search engine redirect, tdlwsp.dll, and safe mode broken

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

search engine redirect, tdlwsp.dll, and safe mode broken This is beyond aggravating

#1 Bob@work

New Member

Group: Members
Posts: 11
Joined: 12-November 09
Gender:Male
Location:Colorado, USA

Posted 12 November 2009 - 07:20 PM

Norton keeps finding a phantom file tdlwsp.dll (it' not there when I look in the windows/system32... path listed.)
Web search links all point to a autoforwarding site.
I've attached the log from the dds.scr and root repeal scans.
Any help would be greatly appreciated.

- Bob

Attached File(s)

rootrepeal_20091112.txt (63.53K)
Number of downloads: 3
DDS.txt (12.52K)
Number of downloads: 2

#2 Bob@work

New Member

Group: Members
Posts: 11
Joined: 12-November 09
Gender:Male
Location:Colorado, USA

Posted 16 November 2009 - 12:34 PM

New development - After I booted the computer Saturday, 14 Nov, saw that Norton was switched off. I used the start menu links to restart Norton, and its icon is back in the task bar.

#3 thcbytes

Bleepin' Teacher

Group: Malware Response Instructor
Posts: 11,595
Joined: 09-December 08
Gender:Male

Posted 20 November 2009 - 08:26 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://organdonor.gov/index.html

#4 Bob@work

New Member

Group: Members
Posts: 11
Joined: 12-November 09
Gender:Male
Location:Colorado, USA

Posted 20 November 2009 - 12:20 PM

As instructed, the DDS.TXt contents are below, the attach.txt file is zipped and uploaded as attach.zip

- Thanks for your help!
***************************
New Development since previous post:
On Tuesday, 17 Nov 09, Norton appeared on startup as disabled/off. Clicking the tray icon to re-enable resulted in the program being uninstalled. Re-installation proceeded normally to about 90%+, then the installation progress bar reset to zero and began over. This went on for several itterations, then we aborted, and installed Norton Internet Security from a CD instead of using our enterprise version. System has been stable since, with occasional popups. Search results are no longer hijacked, however any attempt to access google.com is forwarded to google.nl - searching the Dutch google site is possible; clicking on the search results goes to the correct place.
***************************

DDS (Ver_09-10-26.01) - NTFSx86
Run by doug shaw at 10:02:25.37 on Fri 11/20/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1353 [GMT -7:00]

AV: System Defender *On-access scanning enabled* (Updated) {8D88CC8F-3DBF-4974-A1F6-195DAF01EE3D}
FW: System Defender *enabled* {F005FDD7-1E0F-4309-93E0-3B0DFB4ADC8F}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\acautoup.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\doug shaw\Desktop\todo\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com/
uDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.0.0.125\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.0.0.125\coIEPlg.dll
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Startup Manager Scanner] c:\program files\startup mechanic\StartupMonitor.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [acEventServ] "c:\program files\activcard\activcard gold\acevtsrv.exe"
StartupFolder: c:\docume~1\dougsh~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\activcard\activcard gold\agquickp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} - hxxp://download.microsoft.com/download/3/B/E/3BE57995-8452-41F1-8297-DD75EF049853/VirtualEarth3D.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254864159418
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: {9F7456B5-4F94-4DE0-B5F1-10D3A0AC21D9} = 10.0.0.1,66.180.96.12
Notify: acAuth - acauth.dll
Notify: ACNotify - ACNotify.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SEH: {097F10A7-487F-4457-AB1F-827C59479A72} - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll
LSA: Notification Packages = scecli ACGina mshtag.dll
IFEO: image file execution options - svchost.exe
IFEO: a.exe - svchost.exe
IFEO: aAvgApi.exe - svchost.exe
IFEO: AAWTray.exe - svchost.exe
IFEO: About.exe - svchost.exe

Note: multiple IFEO entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-3-2 100656]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1000000.07d\SymEFA.sys [2009-11-19 309296]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-10-6 11520]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1000000.07d\BHDrvx86.sys [2009-11-19 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1000000.07d\ccHPx86.sys [2009-11-19 362544]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2007-10-6 4224]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091111.001\IDSXpx86.sys [2009-11-20 329592]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2007-10-6 4442]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\common files\activcard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2002-11-29 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\common files\activcard\acautoup.exe [2003-3-24 36864]
R2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2002-8-12 159744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [2009-11-19 115560]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-19 102448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2007-10-6 57216]
S2 gupdate1c98574bd995916;Google Update Service (gupdate1c98574bd995916);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-3-13 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-3-13 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-3-13 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-3-13 59776]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [2002-11-7 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [2004-4-6 64088]

=============== Created Last 30 ================

2009-11-19 22:50:24 35888 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-11-19 22:50:10 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-19 22:50:10 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-19 22:50:10 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-19 22:50:10 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-19 22:49:41 0 d-----w- c:\windows\system32\drivers\NIS
2009-11-19 22:49:39 0 d-----w- c:\program files\Norton Internet Security
2009-11-19 22:49:24 0 d-----w- c:\program files\NortonInstaller
2009-11-19 21:09:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-11-19 21:09:11 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-11-18 22:37:02 60 ----a-w- C:\exec.drv
2009-11-18 22:37:01 1667 ----a-w- C:\System Defender.lnk
2009-11-18 22:37:01 0 d-----w- c:\docume~1\alluse~1\applic~1\87dc6
2009-11-18 22:36:58 0 d-sh--w- c:\docume~1\alluse~1\applic~1\WSDDSys
2009-11-18 22:36:40 0 d-sh--w- c:\documents and settings\all users\19f6d40
2009-11-18 22:32:04 15872 ----a-w- c:\windows\system32\tdlcmd.dll
2009-11-18 18:32:02 12800 ----a-w- c:\windows\system32\tdlclk.dll
2009-11-02 15:39:29 0 d-----w- c:\docume~1\dougsh~1\applic~1\Malwarebytes
2009-11-02 15:39:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 15:39:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-02 15:39:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 15:39:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

==================== Find3M ====================

2009-11-11 19:43:21 33996 ----a-w- c:\windows\fonts\posthuman.ttf
2009-11-11 19:43:09 26444 ----a-w- c:\windows\fonts\SWINSBRG.TTF
2009-11-11 19:42:57 26848 ----a-w- c:\windows\fonts\Laffayette_Comic_Pro.ttf
2009-11-11 19:42:13 26604 ----a-w- c:\windows\fonts\Go Boom!.ttf
2009-10-22 09:19:04 5939712 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\dllcache\msasn1.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:00:21 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2007-10-06 14:54:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-08-06 16:05:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080620080807\index.dat

============= FINISH: 10:03:44.23 ===============

Attached File(s)

attach.zip (7.52K)
Number of downloads: 1

#5 Bob@work

New Member

Group: Members
Posts: 11
Joined: 12-November 09
Gender:Male
Location:Colorado, USA

Posted 20 November 2009 - 05:24 PM

New Development since lunchtime today, 20 November 09:
The search results returned from google.nl are now being hijacked as before - going to random pages through some autoforwarding host.

Thanks for any assistance you can provide!

#6 thcbytes

Bleepin' Teacher

Group: Malware Response Instructor
Posts: 11,595
Joined: 09-December 08
Gender:Male

Posted 20 November 2009 - 11:08 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

==========

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

RKill by Grinler

Link #1
Link #2
Link #3
Link #4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Download Link #1.
Save it to your Desktop.
Double click the RKill desktop icon.
If you are using Vista please right click and run as Admin!
A black screen will briefly flash indicating a successful run.
If this does not occur please delete that application and download Link #2.
Continue process until the tool runs.
If the tool does not run from any of the links tell me about it.

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.

Posted Image

Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
Double click on thcbytes.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

==========

Please go to start => Run => Copy and paste the bold line in the run-box and click OK:

"C:\Qoobox\Add-Remove Programs.txt"

A text file opens up, copy and paste the content to your reply.

==========

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

With your next post please provide:

* Exehelper log
* Combofix.txt
* Add/remove list

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#7 Bob@work

New Member

Group: Members
Posts: 11
Joined: 12-November 09
Gender:Male
Location:Colorado, USA

Posted 22 November 2009 - 08:14 PM

thcbytes,
Thanks for your quick reply! Sorry for my delay in answering - with the holidays approaching, nobody wanted to go in over the weekend [me included ;o) ].

Bad news is I broke a tooth this weekend, (perfect holiday precurser :ob ) but will accomplish the instructions and post the results at my first opportunity Monday - probably around noon Mountain time once my Dentist has a crack at my newest problem.

- Bob

#8 thcbytes

Bleepin' Teacher

Group: Malware Response Instructor
Posts: 11,595
Joined: 09-December 08
Gender:Male

Posted 22 November 2009 - 08:51 PM

Ouch.
Sorry about your tooth.
Post when ready.

~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#9 Bob@work

New Member

Group: Members
Posts: 11
Joined: 12-November 09
Gender:Male
Location:Colorado, USA

Posted 23 November 2009 - 02:12 PM

Hi Thcbytes! I'm back at work with a new tooth and feeling good about the prospects for getting the computer fixed, too!

