18:30:44 | 000,003,667 | ---- | C] () -- C:\Program Files\hpzist12.inf
[2003/03/09 18:30:42 | 000,063,562 | ---- | C] () -- C:\Program Files\hposcu08.inf
[2003/03/09 18:30:42 | 000,051,266 | ---- | C] () -- C:\Program Files\hpoprn08.inf
[2003/03/09 18:30:42 | 000,033,952 | ---- | C] () -- C:\Program Files\hpzid412.inf
[2003/03/09 18:30:42 | 000,023,186 | ---- | C] () -- C:\Program Files\hpzcin06.ex_
[2003/03/09 18:30:42 | 000,003,898 | ---- | C] () -- C:\Program Files\hpounp08.inf
[2002/09/09 15:47:36 | 000,055,155 | ---- | C] () -- C:\Program Files\hpzusb00.sy_
[2002/09/09 15:47:26 | 000,005,705 | ---- | C] () -- C:\Program Files\hpzuci02.dl_
[2002/09/09 15:47:08 | 000,025,639 | ---- | C] () -- C:\Program Files\hpzpom04.dl_
[2002/09/09 15:46:16 | 000,052,552 | ---- | C] () -- C:\Program Files\hpziou01.dl_
[2002/01/24 23:04:50 | 000,005,440 | ---- | C] () -- C:\WINDOWS\System32\mciwa16.dll
[2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mciwaw95.ini
[2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[2002/01/24 23:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[2002/01/24 23:04:50 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[2002/01/24 23:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[2002/01/24 23:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1999/01/22 10:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1979/12/31 23:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1979/12/31 23:00:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[1979/12/31 23:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[1979/12/31 23:00:00 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI

========== LOP Check ==========

[2010/12/17 14:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/06 18:29:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/12/09 20:26:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/02/23 11:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/10/28 12:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2006/10/12 08:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2006/05/18 06:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2006/05/18 06:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/12/09 20:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/05/15 16:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/02/23 11:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/28 14:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2010/09/02 08:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/08/30 22:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/12/15 22:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/08/27 09:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Transparent
[2010/02/25 22:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/09/06 15:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/12 11:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Facebook
[2009/05/15 13:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\FairStars Audio Converter
[2008/07/16 09:16:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\FreeCall
[2009/10/28 01:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\GARMIN
[2006/10/12 08:56:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\HotSync
[2006/05/18 06:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\IBM
[2008/11/02 15:25:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\InternetCalls
[2006/05/24 22:17:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\InterVideo
[2006/05/26 13:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Leadertech
[2007/01/20 14:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Lenovo
[2010/11/01 08:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Lexmark Productivity Studio
[2009/05/26 02:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\NCH Swift Sound
[2010/04/22 17:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\ooVoo Details
[2007/03/03 14:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\SlySoft
[2006/10/14 07:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Snapfish
[2006/05/24 21:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\ThinkVantage
[2010/09/23 09:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Transparent
[2008/10/06 10:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Uniblue
[2008/05/18 14:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\Unyte
[2008/07/15 11:04:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\VoipBuster
[2010/06/26 20:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\camron\Application Data\VoipStunt
[2010/11/21 12:39:35 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1280864326.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/05/24 21:49:29 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2010/12/17 19:31:59 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
[2004/08/09 09:35:38 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/12/17 21:47:37 | 000,021,587 | ---- | M] () -- C:\ComboFix.txt
[2010/12/17 19:39:39 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/20 13:10:22 | 000,000,518 | ---- | M] () -- C:\hpfr3420.xml
[2010/10/20 13:10:26 | 000,029,130 | ---- | M] () -- C:\hpfr3425.log
[2010/10/20 12:58:51 | 000,000,393 | -H-- | M] () -- C:\hpothb07.dat
[2010/10/20 12:58:51 | 000,000,987 | -H-- | M] () -- C:\hpothb07.tif
[2006/10/28 08:26:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/30 21:04:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/12/17 19:39:37 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/12/08 17:19:15 | 000,138,450 | ---- | M] () -- C:\rr.log
[2010/12/17 18:47:45 | 000,062,432 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_17.12.2010_18.46.30_log.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 13:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 12:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 13:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 12:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/09 09:54:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/09/13 02:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD83.DLL
[2006/09/13 02:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP83.DLL
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/07/09 08:54:52 | 000,281,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpcpp091.dll
[2007/02/27 02:16:26 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2005/01/30 07:50:26 | 000,012,151 | ---- | M] () -- C:\WINDOWS\system32\logoxp.jpg

