Jump to content

cellman2010

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Additional files requested (part 2 of 2) File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500\20097af7-9ad9-469f-93e9-52a459084a3d 388 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500\f6bf23f9-c7c0-4885-bb47-d4c86e86a7e0 388 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\All Users 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\b973ec0ff915c48a18fe09064ce3a22d_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 56 bytes File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 893 bytes File C:\RRbackups\Documents and Settings\CC 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\1e3c86e84b6c3ef5048ea026bc660dd9_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 82 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\273257f56fc5bc3bb094d0b97c55db34_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 1310 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\2760fd374bdbdfb9b91f2f9ee9c5bb50_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 1310 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\354ae3dc2e7eae20c197962b28aebc6b_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 1310 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\44ea2f20af13306052fbe97d6673c80e_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 1310 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\4f456538dedaac9a3041a1ccafcc2031_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 1310 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\ad6cd1815452933929e52dcf937bc9d6_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 1310 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\aecafae78ff26660a0570a4b4e0b2a00_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 43 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\b9d9235710a744e488a1f17bf03a85ca_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 1310 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1538506715-3633772206-2670017357-1008\d126e413f589e156f7efb18e1233083d_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 1310 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\04498493-c0b6-4b87-bfa0-882821cc7933 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\1645065a-5151-4bfb-9c66-0274759f4ab1 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\36994f5d-8408-4f36-90bc-a1fcf8f71386 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\3a42ff33-7099-446d-bc13-7fa206d1f580 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\4c480ef0-580c-4074-831e-4f7282f0ceaa 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\5a338987-02bf-47ea-b7ec-96face42fcbf 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\5baed4b5-bf1f-4af0-99b0-43915080c7e3 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\777647eb-51d2-465a-86c9-d94221c5ae0b 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\80caac74-bbac-4224-92f9-3066c1314e4a 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\8f150c2a-5080-4491-b470-53f28f622fa0 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\9106eaf0-1f5c-40c2-bf7f-0a454c8335d4 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\9d88aa05-3add-41f8-bdac-d8a30386ef74 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\c0267aed-8d9e-4791-8975-bd32a75d79f4 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1538506715-3633772206-2670017357-1008\Preferred 24 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500\20097af7-9ad9-469f-93e9-52a459084a3d 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500\f6bf23f9-c7c0-4885-bb47-d4c86e86a7e0 388 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\CC\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\Default User 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500\20097af7-9ad9-469f-93e9-52a459084a3d 388 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500\f6bf23f9-c7c0-4885-bb47-d4c86e86a7e0 388 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\LocalService 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\NetworkService 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_3d0ee391-e07d-4157-bc65-c92d24bb2dc1 2519 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\0b061c50-d22b-469c-b46e-af29a60cddd2 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\1d59be7f-a6ae-4dce-b8bb-275ff3d088d5 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\3a7048c7-42c7-48af-8153-1685c7327b95 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\4061851f-37e0-4107-a026-07fc5d301427 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\50692e23-e2f3-4653-a233-ccc36a4028f6 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\79a34bd4-3a75-40cc-bd74-1a31721de447 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\7a26aa6f-352d-4e26-9c9c-9b83134fd9b1 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\addfb024-6e09-42c6-af26-6449b18ec8a2 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\ce430f83-72f8-4879-9a74-ed2417a127fb 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\d05d1e74-7a37-41da-bc16-b0fdb3b5967b 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\d4d17472-381d-4c2f-9ada-d6d5bb6b01ea 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\d6f8b652-b125-425c-bc77-8f03212fcbbc 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\fbc2ed28-e883-460d-993c-663f97f851dc 388 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Lenovo 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Lenovo\Client Security Solution 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Crypto 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Crypto\RSA 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Protect 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Protect\CREDHIST 24 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500\20097af7-9ad9-469f-93e9-52a459084a3d 388 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Protect\S-1-5-21-1910094291-3643343760-1301601350-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500\f6bf23f9-c7c0-4885-bb47-d4c86e86a7e0 388 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\Protect\S-1-5-21-2186833250-1288748059-2862496968-500\Preferred 24 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\SystemCertificates 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\SystemCertificates\My 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes File C:\RRbackups\Documents and Settings\QBPOSDBSrvUser\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes File C:\RRbackups\SIS 0 bytes File C:\RRbackups\SIS\C 0 bytes File C:\RRbackups\SIS\C\0 0 bytes ---- EOF - GMER 1.0.15 ----