Here are the results:
************************
*** exeHelperLog.txt ***
************************
exeHelper by Raktor
Build 20091122
Run at 11:19:22 on 11/23/09
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\calc.dll
Error deleting C:\WINDOWS\system32\calc.dll - Set for removal on reboot - PLEASE REBOOT
Deleting file C:\Documents and Settings\doug shaw\ntuser.dll
Deleting file C:\Documents and Settings\doug shaw\Start Menu\Programs\Startup\scandisk.dll
Deleting file C:\Documents and Settings\doug shaw\Start Menu\Programs\Startup\scandisk.lnk
Error deleting C:\Documents and Settings\doug shaw\Start Menu\Programs\Startup\scandisk.lnk - Set for removal on reboot - PLEASE REBOOT
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

************************
*** RKill ran successfully from the first link ***
************************

************************
*** Recovery Console Installed Successfully ***
************************

************************
thcbytes.exe detected 3 files "attempting to attach" and asked that I write them down:
- lomehane.dll
- rimolodo.dll
- soziredo.dll
thcbytes.exe then continued to run successfully.
Other messages:
- DKIcon.exe experienced a memory address error and produced an application error dialog box, OK was the only option.
- Rootkit activity was detected and a reboot was required.
- A message flashed briefly that a file could not be found - sys/combo-something - and it disappeard to quickly to get the complete message.
- Following one of the reboots; received a message about being unable to load "lomehane.dll" and another regarding "nunupofa.dll". Only option was "OK".
************************

************************
*** ComboFixLog.txt ***
*** This file was really long, so I uploaded a copy, too. ***
************************
ComboFix 09-11-22.04 - doug shaw 11/23/2009 11:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1559 [GMT -7:00]
Running from: c:\documents and settings\doug shaw\Desktop\New Folder\ComboFix\Link 1\thcbytes.exe
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
The following files were disabled during the run:
c:\windows\system32\lomehane.dll
c:\windows\system32\rimolodo.dll
c:\windows\system32\soziredo.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\doug shaw\ntuser.dll
c:\documents and settings\doug shaw\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\doug shaw\Start Menu\Programs\Startup\scandisk.lnk
c:\documents and settings\LocalService\ntuser.dll
c:\documents and settings\NetworkService\ntuser.dll
c:\recycler\S-1-5-21-4191877152-1407123167-1673696223-500
c:\windows\omadamumokekegas.dll.del
c:\windows\oyadizir.dll
c:\windows\system32\__c00DDAC0.dat
c:\windows\system32\6to4v32.dll
c:\windows\system32\calc.dll
c:\windows\system32\certstore.dat
c:\windows\system32\config\systemprofile\ntuser.dll
c:\windows\system32\daqdrv.sys
c:\windows\system32\darususi.dll.tmp
c:\windows\system32\fgjk4wvb.dll
c:\windows\system32\jifetahi.dll
c:\windows\system32\kufubabe.dll.tmp
c:\windows\system32\lilofati.dll
c:\windows\system32\lotonene.dll
c:\windows\system32\m4sd9qm2s.dll
c:\windows\system32\nunupofa.dll
c:\windows\system32\rinokulo.dll.tmp
c:\windows\system32\tdlclk.dll
c:\windows\system32\tdlcmd.dll
c:\windows\Tasks\cznvoigk.job
c:\windows\Temp\1167767943.exe

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4
-------\Legacy_daqdrv
-------\Service_daqdrv

((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-21 16:59 . 2009-11-21 16:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-11-21 16:54 . 2009-11-22 06:08 52736 ----a-w- c:\windows\system32\caonima2.exe
2009-11-21 16:54 . 2009-11-21 16:54 132075 ----a-w- C:\xrvho.exe
2009-11-21 16:54 . 2009-11-21 16:54 38400 ----a-w- C:\ldvlhbee.exe
2009-11-20 16:54 . 2009-11-19 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVENG.SYS
2009-11-20 16:54 . 2009-11-19 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\EECTRL.SYS
2009-11-20 16:54 . 2009-11-19 09:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\CCERASER.DLL
2009-11-20 16:54 . 2009-11-19 09:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\ECMSVR32.DLL
2009-11-20 16:54 . 2009-11-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVENG32.DLL
2009-11-20 16:54 . 2009-11-19 09:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVEX32A.DLL
2009-11-20 16:54 . 2009-11-19 09:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVEX15.SYS
2009-11-20 16:54 . 2009-11-19 09:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\ERASER.SYS
2009-11-20 15:15 . 2009-11-05 08:30 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-20 15:15 . 2009-11-05 08:30 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-20 15:15 . 2009-11-05 08:30 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-20 15:15 . 2009-11-05 08:30 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-20 15:15 . 2009-11-05 08:30 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-19 22:55 . 2009-11-19 22:55 -------- d-sh--w- c:\documents and settings\administrator.HBA\PrivacIE
2009-11-19 22:50 . 2009-08-26 00:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-11-19 22:50 . 2009-11-20 23:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-19 22:50 . 2009-11-20 23:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-19 22:50 . 2009-11-05 08:30 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-11-19 22:50 . 2009-11-05 08:30 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-11-19 22:50 . 2009-11-05 08:30 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-11-19 22:49 . 2009-11-19 22:49 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-11-19 22:49 . 2009-11-05 08:30 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-11-19 22:49 . 2009-11-19 22:49 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-11-19 22:49 . 2009-11-05 08:30 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-11-19 22:49 . 2009-11-19 22:49 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-11-19 22:49 . 2009-11-23 18:02 -------- d-----w- c:\windows\system32\drivers\NIS
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\Norton Internet Security
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\Windows Sidebar
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\NortonInstaller
2009-11-19 21:09 . 2009-11-19 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-19 21:09 . 2009-11-19 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-11-19 20:57 . 2009-11-19 20:57 -------- d-----w- c:\documents and settings\administrator.HBA\Local Settings\Application Data\Apple Computer
2009-11-19 20:22 . 2009-11-19 20:22 -------- d-----w- c:\documents and settings\administrator.HBA\Application Data\Malwarebytes
2009-11-19 20:22 . 2009-11-19 20:22 -------- d-----w- c:\documents and settings\administrator.HBA\Local Settings\Application Data\Identities
2009-11-19 20:22 . 2009-11-19 20:22 -------- d-----w- c:\documents and settings\administrator.HBA\Application Data\Windows Desktop Search
2009-11-19 20:21 . 2009-11-19 20:21 -------- d-sh--w- c:\documents and settings\administrator.HBA\IETldCache
2009-11-18 22:37 . 2009-11-18 22:37 60 ----a-w- C:\exec.drv
2009-11-18 22:37 . 2009-11-19 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\87dc6
2009-11-18 22:36 . 2009-11-18 22:36 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSDDSys
2009-11-18 22:36 . 2009-11-19 21:30 -------- d-sh--w- c:\documents and settings\All Users\19f6d40
2009-11-02 15:39 . 2009-11-02 15:39 -------- d-----w- c:\documents and settings\doug shaw\Application Data\Malwarebytes
2009-11-02 15:39 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 15:39 . 2009-11-21 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 15:39 . 2009-11-02 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-02 15:39 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 22:04 . 2009-10-30 22:04 -------- d-----w- c:\documents and settings\doug shaw\Local Settings\Application Data\Symantec
2009-10-27 13:22 . 2009-10-27 13:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 18:03 . 2009-02-02 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-20 23:08 . 2009-11-19 22:50 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-20 23:08 . 2009-11-19 22:50 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-20 23:08 . 2007-10-11 16:18 -------- d-----w- c:\program files\Symantec
2009-11-19 22:55 . 2007-10-06 15:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-19 22:48 . 2007-10-06 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-14 01:17 . 2007-11-20 22:42 -------- d-----w- c:\program files\pdf995
2009-11-14 01:06 . 2007-12-13 20:38 141536 ----a-w- c:\documents and settings\doug shaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 01:05 . 2008-07-16 03:46 -------- d-----w- c:\program files\Virtual Earth 3D
2009-11-11 23:38 . 2007-10-06 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 19:45 . 2007-10-06 15:23 141536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 16:46 . 2007-10-06 15:06 -------- d-----w- c:\program files\Picasa2
2009-10-30 22:04 . 2007-10-06 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lenovo
2009-10-10 21:31 . 2009-10-10 21:31 -------- d-----w- c:\program files\Render Plus Systems
2009-10-10 21:31 . 2007-10-06 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 22:41 . 2009-03-04 23:35 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-06 22:17 . 2009-10-06 22:17 -------- d-----w- c:\program files\MSBuild
2009-10-06 22:17 . 2009-10-06 22:17 -------- d-----w- c:\program files\Reference Assemblies
2009-10-06 22:07 . 2009-03-04 23:25 -------- d-----w- c:\program files\Microsoft Works
2009-10-06 21:59 . 2009-10-06 21:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-11 14:18 . 2006-04-30 06:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-04-30 06:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 18:03 . 2009-08-23 18:03 53760 --sha-w- c:\windows\system32\loyejosu.dll
2009-08-23 18:03 . 2009-08-23 18:03 53760 --sha-w- c:\windows\system32\wayumabe.dll
2009-03-21 14:06 . 2006-04-30 06:55 24064 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4cd6bcca-7dd0-4ba0-9c23-8540c2b0ffd8}]
2009-08-23 18:03 53760 --sha-w- c:\windows\system32\loyejosu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"Startup Manager Scanner"="c:\program files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-03-30 181808]

c:\documents and settings\doug shaw\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - c:\program files\ActivCard\ActivCard Gold\agquickp.exe [2003-3-19 147456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 17:11 65536 ----a-w- c:\windows\system32\acauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD LT Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD LT Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [11/20/2009 4:08 PM 310320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 5:47 PM 19760]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [11/20/2009 4:08 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [11/20/2009 4:08 PM 482432]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [12/17/2002 7:38 AM 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [11/29/2002 1:43 PM 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [3/24/2003 12:39 PM 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [8/12/2002 3:54 PM 159744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [11/20/2009 4:08 PM 117640]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 1:11 PM 569344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/19/2009 2:00 AM 102448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 12:42 PM 35264]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [11/20/2009 8:15 AM 329592]
S2 gupdate1c98574bd995916;Google Update Service (gupdate1c98574bd995916);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 1:27 PM 133104]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [3/13/2009 10:56 AM 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [3/13/2009 10:56 AM 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [3/13/2009 10:56 AM 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [3/13/2009 10:56 AM 59776]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 3:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 3:24 AM 64088]
.
Contents of the 'Scheduled Tasks' folder

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-11-21 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2009-11-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-06 04:38]

2009-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:27]

2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:27]

2007-10-09 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-10-06 16:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {9F7456B5-4F94-4DE0-B5F1-10D3A0AC21D9} = 10.0.0.1,66.180.96.12
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{0C50F454-9710-4949-A68E-3AF0738CC121} - c:\windows\system32\dsaoms.dll
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-dibutaniw - c:\windows\system32\lomehane.dll
HKLM-Run-zokipayayo - nunupofa.dll
SharedTaskScheduler-{7d7e149b-8cdd-4b39-bf52-404644ef677b} - c:\windows\system32\rimolodo.dll
ShellExecuteHooks-{097F10A7-487F-4457-AB1F-827C59479A72} - (no file)
SSODL-povagirid-{7d7e149b-8cdd-4b39-bf52-404644ef677b} - c:\windows\system32\rimolodo.dll
Notify-ACNotify - ACNotify.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 11:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,f8,0f,1a,4c,1c,39,44,aa,75,2b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a9,f8,0f,1a,4c,1c,39,44,aa,75,2b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(456)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(4488)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-23 11:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-23 18:53