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2010/12/01 19:30:19 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2003/04/22 07:46:52 | 002,719,744 | ---- | M] () -- C:\Program Files\aiodrv.msi
[2003/04/22 07:42:04 | 002,588,672 | ---- | M] () -- C:\Program Files\aiosw.msi
[2010/12/02 20:16:18 | 000,074,052 | ---- | M] () -- C:\Program Files\bookmarks.html
[2003/04/09 15:00:48 | 000,004,715 | ---- | M] () -- C:\Program Files\hpoglu08.inf
[2003/03/09 18:30:42 | 000,051,266 | ---- | M] () -- C:\Program Files\hpoprn08.inf
[2003/03/20 13:20:40 | 000,024,285 | ---- | M] () -- C:\Program Files\hposcu08.cat
[2003/03/09 18:30:42 | 000,063,562 | ---- | M] () -- C:\Program Files\hposcu08.inf
[2003/04/09 15:19:46 | 000,002,848 | ---- | M] () -- C:\Program Files\hpound08.inf
[2003/03/09 18:30:42 | 000,003,898 | ---- | M] () -- C:\Program Files\hpounp08.inf
[2003/04/09 15:00:50 | 000,002,889 | ---- | M] () -- C:\Program Files\hpousb08.inf
[2003/04/09 15:19:42 | 000,014,157 | ---- | M] () -- C:\Program Files\hpousc08.inf
[2003/03/09 18:30:42 | 000,237,568 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\hpzc3212.dll
[2003/03/09 18:30:42 | 000,023,186 | ---- | M] () -- C:\Program Files\hpzcin06.ex_
[2003/03/09 18:30:42 | 000,274,432 | ---- | M] (HP) -- C:\Program Files\hpzglu07.exe
[2003/03/20 13:20:44 | 000,022,082 | ---- | M] () -- C:\Program Files\HPZid412.cat
[2003/03/09 18:30:42 | 000,033,952 | ---- | M] () -- C:\Program Files\hpzid412.inf
[2002/09/09 15:46:16 | 000,052,552 | ---- | M] () -- C:\Program Files\hpziou01.dl_
[2003/03/09 18:30:44 | 000,010,325 | ---- | M] () -- C:\Program Files\hpzipr12.inf
[2003/03/20 13:20:48 | 000,022,082 | ---- | M] () -- C:\Program Files\hpzist12.cat
[2003/03/09 18:30:44 | 000,003,667 | ---- | M] () -- C:\Program Files\hpzist12.inf
[2003/03/20 13:20:50 | 000,022,523 | ---- | M] () -- C:\Program Files\HPZius12.cat
[2003/03/09 18:30:44 | 000,014,285 | ---- | M] () -- C:\Program Files\hpzius12.inf
[2002/09/09 15:46:24 | 000,028,722 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjlog.dll
[2002/09/09 15:46:32 | 000,417,849 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjpp01.dll
[2002/09/09 15:46:42 | 000,249,913 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjut01.dll
[2002/09/09 15:46:50 | 000,049,212 | ---- | M] (Hewlett-Packard) -- C:\Program Files\hpzjvp01.dll
[2002/09/09 15:47:00 | 000,212,992 | ---- | M] (HP) -- C:\Program Files\hpzpnp07.dll
[2002/09/09 15:47:08 | 000,025,639 | ---- | M] () -- C:\Program Files\hpzpom04.dl_
[2003/03/09 18:30:44 | 000,184,320 | ---- | M] (HP) -- C:\Program Files\hpzscr07.dll
[2002/09/09 15:47:26 | 000,005,705 | ---- | M] () -- C:\Program Files\hpzuci02.dl_
[2002/09/09 15:47:36 | 000,055,155 | ---- | M] () -- C:\Program Files\hpzusb00.sy_
[2010/11/24 15:24:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\malware-setup-1.46.exe
[2010/12/13 22:57:50 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-1.50.0.0.exe
[2002/09/06 07:54:56 | 000,995,383 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MFC42.DLL
[2002/09/09 15:47:44 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcirt.dll
[2002/09/09 15:47:52 | 000,254,005 | ---- | M] (Microsoft Corporation) -- C:\Program Files\msvcrt.dll
[2003/04/22 07:23:58 | 000,000,267 | ---- | M] () -- C:\Program Files\readme.html
[2007/02/12 09:17:30 | 001,286,944 | ---- | M] () -- C:\Program Files\SetupAnyDVD6114.exe
[2006/12/03 12:28:42 | 006,083,152 | ---- | M] (SightSpeed Inc.) -- C:\Program Files\SightSpeedInstall.exe
[2010/12/01 19:22:29 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe
[2002/09/09 15:48:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\usbmon.dll
[2002/09/09 15:48:20 | 000,022,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\usbprint.sys
[2006/11/29 14:53:06 | 000,739,240 | ---- | M] (RealVNC Ltd. ) -- C:\Program Files\vnc-4_1_2-x86_win32.exe
[2006/09/05 02:30:45 | 003,800,811 | ---- | M] (e-merge GmbH) -- C:\Program Files\wace265i.exe
[2006/10/30 10:16:16 | 000,482,288 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\YorkPhotoShow.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/09 09:45:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/09 09:45:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/09 09:45:10 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/30 21:18:06 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/05/24 21:50:25 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\camron\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/09 10:03:14 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\camron\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/17 19:09:40 | 003,993,691 | R--- | M] () -- C:\Documents and Settings\camron\Desktop\ComboFix.exe
[2010/12/17 18:04:17 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\camron\Desktop\d4ox7wnw.exe
[2010/12/17 17:38:19 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\camron\Desktop\mbam-setup-1.50.0.0.exe
[2010/12/17 21:56:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\OTL.exe
[2010/06/26 20:11:53 | 004,161,624 | ---- | M] (Finarea S.A. Switzerland ) -- C:\Documents and Settings\camron\Desktop\setupvoipstunt.exe
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\camron\Desktop\TDSSKiller.exe
[2010/12/17 14:58:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\camron\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/05/24 21:50:23 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\camron\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/11/04 20:36:45 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/12/17 21:49:52 | 000,638,976 | ---- | M] () -- C:\Documents and Settings\camron\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/11 00:45:04 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
 
Can you explain a little what we are doing and I can learn a little from this. Also any advices for what to do or not do in the future to keep the computer from freezing up/slowing down will be much appreciated.
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Google Chrome now targets ads based on your browser history, here's how to turn that off
Replies
10
Views
635
trieste1s
T
Daniel Sims
Thousands of websites infected to redirect users in Google Ads view-pumping scam
Replies
5
Views
628
Feng Lengshun
F
D
Solved Malwarebyte pop-up at random times showing "Website blocked due to Trojan" Type: Outbound, c/windows/syswows64/dllhost.exe
2
Replies
25
Views
5K
allant
A

Latest posts

Back