  2. Adding requested file (part 1 of 2): GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-07-14 13:30:54 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort1 WDC_WD800JD-08MSA1 rev.10.01E01 Running: OTL2.exe; Driver: C:\DOCUME~1\CC\LOCALS~1\Temp\ugtdypog.sys ---- System - GMER 1.0.15 ---- SSDT 8634EF58 ZwConnectPort SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9F413620] ---- Kernel code sections - GMER 1.0.15 ---- init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xA37BAA00] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\wuauclt.exe[760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00EE000A .text C:\WINDOWS\system32\wuauclt.exe[760] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00EF000A .text C:\WINDOWS\system32\wuauclt.exe[760] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00ED000C .text C:\WINDOWS\System32\svchost.exe[1460] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B5000A .text C:\WINDOWS\System32\svchost.exe[1460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B6000A .text C:\WINDOWS\System32\svchost.exe[1460] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B4000C .text C:\WINDOWS\System32\svchost.exe[1460] USER32.dll!GetCursorPos 77D4BD86 5 Bytes JMP 0126000A .text C:\WINDOWS\System32\svchost.exe[1460] USER32.dll!WindowFromPoint 77D4BD9E 5 Bytes JMP 0127000A .text C:\WINDOWS\System32\svchost.exe[1460] USER32.dll!GetForegroundWindow 77D4BE5B 5 Bytes JMP 0128000A .text C:\WINDOWS\System32\svchost.exe[1460] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 0125000A .text C:\WINDOWS\system32\wuauclt.exe[1768] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0105000A .text C:\WINDOWS\system32\wuauclt.exe[1768] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0106000A .text C:\WINDOWS\system32\wuauclt.exe[1768] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0104000C .text C:\WINDOWS\Explorer.EXE[3312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F6000A .text C:\WINDOWS\Explorer.EXE[3312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F7000A .text C:\WINDOWS\Explorer.EXE[3312] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C4000C ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8654031B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8654031B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-3 8654031B Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8654031B AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \FileSystem\Fastfat \Fat 975DAC8A AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- Files - GMER 1.0.15 ---- File C:\RRbackups\C 0 bytes File C:\RRbackups\C\0 0 bytes File C:\RRbackups\C\0\Data27 50003968 bytes File C:\RRbackups\C\0\Data46 50003968 bytes File C:\RRbackups\C\0\Data65 50003968 bytes File C:\RRbackups\C\0\Data84 50003968 bytes File C:\RRbackups\C\0\Data0 50003968 bytes File C:\RRbackups\C\0\Data1 50003968 bytes File C:\RRbackups\C\0\Data10 50003968 bytes File C:\RRbackups\C\0\Data100 3818421 bytes File C:\RRbackups\C\0\Data11 50003968 bytes File C:\RRbackups\C\0\Data12 50003968 bytes File C:\RRbackups\C\0\Data13 50003968 bytes File C:\RRbackups\C\0\Data14 50003968 bytes File C:\RRbackups\C\0\Data15 50003968 bytes File C:\RRbackups\C\0\Data16 50003968 bytes File C:\RRbackups\C\0\Data17 50003968 bytes File C:\RRbackups\C\0\Data18 50003968 bytes File C:\RRbackups\C\0\Data19 50003968 bytes File C:\RRbackups\C\0\Data2 50003968 bytes File C:\RRbackups\C\0\Data20 50003968 bytes File C:\RRbackups\C\0\Data21 50003968 bytes File C:\RRbackups\C\0\Data22 50003968 bytes File C:\RRbackups\C\0\Data23 50003968 bytes File C:\RRbackups\C\0\Data24 50003968 bytes File C:\RRbackups\C\0\Data25 50003968 bytes File C:\RRbackups\C\0\Data26 50003968 bytes File C:\RRbackups\C\0\Data28 50003968 bytes File C:\RRbackups\C\0\Data29 50003968 bytes File C:\RRbackups\C\0\Data3 50003968 bytes File C:\RRbackups\C\0\Data30 50003968 bytes File C:\RRbackups\C\0\Data31 50003968 bytes File C:\RRbackups\C\0\Data32 50003968 bytes File C:\RRbackups\C\0\Data33 50003968 bytes File C:\RRbackups\C\0\Data34 50003968 bytes File C:\RRbackups\C\0\Data35 50003968 bytes File C:\RRbackups\C\0\Data36 50003968 bytes File C:\RRbackups\C\0\Data37 50003968 bytes File C:\RRbackups\C\0\Data38 50003968 bytes File C:\RRbackups\C\0\Data39 50003968 bytes File C:\RRbackups\C\0\Data4 50003968 bytes File C:\RRbackups\C\0\Data40 50003968 bytes File C:\RRbackups\C\0\Data41 50003968 bytes File C:\RRbackups\C\0\Data42 50003968 bytes File C:\RRbackups\C\0\Data43 50003968 bytes File C:\RRbackups\C\0\Data44 50003968 bytes File C:\RRbackups\C\0\Data45 50003968 bytes File C:\RRbackups\C\0\Data47 50003968 bytes File C:\RRbackups\C\0\Data48 50003968 bytes File C:\RRbackups\C\0\Data49 50003968 bytes File C:\RRbackups\C\0\Data5 50003968 bytes File C:\RRbackups\C\0\Data50 50003968 bytes File C:\RRbackups\C\0\Data51 50003968 bytes File C:\RRbackups\C\0\Data52 50003968 bytes