Pre-Run: 67,723,636,736 bytes free
Post-Run: 69,051,875,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 236F41EC9D7D393DF7832F871CBAD204

************************
*** Add-Remove Programs.txt
************************

3Planesoft Screensaver Manager 1.1
Access Help
ActivCard Gold for CAC - PKI - Version 3.0 Feature Pack 1
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
ArcGIS Desktop
AutoCAD LT 2006 - English
Autodesk DWF Viewer
Bing Maps 3D
Bonjour
Client Security Solution
CorelDRAW Graphics Suite 12
Diskeeper Lite
Google Earth
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp 7
Google SketchUp LayOut 6
Google SketchUp Pro 6
Google Update Helper
Google Updater
GoToMeeting 4.0.0.320
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Integrated Camera
Intel® PRO Network Connections Drivers
InterVideo Register Manager
InterVideo WinDVD
InterVideo WinDVD Creator 3
iTime & Expense
iTunes
J2SE Runtime Environment 5.0 Update 6
Koi Pond 3D Screensaver (CD Version) 1.0
LiveUpdate 3.3 (Symantec Corporation)
Maintenance Manager
Malwarebytes' Anti-Malware
Manual video for trueSpace7.6
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NoAdware v5.0
Norton Internet Security
NSIS Media Extension
NVIDIA Drivers
nXtRender-IRender
OGA Notifier 2.0.0048.0
On Screen Display
PANTECH UM175 Driver
PC-Doctor 5 for Windows
Pdf995
Picasa 3
Presentation Director
Productivity Center Supplement for ThinkPad
Python 2.4.1
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SCR531 Smartcard Reader
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SoundMAX
Spelling Dictionaries Support For Adobe Reader 8
Startup Mechanic 2.8
System Migration Assistant
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Modem
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Uninstall trueSpace7.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VZAccess Manager
Wallpapers
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Search 4.0
Windows XP Service Pack 3
XP Themes

Attached File(s)

ComboFixLog.txt (24.24K)
Number of downloads: 2

#10 thcbytes

Bleepin' Teacher

Group: Malware Response Instructor
Posts: 11,595
Joined: 09-December 08
Gender:Male

Posted 23 November 2009 - 03:29 PM

Well done.

Still very infected!

Let's continue........

Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!!

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

File::
c:\windows\system32\caonima2.exe
C:\xrvho.exe
C:\ldvlhbee.exe
c:\windows\system32\loyejosu.dll
c:\windows\system32\wayumabe.dll

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

Registry::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=-
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Please download OTL from one of the following mirrors:
- This is THE Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTListIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

==========

With your next post please provide:

* Combofix.txt
* OTL.txt
* Extra.txt
* How's it running?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#11 Bob@work

New Member

Group: Members
Posts: 11
Joined: 12-November 09
Gender:Male
Location:Colorado, USA

Posted 23 November 2009 - 04:20 PM

Just in case the text gets truncated, I uploaded all 3 files, too.

*******************************
*** ComboFixLog.txt ***
*******************************

ComboFix 09-11-22.04 - doug shaw 11/23/2009 13:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1464 [GMT -7:00]
Running from: c:\documents and settings\doug shaw\Desktop\New Folder\ComboFix\Link 1\thcbytes.exe
Command switches used :: c:\documents and settings\doug shaw\Desktop\New Folder\ComboFix\Link 1\CFScript.txt
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"C:\ldvlhbee.exe"
"c:\windows\system32\caonima2.exe"
"c:\windows\system32\loyejosu.dll"
"c:\windows\system32\wayumabe.dll"
"C:\xrvho.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ldvlhbee.exe
c:\windows\system32\caonima2.exe
c:\windows\system32\lomehane.dll
c:\windows\system32\loyejosu.dll
c:\windows\system32\rimolodo.dll
c:\windows\system32\soziredo.dll
c:\windows\system32\wayumabe.dll
C:\xrvho.exe

.
((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-21 16:59 . 2009-11-21 16:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-11-20 16:54 . 2009-11-19 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVENG.SYS
2009-11-20 16:54 . 2009-11-19 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\EECTRL.SYS
2009-11-20 16:54 . 2009-11-19 09:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\CCERASER.DLL
2009-11-20 16:54 . 2009-11-19 09:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\ECMSVR32.DLL
2009-11-20 16:54 . 2009-11-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVENG32.DLL
2009-11-20 16:54 . 2009-11-19 09:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVEX32A.DLL
2009-11-20 16:54 . 2009-11-19 09:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVEX15.SYS
2009-11-20 16:54 . 2009-11-19 09:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\ERASER.SYS
2009-11-20 15:15 . 2009-11-05 08:30 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-20 15:15 . 2009-11-05 08:30 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-20 15:15 . 2009-11-05 08:30 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-20 15:15 . 2009-11-05 08:30 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-20 15:15 . 2009-11-05 08:30 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-19 22:55 . 2009-11-19 22:55 -------- d-sh--w- c:\documents and settings\administrator.HBA\PrivacIE
2009-11-19 22:50 . 2009-08-26 00:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-11-19 22:50 . 2009-11-20 23:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-19 22:50 . 2009-11-20 23:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-19 22:50 . 2009-11-05 08:30 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-11-19 22:50 . 2009-11-05 08:30 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-11-19 22:50 . 2009-11-05 08:30 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-11-19 22:49 . 2009-11-19 22:49 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-11-19 22:49 . 2009-11-05 08:30 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-11-19 22:49 . 2009-11-19 22:49 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-11-19 22:49 . 2009-11-05 08:30 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-11-19 22:49 . 2009-11-19 22:49 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-11-19 22:49 . 2009-11-23 18:02 -------- d-----w- c:\windows\system32\drivers\NIS
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\Norton Internet Security
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\Windows Sidebar
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\NortonInstaller
2009-11-19 21:09 . 2009-11-19 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-19 21:09 . 2009-11-19 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-11-19 20:57 . 2009-11-19 20:57 -------- d-----w- c:\documents and settings\administrator.HBA\Local Settings\Application Data\Apple Computer
2009-11-19 20:22 . 2009-11-19 20:22 -------- d-----w- c:\documents and settings\administrator.HBA\Application Data\Malwarebytes
2009-11-19 20:22 . 2009-11-19 20:22 -------- d-----w- c:\documents and settings\administrator.HBA\Local Settings\Application Data\Identities
2009-11-19 20:22 . 2009-11-19 20:22 -------- d-----w- c:\documents and settings\administrator.HBA\Application Data\Windows Desktop Search
2009-11-19 20:21 . 2009-11-19 20:21 -------- d-sh--w- c:\documents and settings\administrator.HBA\IETldCache
2009-11-18 22:37 . 2009-11-18 22:37 60 ----a-w- C:\exec.drv
2009-11-18 22:37 . 2009-11-19 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\87dc6
2009-11-18 22:36 . 2009-11-18 22:36 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSDDSys
2009-11-18 22:36 . 2009-11-19 21:30 -------- d-sh--w- c:\documents and settings\All Users\19f6d40
2009-11-02 15:39 . 2009-11-02 15:39 -------- d-----w- c:\documents and settings\doug shaw\Application Data\Malwarebytes
2009-11-02 15:39 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 15:39 . 2009-11-21 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 15:39 . 2009-11-02 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-02 15:39 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 22:04 . 2009-10-30 22:04 -------- d-----w- c:\documents and settings\doug shaw\Local Settings\Application Data\Symantec
2009-10-27 13:22 . 2009-10-27 13:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 18:03 . 2009-02-02 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-20 23:08 . 2009-11-19 22:50 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-20 23:08 . 2009-11-19 22:50 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-20 23:08 . 2007-10-11 16:18 -------- d-----w- c:\program files\Symantec
2009-11-19 22:55 . 2007-10-06 15:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-19 22:48 . 2007-10-06 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-14 01:17 . 2007-11-20 22:42 -------- d-----w- c:\program files\pdf995
2009-11-14 01:06 . 2007-12-13 20:38 141536 ----a-w- c:\documents and settings\doug shaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 01:05 . 2008-07-16 03:46 -------- d-----w- c:\program files\Virtual Earth 3D
2009-11-11 23:38 . 2007-10-06 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 19:45 . 2007-10-06 15:23 141536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 16:46 . 2007-10-06 15:06 -------- d-----w- c:\program files\Picasa2
2009-10-30 22:04 . 2007-10-06 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lenovo
2009-10-10 21:31 . 2009-10-10 21:31 -------- d-----w- c:\program files\Render Plus Systems
2009-10-10 21:31 . 2007-10-06 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 22:41 . 2009-03-04 23:35 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-06 22:17 . 2009-10-06 22:17 -------- d-----w- c:\program files\MSBuild
2009-10-06 22:17 . 2009-10-06 22:17 -------- d-----w- c:\program files\Reference Assemblies
2009-10-06 22:07 . 2009-03-04 23:25 -------- d-----w- c:\program files\Microsoft Works
2009-10-06 21:59 . 2009-10-06 21:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-11 14:18 . 2006-04-30 06:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-04-30 06:56 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-04-30 06:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-03-21 14:06 . 2006-04-30 06:55 24064 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-23_18.47.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-23 20:43 . 2009-11-23 20:43 16384 c:\windows\Temp\Perflib_Perfdata_7f0.dat
+ 2009-11-23 21:02 . 2009-11-23 21:02 16384 c:\windows\Temp\Perflib_Perfdata_400.dat
+ 2009-11-23 21:01 . 2009-11-23 21:01 16384 c:\windows\Temp\Perflib_Perfdata_160.dat
+ 2006-04-30 06:55 . 2009-11-23 20:47 79360 c:\windows\system32\perfc009.dat
- 2006-04-30 06:55 . 2009-11-23 18:50 79360 c:\windows\system32\perfc009.dat
+ 2006-04-30 06:55 . 2009-11-23 20:47 465640 c:\windows\system32\perfh009.dat
- 2006-04-30 06:55 . 2009-11-23 18:50 465640 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"Startup Manager Scanner"="c:\program files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-03-30 181808]
"zokipayayo"="nunupofa.dll" [BU]

c:\documents and settings\doug shaw\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - c:\program files\ActivCard\ActivCard Gold\agquickp.exe [2003-3-19 147456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 17:11 65536 ----a-w- c:\windows\system32\acauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD LT Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD LT Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [11/20/2009 4:08 PM 310320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 5:47 PM 19760]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [11/20/2009 4:08 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [11/20/2009 4:08 PM 482432]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [12/17/2002 7:38 AM 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [11/29/2002 1:43 PM 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [3/24/2003 12:39 PM 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [8/12/2002 3:54 PM 159744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [11/20/2009 4:08 PM 117640]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 1:11 PM 569344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/19/2009 2:00 AM 102448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 12:42 PM 35264]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [11/20/2009 8:15 AM 329592]
S2 gupdate1c98574bd995916;Google Update Service (gupdate1c98574bd995916);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 1:27 PM 133104]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [3/13/2009 10:56 AM 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [3/13/2009 10:56 AM 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [3/13/2009 10:56 AM 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [3/13/2009 10:56 AM 59776]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 3:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 3:24 AM 64088]
.
Contents of the 'Scheduled Tasks' folder

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-11-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2009-11-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-06 04:38]

2009-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:27]

2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:27]

2007-10-09 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-10-06 16:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {9F7456B5-4F94-4DE0-B5F1-10D3A0AC21D9} = 10.0.0.1,66.180.96.12
.
- - - - ORPHANS REMOVED - - - -

BHO-{4cd6bcca-7dd0-4ba0-9c23-8540c2b0ffd8} - loyejosu.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 14:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(5660)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Client Security Solution\tvttcsd.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\Rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-23 14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-23 21:07
ComboFix2.txt 2009-11-23 18:53

Pre-Run: 69,027,475,456 bytes free
Post-Run: 68,987,478,016 bytes free

- - End Of File - - 6A99565854227B16E193C643365B23D1

*********************************
*** OTL.txt ***
*********************************

OTL logfile created on: 11/23/2009 2:10:25 PM - Run 1
OTL by OldTimer - Version 3.1.7.1 Folder = C:\Documents and Settings\doug shaw\Desktop\New Folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 73.09% Memory free
3.81 Gb Paging File | 3.44 Gb Available in Paging File | 90.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.58 Gb Total Space | 64.29 Gb Free Space | 73.41% Space Free | Partition Type: NTFS
Drive D: | 0.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HBA154
Current User Name: doug shaw
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/23 13:38:46 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\doug shaw\Desktop\New Folder\OTL.exe
PRC - [2009/08/25 17:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/25 17:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/09/10 16:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/05 15:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 15:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 15:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 14:58:40 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/05/31 03:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/05/17 08:53:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/04/09 00:23:56 | 01,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/29 18:40:48 | 00,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/03/21 13:42:38 | 00,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/03/08 22:49:42 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 21:16:48 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 17:49:00 | 00,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/02/08 13:19:36 | 01,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/02/08 13:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 13:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/05 16:52:10 | 00,849,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/01/30 18:45:42 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/01/30 18:37:50 | 00,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/29 20:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/15 16:50:52 | 00,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/11/07 03:51:40 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/09/06 00:39:10 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/23 21:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 16:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/13 22:17:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/13 22:16:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/02/02 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2003/07/01 06:42:24 | 00,028,672 | ---- | M] (ActivCard) -- C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
PRC - [2003/03/24 12:39:22 | 00,036,864 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoup.exe
PRC - [2003/03/19 09:27:24 | 00,147,456 | ---- | M] (ActivCard) -- C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
PRC - [2002/12/17 07:38:20 | 00,135,168 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe
PRC - [2002/11/29 13:43:58 | 00,053,248 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe
PRC - [2002/08/12 15:54:58 | 00,159,744 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\accoca.exe

========== Modules (SafeList) ==========

MOD - [2009/11/23 13:38:46 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\doug shaw\Desktop\New Folder\OTL.exe
MOD - [2009/08/25 17:09:06 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\asOEHook.dll
MOD - [2008/04/13 17:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 17:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2006/02/13 22:17:12 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/08/25 17:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/03/23 21:38:25 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/20 18:10:15 | 03,093,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/02/02 13:27:55 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98574bd995916) Google Update Service (gupdate1c98574bd995916)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/12/14 14:56:34 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/20 14:05:37 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/07/05 15:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 15:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/05/31 03:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/05/17 08:53:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/03/21 13:42:38 | 00,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2007/03/02 17:49:00 | 00,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/02/08 13:19:36 | 01,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/02/08 13:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 13:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 11:40:16 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/30 18:45:42 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/01/30 18:37:50 | 00,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/29 20:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/15 16:50:52 | 00,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/23 21:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/04/14 10:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2003/03/24 12:39:22 | 00,036,864 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoup.exe -- (acautoupdate)
SRV - [2002/12/17 07:38:20 | 00,135,168 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe -- (ACachSrv)
SRV - [2002/11/29 13:43:58 | 00,053,248 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe -- (acautoreg)
SRV - [2002/08/12 15:54:58 | 00,159,744 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\accoca.exe -- (Accoca)