File C:\RRbackups\C\0\Data53 50003968 bytes File C:\RRbackups\C\0\Data54 50003968 bytes File C:\RRbackups\C\0\Data55 50003968 bytes File C:\RRbackups\C\0\Data56 50003968 bytes File C:\RRbackups\C\0\Data57 50003968 bytes File C:\RRbackups\C\0\Data58 50003968 bytes File C:\RRbackups\C\0\Data59 50003968 bytes File C:\RRbackups\C\0\Data6 50003968 bytes File C:\RRbackups\C\0\Data60 50003968 bytes File C:\RRbackups\C\0\Data61 50003968 bytes File C:\RRbackups\C\0\Data62 50003968 bytes File C:\RRbackups\C\0\Data63 50003968 bytes File C:\RRbackups\C\0\Data64 50003968 bytes File C:\RRbackups\C\0\Data66 50003968 bytes File C:\RRbackups\C\0\Data67 50003968 bytes File C:\RRbackups\C\0\Data68 50003968 bytes File C:\RRbackups\C\0\Data69 50003968 bytes File C:\RRbackups\C\0\Data7 50003968 bytes File C:\RRbackups\C\0\Data70 50003968 bytes File C:\RRbackups\C\0\Data71 50003968 bytes File C:\RRbackups\C\0\Data72 50003968 bytes File C:\RRbackups\C\0\Data73 50003968 bytes File C:\RRbackups\C\0\Data74 50003968 bytes File C:\RRbackups\C\0\Data75 50003968 bytes File C:\RRbackups\C\0\Data76 50003968 bytes File C:\RRbackups\C\0\Data77 50003968 bytes File C:\RRbackups\C\0\Data78 50003968 bytes File C:\RRbackups\C\0\Data79 50003968 bytes File C:\RRbackups\C\0\Data8 50003968 bytes File C:\RRbackups\C\0\Data80 50003968 bytes File C:\RRbackups\C\0\Data81 50003968 bytes File C:\RRbackups\C\0\Data82 50003968 bytes File C:\RRbackups\C\0\Data83 50003968 bytes File C:\RRbackups\C\0\Data85 50003968 bytes File C:\RRbackups\C\0\Data86 50003968 bytes File C:\RRbackups\C\0\Data87 50003968 bytes File C:\RRbackups\C\0\Data88 50003968 bytes File C:\RRbackups\C\0\Data89 50003968 bytes File C:\RRbackups\C\0\Data9 50003968 bytes File C:\RRbackups\C\0\Data90 50003968 bytes File C:\RRbackups\C\0\Data91 50003968 bytes File C:\RRbackups\C\0\Data92 50003968 bytes File C:\RRbackups\C\0\Data93 50003968 bytes File C:\RRbackups\C\0\Data94 50003968 bytes File C:\RRbackups\C\0\Data95 50003968 bytes File C:\RRbackups\C\0\Data96 50003968 bytes File C:\RRbackups\C\0\Data97 50003968 bytes File C:\RRbackups\C\0\Data98 50003968 bytes File C:\RRbackups\C\0\Data99 50003968 bytes File C:\RRbackups\C\0\dats 0 bytes File C:\RRbackups\C\0\EFSFile 0 bytes File C:\RRbackups\C\0\HashFile 303564 bytes File C:\RRbackups\C\0\Info 756 bytes File C:\RRbackups\C\0\TOCFile 30862340 bytes File C:\RRbackups\C\1 0 bytes File C:\RRbackups\C\1\Data0 50003968 bytes File C:\RRbackups\C\1\Data1 50003968 bytes File C:\RRbackups\C\1\Data10 50003968 bytes File C:\RRbackups\C\1\Data11 50003968 bytes File C:\RRbackups\C\1\Data12 50003968 bytes File C:\RRbackups\C\1\Data13 50003968 bytes File C:\RRbackups\C\1\Data14 50003968 bytes File C:\RRbackups\C\1\Data15 50003968 bytes File C:\RRbackups\C\1\Data16 50003968 bytes File C:\RRbackups\C\1\Data17 50003968 bytes File C:\RRbackups\C\1\Data18 50003968 bytes File C:\RRbackups\C\1\Data19 50003968 bytes File C:\RRbackups\C\1\Data2 50003968 bytes File C:\RRbackups\C\1\Data20 50003968 bytes File C:\RRbackups\C\1\Data21 50003968 bytes File C:\RRbackups\C\1\Data22 49709650 bytes File C:\RRbackups\C\1\Data3 50003968 bytes File C:\RRbackups\C\1\Data4 50003968 bytes File C:\RRbackups\C\1\Data5 50003968 bytes File C:\RRbackups\C\1\Data6 50003968 bytes File C:\RRbackups\C\1\Data7 50003968 bytes File C:\RRbackups\C\1\Data8 50003968 bytes File C:\RRbackups\C\1\Data9 50003968 bytes File C:\RRbackups\C\1\dats 0 bytes File C:\RRbackups\C\1\EFSFile 0 bytes File C:\RRbackups\C\1\HashFile 360810 bytes File C:\RRbackups\C\1\Info 756 bytes File C:\RRbackups\C\1\TOCFile 36682350 bytes File C:\RRbackups\C\2 0 bytes File C:\RRbackups\C\2\Data0 50003968 bytes File C:\RRbackups\C\2\Data1 16709292 bytes File C:\RRbackups\C\2\dats 0 bytes File C:\RRbackups\C\2\EFSFile 0 bytes File C:\RRbackups\C\2\HashFile 366774 bytes File C:\RRbackups\C\2\Info 756 bytes File C:\RRbackups\C\2\TOCFile 37288690 bytes File C:\RRbackups\C\3 0 bytes File C:\RRbackups\C\3\Data0 50003968 bytes File C:\RRbackups\C\3\Data1 50003968 bytes File C:\RRbackups\C\3\Data2 50003968 bytes File C:\RRbackups\C\3\Data3 50003968 bytes File C:\RRbackups\C\3\Data4 50003968 bytes File C:\RRbackups\C\3\Data5 50003968 bytes File C:\RRbackups\C\3\Data6 50003968 bytes File C:\RRbackups\C\3\Data7 50003968 bytes File C:\RRbackups\C\3\Data8 15863232 bytes File C:\RRbackups\C\3\dats 0 bytes File C:\RRbackups\C\3\EFSFile 0 bytes File C:\RRbackups\C\3\HashFile 372678 bytes File C:\RRbackups\C\3\Info 756 bytes File C:\RRbackups\C\3\TOCFile 37888930 bytes File C:\RRbackups\C\4 0 bytes File C:\RRbackups\C\4\Data0 50003968 bytes File C:\RRbackups\C\4\Data1 5689154 bytes File C:\RRbackups\C\4\dats 0 bytes File C:\RRbackups\C\4\EFSFile 0 bytes File C:\RRbackups\C\4\HashFile 378018 bytes File C:\RRbackups\C\4\Info 756 bytes File C:\RRbackups\C\4\TOCFile 38431830 bytes File C:\RRbackups\C\5 0 bytes File C:\RRbackups\C\5\Data0 50003968 bytes File C:\RRbackups\C\5\Data1 17041119 bytes File C:\RRbackups\C\5\dats 0 bytes File C:\RRbackups\C\5\EFSFile 0 bytes File C:\RRbackups\C\5\HashFile 381762 bytes File C:\RRbackups\C\5\Info 756 bytes File C:\RRbackups\C\5\TOCFile 38812470 bytes File C:\RRbackups\C\MERGE 0 bytes File C:\RRbackups\C\MERGE\Data0 50003968 bytes File C:\RRbackups\C\MERGE\Data1 50003968 bytes File C:\RRbackups\C\MERGE\Data10 50003968 bytes File C:\RRbackups\C\MERGE\Data2 50003968 bytes File C:\RRbackups\C\MERGE\Data3 50003968 bytes File C:\RRbackups\C\MERGE\Data4 50003968 bytes File C:\RRbackups\C\MERGE\Data5 50003968 bytes File C:\RRbackups\C\MERGE\Data6 50003968 bytes File C:\RRbackups\C\MERGE\Data7 50003968 bytes File C:\RRbackups\C\MERGE\Data8 50003968 bytes File C:\RRbackups\C\MERGE\Data9 50003968 bytes File C:\RRbackups\C\MERGE\EFSFile 0 bytes File C:\RRbackups\C\MERGE\HashFile 