========== Driver Services (SafeList) ==========

DRV - File not found -- -- (catchme)
DRV - [2009/11/20 16:08:27 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/20 16:08:11 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys -- (ccHP)
DRV - [2009/11/19 02:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/11/19 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/11/19 02:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/11/19 02:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/05 01:30:40 | 00,329,592 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/08/25 17:09:10 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/25 17:09:10 | 00,308,272 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/25 17:09:10 | 00,259,632 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/25 17:09:10 | 00,217,136 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/25 17:09:10 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/25 17:08:51 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/08/25 17:08:51 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008/11/20 12:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/11 15:58:56 | 00,059,776 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\drivers\PTDUWWAN.sys -- (PTDUWWAN)
DRV - [2008/03/11 15:58:50 | 00,039,936 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\drivers\PTDUVsp.sys -- (PTDUVsp)
DRV - [2008/03/11 15:58:48 | 00,041,344 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\drivers\PTDUMdm.sys -- (PTDUMdm)
DRV - [2008/03/11 15:58:44 | 00,029,824 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\drivers\PTDUBus.sys -- (PTDUBus)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/06 08:07:33 | 00,033,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2007/10/06 08:06:31 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007/06/17 09:16:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/05/31 03:01:30 | 00,021,424 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/05/17 08:53:00 | 06,346,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/04/12 21:08:26 | 00,306,176 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/04/09 11:03:00 | 00,012,848 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/04/05 07:19:20 | 00,546,112 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/04/02 11:24:08 | 00,004,224 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/03/22 15:59:48 | 00,094,848 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2007/03/21 22:02:04 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/02 17:49:00 | 00,100,656 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 17:47:00 | 00,019,760 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/26 17:03:56 | 00,251,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/02/24 14:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/12 10:36:54 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/08 12:30:28 | 00,017,664 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/23 16:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/21 19:56:00 | 00,988,800 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 19:56:00 | 00,209,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 19:55:00 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/15 03:00:20 | 00,057,216 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2006/11/08 00:02:34 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2006/11/06 01:24:56 | 00,012,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/22 18:23:28 | 00,017,778 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/09/13 12:42:44 | 00,035,264 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/09/12 22:42:18 | 00,028,224 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/06/18 22:26:00 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2006/03/01 03:30:00 | 00,089,472 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/13 22:04:58 | 00,177,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/02 05:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 05:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 05:20:00 | 00,086,652 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 05:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 05:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 05:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 05:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 12:02:50 | 00,005,660 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 12:02:10 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 05:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/11/08 09:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/05/17 10:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/04/06 03:24:00 | 00,064,088 | ---- | M] (SCM Microsystems Inc.) -- C:\WINDOWS\system32\drivers\SCR33X2K.sys -- (SCR33X USB Smart Card Reader)
DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2002/11/07 03:04:00 | 00,181,875 | ---- | M] (SCM Microsystems Inc.) -- C:\WINDOWS\system32\drivers\SCR131C.sys -- (SCR131C)
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 05:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/08/17 05:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\S-1-5-21-14295905-1311783717-581009308-1626\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\S-1-5-21-14295905-1311783717-581009308-1626\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/07 07:31:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{87B7F847-9543-4081-B210-B2A95349B77D}: C:\Documents and Settings\doug shaw\Local Settings\Application Data\{87B7F847-9543-4081-B210-B2A95349B77D} [2009/10/06 15:43:13 | 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [acEventServ] C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [zokipayayo] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\doug shaw\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1254864159418 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hbaa.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (soziredo.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\acAuth: DllName - acauth.dll - C:\WINDOWS\System32\acauth.dll (ActivCard)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 00:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/23 11:27:21 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/23 11:24:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/23 11:24:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/23 11:24:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/23 11:24:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/23 11:22:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/23 11:22:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/23 11:18:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\doug shaw\Desktop\New Folder
[2009/11/20 16:08:27 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.sys
[2009/11/20 16:08:27 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symtdi.sys
[2009/11/20 16:08:27 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symfw.sys
[2009/11/20 16:08:27 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndisv.sys
[2009/11/20 16:08:27 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndis.sys
[2009/11/20 16:08:27 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symids.sys
[2009/11/20 16:08:26 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.sys
[2009/11/20 16:08:26 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
[2009/11/20 16:08:26 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.sys
[2009/11/20 16:08:11 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/11/20 16:08:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1007020.00B
[2009/11/19 15:50:24 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/11/19 15:50:10 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/19 15:50:10 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/19 15:49:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/11/19 15:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/11/19 15:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/11/19 15:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/11/19 14:09:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/19 14:09:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/11/18 15:37:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\87dc6
[2009/11/18 15:36:58 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\WSDDSys
[2009/11/18 15:36:40 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\19f6d40
[2009/11/11 12:44:31 | 00,033,996 | ---- | C] () -- C:\WINDOWS\Fonts\posthuman.ttf
[2009/11/11 12:44:31 | 00,026,848 | ---- | C] () -- C:\WINDOWS\Fonts\Laffayette_Comic_Pro.ttf
[2009/11/11 12:44:31 | 00,026,604 | ---- | C] () -- C:\WINDOWS\Fonts\Go Boom!.ttf
[2009/11/11 12:44:31 | 00,026,444 | ---- | C] () -- C:\WINDOWS\Fonts\SWINSBRG.TTF
[2009/11/02 08:39:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\doug shaw\Application Data\Malwarebytes
[2009/11/02 08:39:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/02 08:39:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/02 08:39:23 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/02 08:39:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/30 15:04:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\Symantec
[2007/10/06 07:47:27 | 00,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/10/06 07:47:27 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/23 14:06:13 | 00,554,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/23 14:06:13 | 00,465,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/23 14:06:13 | 00,079,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/23 14:03:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/23 14:02:51 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/23 14:02:40 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/23 14:02:38 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/23 14:01:40 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2009/11/23 14:01:40 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/23 14:01:26 | 00,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2009/11/23 14:01:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/23 14:01:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/23 14:01:19 | 21,121,39264 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/23 14:00:24 | 08,388,608 | -H-- | M] () -- C:\Documents and Settings\doug shaw\NTUSER.DAT
[2009/11/23 14:00:21 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\fuwelawu
[2009/11/23 13:52:33 | 00,655,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/11/23 11:56:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/23 11:44:55 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\doug shaw\ntuser.ini
[2009/11/23 11:27:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/21 10:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/21 09:44:16 | 00,001,980 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/11/20 16:08:27 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/20 16:08:27 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/20 16:08:27 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/20 16:08:27 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/20 16:08:11 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/11/20 16:08:09 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/11/20 16:08:09 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/11/20 16:08:09 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/11/20 15:36:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/20 14:57:40 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\doug shaw\Desktop\Outlook 2007.lnk
[2009/11/20 09:58:04 | 04,529,979 | ---- | M] () -- C:\Documents and Settings\doug shaw\Desktop\AFCEE ADP Guide.pdf
[2009/11/19 14:04:23 | 00,000,807 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/19 14:04:23 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/11/18 16:20:28 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 15:37:02 | 00,000,060 | ---- | M] () -- C:\exec.drv
[2009/11/18 15:37:01 | 00,001,667 | ---- | M] () -- C:\System Defender.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/13 18:06:15 | 00,141,536 | ---- | M] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/13 18:05:55 | 00,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bing Maps 3D.lnk
[2009/11/11 16:41:37 | 00,436,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/04 16:59:20 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/23 11:27:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/23 11:27:22 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/23 11:24:14 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/23 11:24:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/23 11:24:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/23 11:24:14 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/23 11:24:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/21 09:44:59 | 00,655,374 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/11/20 16:08:27 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.cat
[2009/11/20 16:08:27 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.inf
[2009/11/20 16:08:26 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.cat
[2009/11/20 16:08:26 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.cat
[2009/11/20 16:08:26 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.cat
[2009/11/20 16:08:26 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\bhdrvx86.cat
[2009/11/20 16:08:26 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.cat
[2009/11/20 16:08:26 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.inf
[2009/11/20 16:08:26 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.inf
[2009/11/20 16:08:26 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.inf
[2009/11/20 16:08:26 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.inf
[2009/11/20 16:08:26 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.inf
[2009/11/20 16:08:09 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/11/20 16:08:09 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/11/20 16:08:09 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/11/20 09:58:04 | 04,529,979 | ---- | C] () -- C:\Documents and Settings\doug shaw\Desktop\AFCEE ADP Guide.pdf
[2009/11/19 15:50:10 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/19 15:50:10 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/19 15:50:03 | 00,001,980 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/11/19 13:54:30 | 00,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk
[2009/11/19 13:54:30 | 00,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/11/19 13:54:30 | 00,000,995 | ---- | C] () -- C:\Documents and Settings\doug shaw\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/11/18 15:37:02 | 00,000,060 | ---- | C] () -- C:\exec.drv
[2009/11/18 15:37:01 | 00,001,667 | ---- | C] () -- C:\System Defender.lnk
[2009/11/13 18:05:55 | 00,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bing Maps 3D.lnk
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/10 14:31:13 | 00,000,245 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2008/11/10 17:06:53 | 00,000,439 | ---- | C] () -- C:\WINDOWS\ArcView9x.INI
[2008/10/01 07:50:42 | 00,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2008/02/11 09:06:43 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/22 11:00:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2007/12/18 16:06:16 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\fusioncache.dat
[2007/12/17 15:32:34 | 00,000,418 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2007/12/13 13:38:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\doug shaw\Application Data\desktop.ini
[2007/12/13 13:38:57 | 04,839,456 | -H-- | C] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\IconCache.db
[2007/12/13 13:38:57 | 00,141,536 | ---- | C] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/11/27 14:02:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/11/20 15:43:29 | 00,000,102 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/11/20 15:42:27 | 00,147,506 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/11/20 15:42:27 | 00,049,852 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/10/09 13:54:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/09 13:54:39 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/10/09 13:54:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/10/06 08:27:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/06 08:06:00 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/10/06 08:00:14 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/06 07:58:37 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/10/06 07:58:37 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/10/06 07:58:37 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/10/06 07:58:37 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/10/06 07:58:37 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/10/06 07:58:37 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/10/06 07:52:16 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/06 07:52:16 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/06 07:52:16 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/06 07:52:14 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/06 07:48:35 | 00,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007/10/06 07:48:17 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/10/06 07:47:28 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/10/06 07:47:27 | 09,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/10/06 07:46:25 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/10/06 07:46:11 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/10/06 07:46:11 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/10/06 07:28:28 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/02 05:15:36 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/03/02 05:15:25 | 00,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/01/16 08:12:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 14:20:36 | 00,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/30 00:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 00:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 00:13:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2006/04/30 00:09:54 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2006/04/30 00:09:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2006/04/30 00:09:23 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2006/04/30 00:09:23 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2006/04/29 23:56:30 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2006/04/29 23:56:29 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2006/04/29 23:56:09 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006/04/29 23:56:08 | 00,000,807 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/04/29 23:56:06 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006/04/29 23:56:06 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006/04/29 23:56:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/04/29 23:55:59 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006/04/29 23:55:59 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2006/04/29 23:55:58 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006/04/29 23:55:57 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2006/04/29 23:55:57 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006/04/29 23:55:56 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006/04/29 23:55:56 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2006/04/29 23:55:56 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2006/04/29 23:55:56 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2006/04/29 23:55:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2006/04/29 23:55:56 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006/04/29 23:55:56 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2006/04/29 23:55:55 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006/04/29 23:55:55 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006/04/29 23:55:55 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006/04/29 23:55:51 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006/04/29 23:55:51 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006/04/29 23:55:51 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006/04/29 23:55:51 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006/04/29 23:55:51 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006/04/29 23:55:51 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006/04/29 23:55:51 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006/04/29 23:55:51 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006/04/29 23:55:51 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006/04/29 23:55:51 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006/04/29 23:55:49 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2006/04/29 23:55:45 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006/04/29 23:55:45 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006/04/29 23:55:45 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2006/04/29 23:55:45 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006/04/29 23:55:43 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2006/04/29 23:55:42 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006/04/29 23:55:42 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006/04/29 23:55:41 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006/04/29 23:55:39 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006/04/29 23:55:38 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006/04/29 23:55:38 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006/04/29 23:55:29 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2006/04/29 23:55:28 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2006/04/29 23:55:28 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006/04/29 23:55:27 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006/04/29 23:55:25 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006/04/29 23:55:25 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006/04/29 17:04:29 | 00,554,992 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2006/04/29 17:04:28 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 17:04:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2003/01/29 17:34:30 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/11/28 18:23:16 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\aclibeay.dll
[2001/08/17 15:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/25 15:24:16 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== LOP Check ==========

[2007/10/06 08:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2007/10/06 08:26:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2007/12/13 16:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Adobe
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\administrator.HBA\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\InstallShield
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Lenovo
[2007/10/09 14:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Macromedia
[2009/11/19 13:22:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Malwarebytes
[2009/11/19 13:22:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Microsoft
[2007/10/09 13:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Microsoft Web Folders
[2007/10/09 14:27:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\OfficeUpdate12
[2009/11/19 13:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Windows Desktop Search
[2009/11/19 14:30:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\87dc6
[2008/10/30 06:55:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/25 07:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/09/25 07:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/12/14 14:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/12/14 14:01:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2009/08/31 13:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/11/23 11:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2007/10/06 08:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/10/30 15:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/11/02 08:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/04 16:36:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/11 16:38:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/19 15:49:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/19 14:09:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/03/05 08:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2007/10/06 08:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2007/10/06 07:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/11/19 15:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/10/06 07:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/10/09 10:19:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/11/18 15:36:58 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\WSDDSys
[2008/09/25 07:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/10/06 08:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Adobe
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InstallShield
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2009/05/18 12:07:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Macromedia
[2007/10/06 08:26:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2008/08/21 10:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Adobe
[2009/04/23 07:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Apple Computer
[2007/12/14 14:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Autodesk
[2007/12/17 13:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Corel
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\doug shaw\Application Data\desktop.ini
[2008/02/28 16:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\ESRI
[2008/01/11 16:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Google
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Identities
[2009/08/31 14:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Indigo Renderer
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\InstallShield
[2008/07/29 08:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\InterVideo
[2009/05/01 13:28:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\KONICA MINOLTA
[2008/09/09 07:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Leadertech
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Lenovo
[2007/12/14 13:52:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Macromedia
[2009/11/02 08:39:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Malwarebytes
[2009/10/01 14:21:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\doug shaw\Application Data\Microsoft
[2009/03/05 08:37:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\OfficeUpdate12
[2007/12/28 15:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\pdf995
[2009/03/13 11:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Smith Micro
[2008/09/09 07:29:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Sonic
[2008/01/23 14:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Sun
[2009/05/06 08:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\U3
[2009/03/04 16:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Windows Desktop Search
[2009/03/05 08:16:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Windows Search
[2007/10/06 08:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba\Application Data\Adobe
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\hba\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba\Application Data\InstallShield
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba\Application Data\Lenovo
[2007/10/06 08:26:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\hba\Application Data\Microsoft
[2007/12/13 16:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Adobe
[2007/11/20 15:18:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Autodesk
[2007/11/20 14:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Corel
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\hba.HBA\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\InstallShield
[2007/12/03 08:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Leadertech
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Lenovo
[2007/11/21 18:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Macromedia
[2007/11/27 19:26:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\hba.HBA\Application Data\Microsoft
[2007/11/27 14:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\pdf995
[2007/12/03 08:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Sonic
[2009/03/04 16:37:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/21 10:06:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/11/21 10:06:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2007/10/10 00:30:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/21 10:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/11/23 11:56:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/23 14:01:40 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/11/23 14:02:38 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/11/20 15:36:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2007/10/09 10:11:06 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/11/23 14:01:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