366774 bytes File C:\RRbackups\C\MERGE\Info 0 bytes File C:\RRbackups\C\MERGE\TOCFile 37288690 bytes File C:\RRbackups\common 0 bytes File C:\RRbackups\common\backups.dat 8192 bytes File C:\RRbackups\common\bt0.dat 32256 bytes File C:\RRbackups\common\bt1.dat 32256 bytes File C:\RRbackups\common\bt2.dat 32256 bytes File C:\RRbackups\common\bt3.dat 32256 bytes File C:\RRbackups\common\bt4.dat 32256 bytes File C:\RRbackups\common\bt5.dat 32256 bytes File C:\RRbackups\common\hints.dat 8192 bytes File C:\RRbackups\common\mnd.dat 8192 bytes File C:\RRbackups\common\regcerts.dat 8192 bytes File C:\RRbackups\common\restore.log 146 bytes File C:\RRbackups\common\rr.log 81357 bytes File C:\RRbackups\common\SAM 262144 bytes File C:\RRbackups\common\secpolicy.dat 57344 bytes File C:\RRbackups\common\settings.dat 28672 bytes File C:\RRbackups\common\system.dat 12288 bytes File C:\RRbackups\common\tvtns.bin 23 bytes File C:\RRbackups\common\usersids.dat 19760 bytes File C:\RRbackups\Documents and Settings 0 bytes File C:\RRbackups\Documents and Settings\Administrator 0 bytes
  3. Adding requested logs: OTL logfile created on: 7/14/2011 12:47:59 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\CC\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.02 Mb Total Physical Memory | 48.54 Mb Available Physical Memory | 4.79% Memory free 2.38 Gb Paging File | 1.33 Gb Available in Paging File | 55.79% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.92 Gb Total Space | 46.28 Gb Free Space | 66.18% Space Free | Partition Type: NTFS Computer Name: MAIN | User Name: CC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\CC\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe () PRC - C:\WINDOWS\system32\ICO.EXE () PRC - C:\WINDOWS\system32\HDAShCut.exe () PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe () PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe () PRC - C:\Program Files\Time Clock MTS\timeclockmts.exe (Timesheets MTS Software) PRC - C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\QBPOSDBServiceEx.exe (Intuit Inc.) PRC - C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\qbpos.exe (Intuit Inc.) PRC - c:\Program Files\Lenovo\System Update\SUService.exe ( ) PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon .exe (Diskeeper Corporation) PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth .exe (Lenovo Group Limited) PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe () PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe () PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe () PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR .exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Program Files\ThinkVantage\AMSG\Amsg .exe (LENOVO) PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) PRC - C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe (Intuit, Inc.) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray .exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation) PRC - C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\QBDBMgrN.exe (iAnywhere Solutions, Inc.) PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp .exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\CC\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\PROCHLP.DLL (Lenovo Group Limited) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (QBPOSDBExtServices) -- C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\QBPOSDBServiceEx.exe (Intuit Inc.) SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe ( ) SRV - (PsaSrv) -- C:\WINDOWS\system32\psasrv.exe () SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe () SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe () SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation) SRV - (Intuit Entitlement Service v2) -- C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe (Intuit, Inc.) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (SavRoam) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (DefWatch) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (SymSecurePort) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation) SRV - (ISSVC) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccPwdSvc) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation) SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsld4892561) -- C:\WINDOWS\system32\MpEngineStore\MpKsld4892561.sys (Microsoft Corporation) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura) DRV - (PrivateDisk) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys (Utimaco Safeware AG) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050713.008\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20050713.008\NAVENG.SYS (Symantec Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20050404.003\SymIDSCo.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (SAVRTPEL) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation) DRV - (SAVRT) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys (Symantec Corporation) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider) DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS (Primax Electronics Ltd.) DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.checkesnfree.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/07/11 12:16:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/11 12:20:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/11 12:20:08 | 000,000,000 | ---D | M] [2011/07/11 15:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\CC\Application Data\Mozilla\Firefox\Profiles\wtastd85.default\extensions [2011/07/11 12:15:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\CC\Application Data\Mozilla\Firefox\Profiles\wtastd85.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/10/03 10:08:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008/10/03 10:07:45 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011/07/11 12:20:07 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org [2008/08/29 16:14:35 | 000,067,696 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll [2008/08/29 16:14:36 | 000,054,376 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll [2008/08/29 16:14:37 | 000,034,952 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll [2008/08/29 16:14:38 | 000,046,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll [2008/08/29 16:14:39 | 000,172,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll [2008/08/29 16:14:40 | 000,022,664 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2004/12/14 04:19:18 | 000,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2008/08/29 12:37:52 | 000,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2008/08/29 12:37:52 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2008/08/29 12:37:52 | 000,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2008/08/29 12:37:52 | 000,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2008/08/29 12:37:52 | 000,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2008/08/29 12:37:52 | 000,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml Hosts file not found O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe () O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe () O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe () O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe () O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.exe () O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE () O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe () O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\CC\Start Menu\Programs\Startup\Internet Explorer.lnk = File not found O4 - Startup: C:\Documents and Settings\CC\Start Menu\Programs\Startup\QuickBooks Point of Sale 5.0.lnk = C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\qbpos.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\CC\Start Menu\Programs\Startup\Time Clock MTS.lnk = C:\Program Files\Time Clock MTS\timeclockmts.exe (Timesheets MTS Software) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe () O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: americanwireless.com ([portal] https in Local intranet) O15 - HKCU\..Trusted Domains: boostmobilesales.com ([www] https in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll (Intuit Inc.) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\AwayNotify: DllName - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/14 12:46:48 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\CC\Desktop\OTL.exe [2011/07/14 12:43:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CC\Local Settings\Application Data\Conduit [2011/07/14 12:42:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CC\Local Settings\Application Data\WhiteSmoke_Bar [2011/07/13 18:04:36 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2011/07/13 18:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\WhiteSmoke_Bar [2011/07/13 18:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp [2011/07/13 18:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit [2011/07/13 18:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\WhiteSmoke_Bar [2011/07/13 12:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CC\Start Menu\Programs\HiJackThis [2011/07/13 12:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011/07/12 17:58:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2011/07/12 14:39:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore [2011/07/12 14:34:40 | 000,000,000 | ---D | C] -- C:\c76d88f87fe2aa2656021d47253b1c33 [2011/07/11 16:38:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\CC\IECompatCache [2011/07/11 15:34:27 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\CC\Desktop\IE8-WindowsXP-x86-ENU.exe [2011/07/04 16:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2011/07/04 16:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/07/04 13:35:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CC\Application Data\Malwarebytes [2011/07/04 13:34:51 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/07/04 13:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/07/04 13:34:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/07/04 13:34:46 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/07/04 13:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/07/04 13:33:31 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\CC\Desktop\mbam-setup-1.51.0.1200.exe [2011/07/01 18:11:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2011/07/01 17:00:02 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/07/01 16:49:01 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/07/01 16:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2011/07/01 16:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft [2011/07/01 16:48:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2011/07/01 11:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CC\Application Data\SUPERAntiSpyware.com [2011/07/01 11:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2011/07/01 11:13:55 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2011/06/29 17:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender [2011/06/29 16:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CC\Application Data\QuickScan [2011/06/29 13:51:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM [2011/06/29 13:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2011/06/17 16:54:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\CC\PrivacIE [2011/06/17 16:50:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\CC\IETldCache [2011/06/17 