******************
*** Extra.txt ***
******************

OTL Extras logfile created on: 11/23/2009 2:10:25 PM - Run 1
OTL by OldTimer - Version 3.1.7.1 Folder = C:\Documents and Settings\doug shaw\Desktop\New Folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 73.09% Memory free
3.81 Gb Paging File | 3.44 Gb Available in Paging File | 90.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.58 Gb Total Space | 64.29 Gb Free Space | 73.41% Space Free | Partition Type: NTFS
Drive D: | 0.66 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HBA154
Current User Name: doug shaw
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google SketchUp 6\SketchUp.exe" = C:\Program Files\Google\Google SketchUp 6\SketchUp.exe:*:Enabled:SketchUp Application -- (Google, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes -- (Apple Inc.)
"C:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe" = C:\Program Files\Google\Google SketchUp 6\LayOut\LayOut.exe:*:Disabled:LayOut -- (Google, Inc.)
"C:\Documents and Settings\All Users\19f6d40\WS19f6.exe" = C:\Documents and Settings\All Users\19f6d40\WS19f6.exe:*:Enabled:System Defender -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:explorer -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google SketchUp 6\SketchUp.exe" = C:\Program Files\Google\Google SketchUp 6\SketchUp.exe:*:Disabled:SketchUp Application -- (Google, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\drwtsn32.exe" = C:\WINDOWS\system32\drwtsn32.exe:*:Enabled:drwtsn32 -- (Microsoft Corporation)
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe:*:Enabled:SynTPLpr -- (Synaptics, Inc.)
"C:\Program Files\iPod\bin\iPodService.exe" = C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5783F2D7-4009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2006 - English
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{9FE493AC-8DBC-4E29-9D9B-37F8D23CDD8B}" = nXtRender-IRender
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C13AF9C7-8E06-4354-B629-DF6192CE4A66}" = PANTECH UM175 Driver
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{EBEBDE9F-78FA-4E68-820D-78CAF9DD46FF}" = SCR531 Smartcard Reader
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F489174B-CF14-4B4D-84BB-C1AD46EDB412}" = ActivCard Gold for CAC - PKI - Version 3.0 Feature Pack 1
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AwayTask" = Maintenance Manager
"Caligari trueSpace7.6_is1" = Uninstall trueSpace7.6
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"iTimeExpense" = iTime & Expense
"Koi Pond 3D Screensaver (CD Version)_is1" = Koi Pond 3D Screensaver (CD Version) 1.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manual video for trueSpace7.6_is1" = Manual video for trueSpace7.6
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoAdware 5.0_is1" = NoAdware v5.0
"NSISMedia" = NSIS Media Extension
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® PRO Network Connections Drivers
"Python 2.4.1" = Python 2.4.1
"Remove Multimedia Center" = Remove Multimedia Center
"Startup Mechanic" = Startup Mechanic 2.8
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VZAccess Manager" = VZAccess Manager
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/23/2009 2:32:46 PM | Computer Name = HBA154 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/23/2009 2:46:14 PM | Computer Name = HBA154 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/23/2009 2:46:15 PM | Computer Name = HBA154 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/23/2009 2:46:29 PM | Computer Name = HBA154 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/23/2009 4:43:31 PM | Computer Name = HBA154 | Source = Userenv | ID = 1053
Description = Windows cannot determine the user or computer name. (The specified
domain either does not exist or could not be contacted. ). Group Policy processing
aborted.

Error - 11/23/2009 4:43:31 PM | Computer Name = HBA154 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/23/2009 4:43:33 PM | Computer Name = HBA154 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/23/2009 5:01:26 PM | Computer Name = HBA154 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/23/2009 5:01:27 PM | Computer Name = HBA154 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/23/2009 5:02:38 PM | Computer Name = HBA154 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ OSession Events ]
Error - 3/12/2009 3:06:23 PM | Computer Name = HBA154 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6214.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1186
seconds with 600 seconds of active time. This session ended with a crash.

Error - 4/6/2009 11:15:18 AM | Computer Name = HBA154 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6212.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4183
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/23/2009 2:47:53 PM | Computer Name = HBA154 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IDSxpx86

Error - 11/23/2009 2:47:53 PM | Computer Name = HBA154 | Source = Service Control Manager | ID = 7034
Description = The tvtnetwk service terminated unexpectedly. It has done this 1
time(s).

Error - 11/23/2009 4:43:03 PM | Computer Name = HBA154 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/23/2009 4:43:54 PM | Computer Name = HBA154 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 11/23/2009 4:43:54 PM | Computer Name = HBA154 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IDSxpx86

Error - 11/23/2009 4:45:11 PM | Computer Name = HBA154 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain HBA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 11/23/2009 4:46:28 PM | Computer Name = HBA154 | Source = Service Control Manager | ID = 7034
Description = The tvtnetwk service terminated unexpectedly. It has done this 1
time(s).

Error - 11/23/2009 5:01:26 PM | Computer Name = HBA154 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain HBA due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 11/23/2009 5:02:50 PM | Computer Name = HBA154 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IDSxpx86

Error - 11/23/2009 5:02:50 PM | Computer Name = HBA154 | Source = Service Control Manager | ID = 7034
Description = The tvtnetwk service terminated unexpectedly. It has done this 1
time(s).

< End of report >

Attached File(s)

ComboFixLog.txt (21.96K)
Number of downloads: 1
Extras.Txt (51.15K)
Number of downloads: 0
OTL.Txt (149.92K)
Number of downloads: 0

#12 thcbytes

Bleepin' Teacher

Group: Malware Response Instructor
Posts: 11,595
Joined: 09-December 08
Gender:Male

Posted 23 November 2009 - 04:32 PM

Better.

Warning: This script was specifically written and designed for this user only. Unsupervised use of this tool could render your computer unbootable permanently!!

Quote

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zokipayayo"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=-

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
- Update Malwarebytes' Anti-Malware <--- Important!!
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

==========

With your next post please provide:

* Combofix.txt
* MBAM log
* ESET log
* How is it running now?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#13 Bob@work

New Member

Group: Members
Posts: 11
Joined: 12-November 09
Gender:Male
Location:Colorado, USA

Posted 23 November 2009 - 06:19 PM

Wow! Found a lot of things to remove! As before, I've attached the requested files in addition to their contents below.

*********************
*** ComboFixLog.txt ***
*********************

ComboFix 09-11-22.04 - doug shaw 11/23/2009 14:53.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2014.1453 [GMT -7:00]
Running from: c:\documents and settings\doug shaw\Desktop\New Folder\ComboFix\Link 1\thcbytes.exe
Command switches used :: c:\documents and settings\doug shaw\Desktop\New Folder\ComboFix\Link 1\CFScript.txt
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\doug shaw\Local Settings\Application Data\{87B7F847-9543-4081-B210-B2A95349B77D}
c:\documents and settings\doug shaw\Local Settings\Application Data\{87B7F847-9543-4081-B210-B2A95349B77D}\chrome.manifest
c:\documents and settings\doug shaw\Local Settings\Application Data\{87B7F847-9543-4081-B210-B2A95349B77D}\chrome\content\_cfg.js
c:\documents and settings\doug shaw\Local Settings\Application Data\{87B7F847-9543-4081-B210-B2A95349B77D}\chrome\content\c.js
c:\documents and settings\doug shaw\Local Settings\Application Data\{87B7F847-9543-4081-B210-B2A95349B77D}\chrome\content\overlay.xul
c:\documents and settings\doug shaw\Local Settings\Application Data\{87B7F847-9543-4081-B210-B2A95349B77D}\install.rdf

.
((((((((((((((((((((((((( Files Created from 2009-10-23 to 2009-11-23 )))))))))))))))))))))))))))))))
.

2009-11-21 16:59 . 2009-11-21 16:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-11-20 16:54 . 2009-11-19 09:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVENG.SYS
2009-11-20 16:54 . 2009-11-19 09:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\EECTRL.SYS
2009-11-20 16:54 . 2009-11-19 09:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\CCERASER.DLL
2009-11-20 16:54 . 2009-11-19 09:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\ECMSVR32.DLL
2009-11-20 16:54 . 2009-11-19 09:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVENG32.DLL
2009-11-20 16:54 . 2009-11-19 09:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVEX32A.DLL
2009-11-20 16:54 . 2009-11-19 09:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\NAVEX15.SYS
2009-11-20 16:54 . 2009-11-19 09:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091120.005\ERASER.SYS
2009-11-20 15:15 . 2009-11-05 08:30 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-20 15:15 . 2009-11-05 08:30 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-20 15:15 . 2009-11-05 08:30 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-20 15:15 . 2009-11-05 08:30 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-20 15:15 . 2009-11-05 08:30 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-19 22:55 . 2009-11-19 22:55 -------- d-sh--w- c:\documents and settings\administrator.HBA\PrivacIE
2009-11-19 22:50 . 2009-08-26 00:08 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-11-19 22:50 . 2009-11-20 23:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-19 22:50 . 2009-11-20 23:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-11-19 22:50 . 2009-11-05 08:30 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-11-19 22:50 . 2009-11-05 08:30 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-11-19 22:50 . 2009-11-05 08:30 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-11-19 22:49 . 2009-11-19 22:49 1294680 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-11-19 22:49 . 2009-11-05 08:30 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-11-19 22:49 . 2009-11-19 22:49 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-11-19 22:49 . 2009-11-05 08:30 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-11-19 22:49 . 2009-11-19 22:49 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-11-19 22:49 . 2009-11-23 18:02 -------- d-----w- c:\windows\system32\drivers\NIS
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\Norton Internet Security
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\Windows Sidebar
2009-11-19 22:49 . 2009-11-19 22:49 -------- d-----w- c:\program files\NortonInstaller
2009-11-19 21:09 . 2009-11-19 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-19 21:09 . 2009-11-19 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-11-19 20:57 . 2009-11-19 20:57 -------- d-----w- c:\documents and settings\administrator.HBA\Local Settings\Application Data\Apple Computer
2009-11-19 20:22 . 2009-11-19 20:22 -------- d-----w- c:\documents and settings\administrator.HBA\Application Data\Malwarebytes
2009-11-19 20:22 . 2009-11-19 20:22 -------- d-----w- c:\documents and settings\administrator.HBA\Local Settings\Application Data\Identities
2009-11-19 20:22 . 2009-11-19 20:22 -------- d-----w- c:\documents and settings\administrator.HBA\Application Data\Windows Desktop Search
2009-11-19 20:21 . 2009-11-19 20:21 -------- d-sh--w- c:\documents and settings\administrator.HBA\IETldCache
2009-11-18 22:37 . 2009-11-18 22:37 60 ----a-w- C:\exec.drv
2009-11-18 22:37 . 2009-11-19 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\87dc6
2009-11-18 22:36 . 2009-11-18 22:36 -------- d-sh--w- c:\documents and settings\All Users\Application Data\WSDDSys
2009-11-18 22:36 . 2009-11-19 21:30 -------- d-sh--w- c:\documents and settings\All Users\19f6d40
2009-11-02 15:39 . 2009-11-02 15:39 -------- d-----w- c:\documents and settings\doug shaw\Application Data\Malwarebytes
2009-11-02 15:39 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-02 15:39 . 2009-11-21 16:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-02 15:39 . 2009-11-02 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-02 15:39 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-30 22:04 . 2009-10-30 22:04 -------- d-----w- c:\documents and settings\doug shaw\Local Settings\Application Data\Symantec
2009-10-27 13:22 . 2009-10-27 13:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-23 18:03 . 2009-02-02 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-20 23:08 . 2009-11-19 22:50 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-20 23:08 . 2009-11-19 22:50 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-20 23:08 . 2007-10-11 16:18 -------- d-----w- c:\program files\Symantec
2009-11-19 22:55 . 2007-10-06 15:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-19 22:48 . 2007-10-06 15:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-14 01:17 . 2007-11-20 22:42 -------- d-----w- c:\program files\pdf995
2009-11-14 01:06 . 2007-12-13 20:38 141536 ----a-w- c:\documents and settings\doug shaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 01:05 . 2008-07-16 03:46 -------- d-----w- c:\program files\Virtual Earth 3D
2009-11-11 23:38 . 2007-10-06 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 19:45 . 2007-10-06 15:23 141536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 16:46 . 2007-10-06 15:06 -------- d-----w- c:\program files\Picasa2
2009-10-30 22:04 . 2007-10-06 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Lenovo
2009-10-10 21:31 . 2009-10-10 21:31 -------- d-----w- c:\program files\Render Plus Systems
2009-10-10 21:31 . 2007-10-06 14:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-06 22:41 . 2009-03-04 23:35 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-06 22:17 . 2009-10-06 22:17 -------- d-----w- c:\program files\MSBuild
2009-10-06 22:17 . 2009-10-06 22:17 -------- d-----w- c:\program files\Reference Assemblies
2009-10-06 22:07 . 2009-03-04 23:25 -------- d-----w- c:\program files\Microsoft Works
2009-10-06 21:59 . 2009-10-06 21:59 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-11 14:18 . 2006-04-30 06:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-04-30 06:55 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-04-30 06:56 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2006-04-30 06:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-03-21 14:06 . 2006-04-30 06:55 24064 --sha-w- c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\scandisk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-11-23_18.47.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-23 21:02 . 2009-11-23 21:02 16384 c:\windows\Temp\Perflib_Perfdata_400.dat
+ 2009-11-23 21:01 . 2009-11-23 21:01 16384 c:\windows\Temp\Perflib_Perfdata_160.dat
+ 2006-04-30 06:55 . 2009-11-23 21:06 79360 c:\windows\system32\perfc009.dat
- 2006-04-30 06:55 . 2009-11-23 18:50 79360 c:\windows\system32\perfc009.dat
+ 2006-04-30 06:55 . 2009-11-23 21:06 465640 c:\windows\system32\perfh009.dat
- 2006-04-30 06:55 . 2009-11-23 18:50 465640 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"Startup Manager Scanner"="c:\program files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-09 1015808]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-17 8433664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"acEventServ"="c:\program files\ActivCard\ActivCard Gold\acevtsrv.exe" [2003-07-01 28672]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2007-03-30 181808]

c:\documents and settings\doug shaw\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ActivCard Gold Smart Card Agent.lnk - c:\program files\ActivCard\ActivCard Gold\agquickp.exe [2003-3-19 147456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 02:06 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acAuth]
2002-12-17 17:11 65536 ----a-w- c:\windows\system32\acauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD LT Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD LT Startup Accelerator.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1007020.00B\SymEFA.sys [11/20/2009 4:08 PM 310320]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [3/2/2007 5:47 PM 19760]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1007020.00B\BHDrvx86.sys [11/20/2009 4:08 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1007020.00B\cchpx86.sys [11/20/2009 4:08 PM 482432]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\Common Files\ActivCard\acachsrv.exe [12/17/2002 7:38 AM 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [11/29/2002 1:43 PM 53248]
R2 acautoupdate;ActivCard Auto-Update Service;c:\program files\Common Files\ActivCard\acautoup.exe [3/24/2003 12:39 PM 36864]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [8/12/2002 3:54 PM 159744]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [11/20/2009 4:08 PM 117640]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2/8/2007 1:11 PM 569344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [11/19/2009 2:00 AM 102448]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [9/13/2006 12:42 PM 35264]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [11/20/2009 8:15 AM 329592]
S2 gupdate1c98574bd995916;Google Update Service (gupdate1c98574bd995916);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2009 1:27 PM 133104]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [3/13/2009 10:56 AM 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [3/13/2009 10:56 AM 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [3/13/2009 10:56 AM 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [3/13/2009 10:56 AM 59776]
S3 SCR131C;SCRx31 Serial Smart Card Reader;c:\windows\system32\drivers\SCR131C.sys [11/7/2002 3:04 AM 181875]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader;c:\windows\system32\drivers\SCR33X2K.sys [4/6/2004 3:24 AM 64088]
.
Contents of the 'Scheduled Tasks' folder

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-11-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2009-11-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-06 04:38]

2009-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:27]

2009-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-02 20:27]

2007-10-09 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-10-06 16:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com/
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {9F7456B5-4F94-4DE0-B5F1-10D3A0AC21D9} = 10.0.0.1,66.180.96.12
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 15:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(464)
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2009-11-23 15:02
ComboFix-quarantined-files.txt 2009-11-23 22:01
ComboFix2.txt 2009-11-23 21:07
ComboFix3.txt 2009-11-23 18:53

Pre-Run: 68,995,661,824 bytes free
Post-Run: 68,981,559,296 bytes free

- - End Of File - - 7EC979FE29586F9CB811693355B9139A

********************
*** MBAM Log ***
********************

Malwarebytes' Anti-Malware 1.41
Database version: 3219
Windows 5.1.2600 Service Pack 3

11/23/2009 3:11:04 PM
mbam-log-2009-11-23 (15-11-04).txt

Scan type: Quick Scan
Objects scanned: 159979
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=233&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=233&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=233&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=233&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=233&q={searchTerms}) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\WSDDSys (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\config\Systemprofile\Start Menu\Programs\Startup\scandisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WSDDSys\wsd.cfg (Rogue.WindowsSystemDefender) -> Quarantined and deleted successfully.

********************
*** ESETscan.txt ***
********************

C:\Program Files\NoAdware\NoAdware5.exe probably a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined
C:\Program Files\NoAdware\nutilities.dll Win32/NoAdware application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\[4]-Submit_2009-11-23_13.52.29.zip a variant of Win32/Kryptik.AKJ trojan deleted - quarantined
C:\Qoobox\Quarantine\C\xrvho.exe.vir a variant of Win32/PSW.WOW.NND trojan deleted - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\lomehane.dll.vir a variant of Win32/Kryptik.BEG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\lotonene.dll.vir a variant of Win32/Kryptik.BBO trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\rimolodo.dll.vir a variant of Win32/Kryptik.BEG trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00DDAC0.dat.vir a variant of Win32/Kryptik.AKJ trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\iaStor.sys.vir Win32/Olmarik.OF virus deleted - quarantined
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP1\A0000027.exe a variant of Win32/Kryptik.AKJ trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP1\A0000029.dll a variant of Win32/Kryptik.BEG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP1\A0000031.dll a variant of Win32/Kryptik.BEG trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP1\A0000034.exe a variant of Win32/PSW.WOW.NND trojan deleted - quarantined
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP1\A0000290.exe probably a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined
C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP1\A0000291.dll Win32/NoAdware application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6PV5U7WZ\zfyczmdak[1].htm a variant of Win32/PSW.WOW.NND trojan deleted - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ISYKYJEF\atdnabbc[1].htm a variant of Win32/Kryptik.BDP trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ISYKYJEF\jcmjwxthui[1].htm a variant of Win32/Kryptik.BCR trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ISYKYJEF\jyfbcc[1].htm a variant of Win32/Kryptik.AKJ trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K5UO1WS2\djgtguhvvf[1].htm a variant of Win32/Kryptik.BAS trojan cleaned by deleting - quarantined

********************
*** How is it running? ***
********************

Well, There are no popups or other alerts from IE or Norton, but we've disconnected from the web unless the instructions indicate a download is required.
Seems to be stable and I've got access to the all of my files and folders.

Thanks, again, for your help. What's next?

Attached File(s)

ComboFixLog.txt (20.17K)
Number of downloads: 1
ESETscan.txt (2.95K)
Number of downloads: 0
mbam_log_2009_11_23__15_11_04_.txt (2.28K)
Number of downloads: 0

#14 thcbytes

Bleepin' Teacher

Group: Malware Response Instructor
Posts: 11,595
Joined: 09-December 08
Gender:Male

Posted 23 November 2009 - 06:59 PM

You have been a pleasure to help.

We need to re-run MBAM and make sure its clean.

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
- Update Malwarebytes' Anti-Malware <--- Important!!
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
A report will open, copy and paste it in a reply here

==========

With your next post please provide:

* MBAM log
* OTL.txt
* Make sure you AV is on any surf a bit. Everything ok?