16:36:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2011/06/17 12:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\CC\Application Data\Sun [2011/06/15 15:45:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2011/06/15 15:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe [2011/06/15 14:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/06/15 14:58:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/14 12:47:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\CC\Desktop\OTL.exe [2011/07/14 12:47:18 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\CC\Desktop\OTL2.exe [2011/07/14 12:46:03 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job [2011/07/14 12:39:46 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/07/14 12:30:04 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job [2011/07/14 12:29:35 | 000,010,336 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2011/07/14 12:29:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/07/14 12:29:14 | 1063,354,368 | -HS- | M] () -- C:\hiberfil.sys [2011/07/13 17:30:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job [2011/07/13 16:30:11 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job [2011/07/13 15:30:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job [2011/07/13 15:05:47 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job [2011/07/13 12:47:30 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\CC\Desktop\HiJackThis.lnk [2011/07/12 18:00:13 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2011/07/12 15:10:01 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/07/12 14:31:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/07/12 14:28:24 | 000,518,330 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/07/12 14:28:24 | 000,101,208 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/07/11 23:30:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job [2011/07/11 18:30:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job [2011/07/11 17:46:30 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat [2011/07/11 16:49:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2011/07/11 16:44:24 | 000,039,940 | ---- | M] () -- C:\WINDOWS\System32\ICO.EXE [2011/07/11 16:44:24 | 000,039,940 | ---- | M] () -- C:\WINDOWS\System32\HDAShCut.exe [2011/07/11 16:32:10 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\CC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2011/07/11 15:35:33 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\CC\Desktop\IE8-WindowsXP-x86-ENU.exe [2011/07/08 16:52:32 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/07/08 16:52:32 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/07/04 16:13:29 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/07/04 13:34:52 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/04 13:34:01 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\CC\Desktop\mbam-setup-1.51.0.1200.exe [2011/07/01 17:00:01 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/07/01 16:59:59 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe [2011/07/01 16:49:09 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/07/01 16:48:06 | 010,145,792 | ---- | M] () -- C:\Documents and Settings\CC\Desktop\Ad-Aware90Install.msi [2011/07/01 11:31:11 | 015,893,048 | ---- | M] () -- C:\Documents and Settings\CC\Desktop\SAS_21814418.COM [2011/06/29 17:55:39 | 000,049,040 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin [2011/06/29 16:18:12 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\CC\Local Settings\Application Data\housecall.guid.cache [2011/06/20 10:31:32 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys [2011/06/17 16:43:11 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/14 12:47:17 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\CC\Desktop\OTL2.exe [2011/07/13 12:47:30 | 000,001,978 | ---- | C] () -- C:\Documents and Settings\CC\Desktop\HiJackThis.lnk [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job [2011/07/11 16:44:25 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2011/07/11 16:44:24 | 000,039,936 | ---- | C] () -- C:\WINDOWS\Fonts\6HWB210E.com [2011/07/11 12:36:33 | 1063,354,368 | -HS- | C] () -- C:\hiberfil.sys [2011/07/04 16:51:34 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/07/04 16:51:34 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/07/04 16:13:29 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/07/04 13:34:52 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/07/02 17:31:48 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2011/07/01 16:49:42 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/07/01 16:49:09 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk [2011/07/01 16:47:36 | 010,145,792 | ---- | C] () -- C:\Documents and Settings\CC\Desktop\Ad-Aware90Install.msi [2011/07/01 11:29:56 | 015,893,048 | ---- | C] () -- C:\Documents and Settings\CC\Desktop\SAS_21814418.COM [2011/06/29 17:41:09 | 000,049,040 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin [2011/06/29 16:18:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\CC\Local Settings\Application Data\housecall.guid.cache [2011/06/17 16:43:11 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/10/03 10:07:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008/02/07 16:13:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/02/07 15:58:15 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe [2008/02/07 15:53:58 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat [2008/02/07 15:51:41 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys [2008/02/07 15:51:14 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008/02/07 15:50:26 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/02/07 15:50:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/02/07 15:50:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/02/07 15:50:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/02/07 15:50:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/02/07 15:50:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/02/07 15:45:25 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini [2008/02/07 15:45:25 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini [2008/02/07 15:45:24 | 000,039,940 | ---- | C] () -- C:\WINDOWS\System32\ICO.EXE [2008/02/07 15:45:24 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL [2008/02/07 15:45:24 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE [2008/02/07 15:40:54 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config [2008/02/07 15:35:06 | 000,447,120 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2008/02/07 15:35:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll [2006/11/16 19:14:14 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\psasrv.exe [2006/06/14 11:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/05/23 07:37:23 | 000,010,336 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2006/05/23 07:37:19 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCTRL.INI [2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/04/30 01:56:21 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2006/04/30 01:56:21 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2006/04/30 01:56:21 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2006/04/30 01:56:21 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2006/04/30 01:56:20 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2006/04/30 01:55:59 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/04/30 01:55:55 | 000,518,330 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/04/30 01:55:55 | 000,101,208 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/04/30 01:55:28 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/04/29 19:03:29 | 000,266,208 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/03/31 13:36:50 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL [2005/07/08 04:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2005/01/07 20:07:16 | 000,039,940 | ---- | C] () -- C:\WINDOWS\System32\HDAShCut.exe ========== LOP Check ========== [2011/07/11 12:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2011/07/11 12:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Time Clock MTS [2011/07/11 12:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3} [2011/07/11 12:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CC\Application Data\Lenovo [2011/06/29 16:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CC\Application Data\QuickScan [2008/02/07 16:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\CC\Application Data\ThinkVantage [2011/07/11 16:49:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job [2011/07/14 12:30:04 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job [2011/07/13 15:05:47 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job [2011/07/13 15:30:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job [2011/07/13 16:30:11 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job [2011/07/13 17:30:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job [2011/07/11 18:30:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job [2011/07/11 23:30:03 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job [2011/07/11 16:44:25 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job [2011/07/14 12:46:03 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 7/14/2011 12:47:59 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\CC\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.02 Mb Total Physical Memory | 48.54 Mb Available Physical Memory | 4.79% Memory free 2.38 Gb Paging File | 1.33 Gb Available in Paging File | 55.79% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.92 Gb Total Space | 46.28 Gb Free Space | 66.18% Space Free | Partition Type: NTFS Computer Name: MAIN | User Name: CC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "FIREWALLDISABLENOTIFY" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe" = C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe:LocalSubNet:Enabled:Intuit Entitlement Service v2 -- (Intuit, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{1BA1A958-4BBB-4AB1-9B66-C86CEC6616CB}" = Symantec Client Security "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{9D22599D-E1F4-4934-8B4D-2BBA46662251}" = System Migration Assistant "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy "{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes "{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar "{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center "{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre "{DA320635-F48C-4613-8325-D75A933C549E}" = ThinkVantage System Update Toolbar Button for IE "{E70896B1-2074-4164-BCCB-B1611F05CC9D}" = QuickBooks Point of Sale 5.0 "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AwayTask" = ThinkVantage Away Manager "Business Contact Manager for Outlook 2007" = Business Contact Manager for Outlook 2007 "HDMI" = Intel® Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MouseSuite98" = Mouse Suite "Mozilla Firefox (2.0.0.17)" = Mozilla Firefox (2.0.0.17) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows "Picasa2" = Picasa 2 "PROHYBRIDR" = 2007 Microsoft Office system "Remove Multimedia Center" = Remove Multimedia Center "Time Clock MTS_is1" = Time Clock MTS V2.1.3 "WhiteSmoke_Bar Toolbar" = WhiteSmoke Bar Toolbar "WIC" = Windows Imaging Component "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Format Runtime" = Windows Media Format Runtime "Windows Media Player" = Windows Media Player 10 "WMCSetup" = Windows Media Connect ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 7/13/2011 4:34:24 PM | Computer Name = MAIN | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt> with error: This network connection does not exist. Error - 7/13/2011 5:31:30 PM | Computer Name = MAIN | Source = Application Error | ID = 1000 Description = Faulting application ico .exe, version 1.0.1.2, faulting module ico .exe, version 1.0.1.2, fault address 0x000033f6. Error - 7/13/2011 5:40:04 PM | Computer Name = MAIN | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt> with error: The connection with the server was terminated abnormally Error - 7/13/2011 5:40:04 PM | Computer Name = MAIN | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt> with error: This network connection does not exist. Error - 7/13/2011 6:27:46 PM | Computer Name = MAIN | Source = Application Error | ID = 1000 Description = Faulting application ico .exe, version 1.0.1.2, faulting module ico .exe, version 1.0.1.2, fault address 0x000033f6. Error - 7/13/2011 6:28:45 PM | Computer Name = MAIN | Source = Application Hang | ID = 1002 Description = Hanging application ICO.EXE, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/13/2011 6:28:51 PM | Computer Name = MAIN | Source = Application Hang | ID = 1002 Description = Hanging application LPMGR.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/13/2011 6:35:52 PM | Computer Name = MAIN | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt> with error: The connection with the server was terminated abnormally Error - 7/13/2011 6:35:52 PM | Computer Name = MAIN | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25.crt> with error: This network connection does not exist. Error - 7/14/2011 1:42:09 PM | Computer Name = MAIN | Source = Application Error | ID = 1000 Description = Faulting application ico .exe, version 1.0.1.2, faulting module ico .exe, version 1.0.1.2, fault address 0x000033f6. [ System Events ] Error - 7/11/2011 4:01:48 PM | Computer Name = MAIN | Source = DCOM | ID = 10010 Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout. Error - 7/12/2011 3:25:33 PM | Computer Name = MAIN | Source = Windows Update Agent | ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80246007: Cumulative Security Update for Internet Explorer 8 for Windows XP (KB982381). Error - 7/12/2011 3:34:39 PM | Computer Name = MAIN | Source = System Error | ID = 1003 Description = Error code 1000008e, parameter1 c0000005, parameter2 bf153fe7, parameter3 9a8145c0, parameter4 00000000. Error - 7/12/2011 6:51:46 PM | Computer Name = MAIN | Source = DCOM | ID = 10010 Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout. Error - 7/12/2011 6:52:16 PM | Computer Name = MAIN | Source = DCOM | ID = 10010 Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register with DCOM within the required timeout. Error - 7/12/2011 6:52:46 PM | Computer Name = MAIN | Source = DCOM | ID = 10010 Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout. Error - 7/12/2011 6:53:16 PM | Computer Name = MAIN | Source = DCOM | ID = 10010 Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register with DCOM within the required timeout. Error - 7/12/2011 6:53:46 PM | Computer Name = MAIN | Source = DCOM | ID = 10010 Description = The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout. Error - 7/12/2011 6:54:16 PM | Computer Name = MAIN | Source = DCOM | ID = 10010 Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register with DCOM within the required timeout. Error - 7/13/2011 1:57:46 PM | Computer Name = MAIN | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.4 for the Network Card with network address 001E37269517 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). < End of report >
  4. I have some type of spyware on my system. I keep getting pop up browsers about the Wal-Mart gift card and many times my google searches goto other websites. I also get popup boxes titled 'hello4'. I have run ad-aware, malbyes, and superspyware scanner, to no avail. Please help Here is my log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:04:36 PM, on 7/13/2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe c:\program files\lenovo\system update\suservice.exe C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\HDAShCut.exe C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\qbpos.exe C:\Program Files\Time Clock MTS\timeclockmts.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR .exe C:\Program Files\ThinkVantage\AMSG\Amsg .exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon .exe C:\Program Files\Time Clock MTS\timeclockmts.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\ccApp .exe C:\Program Files\Lenovo\Client Security Solution\cssauth .exe C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray .exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.checkesnfree.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Startup: Internet Explorer.lnk = ? O4 - Startup: QuickBooks Point of Sale 5.0.lnk = C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\qbpos.exe O4 - Startup: Time Clock MTS.lnk = C:\Program Files\Time Clock MTS\timeclockmts.exe O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: qbpos - {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\WINDOWS\system32\QBPOSProtocol.dll O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Intuit Entitlement Service v2 - Intuit, Inc. - C:\Program Files\Common Files\Intuit\Entitlement Client v2\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: QBPOS Database Extended Manager (QBPOSDBExtServices) - Intuit Inc. - C:\Program Files\Intuit\QuickBooks Point of Sale 5.0\DatabaseServer\QBPOSDBServiceEx.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- End of file - 11335 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.