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

#15 Bob@work

New Member

Group: Members
Posts: 11
Joined: 12-November 09
Gender:Male
Location:Colorado, USA

Posted 24 November 2009 - 10:39 AM

thcbytes,

Good morning! OK, ran the scans and here are the results:

******************************
*** MBAM ***
******************************
Malwarebytes' Anti-Malware 1.41
Database version: 3222
Windows 5.1.2600 Service Pack 3

11/24/2009 8:21:29 AM
mbam-log-2009-11-24 (08-21-29).txt

Scan type: Quick Scan
Objects scanned: 160044
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

********************************
*** OTL ***
********************************
OTL logfile created on: 11/24/2009 8:26:11 AM - Run 2
OTL by OldTimer - Version 3.1.7.1 Folder = C:\Documents and Settings\doug shaw\Desktop\New Folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 72.06% Memory free
3.81 Gb Paging File | 3.42 Gb Available in Paging File | 89.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.58 Gb Total Space | 64.19 Gb Free Space | 73.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HBA154
Current User Name: doug shaw
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/23 13:38:46 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\doug shaw\Desktop\New Folder\OTL.exe
PRC - [2009/08/25 17:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2009/08/25 17:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
PRC - [2008/09/10 16:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/05 15:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 15:04:18 | 00,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 15:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 14:58:40 | 00,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/05/31 03:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/05/17 08:53:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/04/09 00:23:56 | 01,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/29 18:40:48 | 00,181,808 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/03/21 13:42:38 | 00,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/03/08 22:49:42 | 00,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/07 21:16:48 | 00,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/03/02 17:49:00 | 00,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/02/08 13:19:36 | 01,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/02/08 13:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 13:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/08 13:00:06 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 11:40:16 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/02/05 16:52:10 | 00,849,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2007/01/30 18:45:42 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/01/30 18:37:50 | 00,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/01/29 20:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/15 16:50:52 | 00,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/11/07 03:51:40 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/09/06 00:39:10 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/23 21:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 16:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/13 22:17:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/13 22:16:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2006/02/02 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2004/09/05 11:01:51 | 00,086,016 | ---- | M] () -- C:\Program Files\Startup Mechanic\StartupMonitor.exe
PRC - [2003/07/01 06:42:24 | 00,028,672 | ---- | M] (ActivCard) -- C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
PRC - [2003/03/24 12:39:22 | 00,036,864 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoup.exe
PRC - [2003/03/19 09:27:24 | 00,147,456 | ---- | M] (ActivCard) -- C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
PRC - [2002/12/17 07:38:20 | 00,135,168 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe
PRC - [2002/11/29 13:43:58 | 00,053,248 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe
PRC - [2002/08/12 15:54:58 | 00,159,744 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\accoca.exe

========== Modules (SafeList) ==========

MOD - [2009/11/23 13:38:46 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\doug shaw\Desktop\New Folder\OTL.exe
MOD - [2009/08/25 17:09:06 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\asOEHook.dll
MOD - [2008/04/13 17:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 17:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2006/02/13 22:17:12 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/08/25 17:09:09 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2009/03/23 21:38:25 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/20 18:10:15 | 03,093,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/02/02 13:27:55 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98574bd995916) Google Update Service (gupdate1c98574bd995916)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/12/14 14:56:34 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/20 14:05:37 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/07/05 15:05:04 | 00,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 15:03:32 | 00,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/05/31 03:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/05/17 08:53:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/03/21 13:42:38 | 00,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2007/03/02 17:49:00 | 00,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/02/08 13:19:36 | 01,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/02/08 13:11:32 | 00,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 13:09:58 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 11:40:16 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/30 18:45:42 | 00,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/01/30 18:37:50 | 00,644,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/01/29 20:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/15 16:50:52 | 00,011,776 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/23 21:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/04/14 10:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/06 18:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf)
SRV - [2003/03/24 12:39:22 | 00,036,864 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoup.exe -- (acautoupdate)
SRV - [2002/12/17 07:38:20 | 00,135,168 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\acachsrv.exe -- (ACachSrv)
SRV - [2002/11/29 13:43:58 | 00,053,248 | ---- | M] (ActivCard S.A.) -- C:\Program Files\Common Files\ActivCard\acautoreg.exe -- (acautoreg)
SRV - [2002/08/12 15:54:58 | 00,159,744 | ---- | M] (ActivCard) -- C:\Program Files\Common Files\ActivCard\accoca.exe -- (Accoca)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com/
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\S-1-5-21-14295905-1311783717-581009308-1626\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-14295905-1311783717-581009308-1626\S-1-5-21-14295905-1311783717-581009308-1626\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/07 07:31:13 | 00,000,000 | ---D | M]

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [acEventServ] C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe (ActivCard)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk = C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe (ActivCard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\doug shaw\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-14295905-1311783717-581009308-1626_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.microsoft.com/download/7/0...tualEarth3D.cab (SentinelVE3D Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BB1D69B-A780-4BE1-876E-F3D488877135} http://download.microsoft.com/download/3/B...tualEarth3D.cab (SentinelProxy Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1254864159418 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hbaa.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\acAuth: DllName - acauth.dll - C:\WINDOWS\System32\acauth.dll (ActivCard)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 00:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/11/23 15:16:59 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/23 15:06:32 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\doug shaw\Desktop\mbam-setup.exe
[2009/11/23 14:47:01 | 00,000,000 | ---D | C] -- C:\thcbytes
[2009/11/23 11:27:21 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/23 11:24:14 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/23 11:24:14 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/23 11:24:14 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/23 11:24:14 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/23 11:22:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/23 11:22:01 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/23 11:18:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\doug shaw\Desktop\New Folder
[2009/11/20 16:08:27 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.sys
[2009/11/20 16:08:27 | 00,217,136 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symtdi.sys
[2009/11/20 16:08:27 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symfw.sys
[2009/11/20 16:08:27 | 00,048,688 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndisv.sys
[2009/11/20 16:08:27 | 00,036,400 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symndis.sys
[2009/11/20 16:08:27 | 00,033,072 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symids.sys
[2009/11/20 16:08:26 | 00,308,272 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.sys
[2009/11/20 16:08:26 | 00,259,632 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
[2009/11/20 16:08:26 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.sys
[2009/11/20 16:08:11 | 00,482,432 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/11/20 16:08:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1007020.00B
[2009/11/19 15:50:24 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/11/19 15:50:10 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/19 15:50:10 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/19 15:49:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/11/19 15:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/11/19 15:49:39 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/11/19 15:49:24 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/11/19 14:09:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/19 14:09:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/11/18 15:37:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\87dc6
[2009/11/18 15:36:40 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\19f6d40
[2009/11/11 12:44:31 | 00,033,996 | ---- | C] () -- C:\WINDOWS\Fonts\posthuman.ttf
[2009/11/11 12:44:31 | 00,026,848 | ---- | C] () -- C:\WINDOWS\Fonts\Laffayette_Comic_Pro.ttf
[2009/11/11 12:44:31 | 00,026,604 | ---- | C] () -- C:\WINDOWS\Fonts\Go Boom!.ttf
[2009/11/11 12:44:31 | 00,026,444 | ---- | C] () -- C:\WINDOWS\Fonts\SWINSBRG.TTF
[2007/10/06 07:47:27 | 00,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/10/06 07:47:27 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/11/24 08:11:18 | 00,465,640 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/24 08:11:18 | 00,079,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/24 08:11:17 | 00,554,992 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/24 08:07:15 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/24 08:07:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/11/24 08:07:08 | 00,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2009/11/24 08:07:08 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/11/24 08:06:59 | 00,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2009/11/24 08:06:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/24 08:06:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/24 08:06:52 | 21,121,39264 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/23 16:32:23 | 08,388,608 | -H-- | M] () -- C:\Documents and Settings\doug shaw\NTUSER.DAT
[2009/11/23 15:56:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/23 15:36:11 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/23 15:07:13 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 15:00:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/23 14:02:51 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/23 14:00:21 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\fuwelawu
[2009/11/23 13:52:33 | 00,655,374 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/11/23 11:44:55 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\doug shaw\ntuser.ini
[2009/11/23 11:27:28 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/21 10:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/21 09:44:16 | 00,001,980 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/11/20 16:08:27 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/11/20 16:08:27 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/11/20 16:08:27 | 00,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/20 16:08:27 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/20 16:08:11 | 00,482,432 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\cchpx86.sys
[2009/11/20 16:08:09 | 00,009,412 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/11/20 16:08:09 | 00,001,562 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/11/20 16:08:09 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/11/20 14:57:40 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\doug shaw\Desktop\Outlook 2007.lnk
[2009/11/20 09:58:04 | 04,529,979 | ---- | M] () -- C:\Documents and Settings\doug shaw\Desktop\AFCEE ADP Guide.pdf
[2009/11/19 14:04:23 | 00,000,807 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/19 14:04:23 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/11/18 16:20:28 | 00,050,688 | ---- | M] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/18 15:37:02 | 00,000,060 | ---- | M] () -- C:\exec.drv
[2009/11/18 15:37:01 | 00,001,667 | ---- | M] () -- C:\System Defender.lnk
[2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/11/13 18:06:15 | 00,141,536 | ---- | M] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/13 18:05:55 | 00,001,809 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bing Maps 3D.lnk
[2009/11/11 16:41:37 | 00,436,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/11 11:22:04 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\doug shaw\Desktop\mbam-setup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/23 15:07:13 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/23 11:27:28 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/23 11:27:22 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/23 11:24:14 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/23 11:24:14 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/23 11:24:14 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/11/23 11:24:14 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/23 11:24:14 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/21 09:44:59 | 00,655,374 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\Cat.DB
[2009/11/20 16:08:27 | 00,009,402 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.cat
[2009/11/20 16:08:27 | 00,001,561 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNet.inf
[2009/11/20 16:08:26 | 00,007,431 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.cat
[2009/11/20 16:08:26 | 00,007,429 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.cat
[2009/11/20 16:08:26 | 00,007,425 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.cat
[2009/11/20 16:08:26 | 00,007,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\bhdrvx86.cat
[2009/11/20 16:08:26 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.cat
[2009/11/20 16:08:26 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymEFA.inf
[2009/11/20 16:08:26 | 00,001,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\ccHPx86.inf
[2009/11/20 16:08:26 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtspx.inf
[2009/11/20 16:08:26 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\srtsp.inf
[2009/11/20 16:08:26 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.inf
[2009/11/20 16:08:09 | 00,009,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\symnetv.cat
[2009/11/20 16:08:09 | 00,001,562 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\SymNetV.inf
[2009/11/20 16:08:09 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1007020.00B\isolate.ini
[2009/11/20 09:58:04 | 04,529,979 | ---- | C] () -- C:\Documents and Settings\doug shaw\Desktop\AFCEE ADP Guide.pdf
[2009/11/19 15:50:10 | 00,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/11/19 15:50:10 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/11/19 15:50:03 | 00,001,980 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.lnk
[2009/11/19 13:54:30 | 00,001,855 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ActivCard Gold Smart Card Agent.lnk
[2009/11/19 13:54:30 | 00,001,794 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/11/19 13:54:30 | 00,000,995 | ---- | C] () -- C:\Documents and Settings\doug shaw\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/11/18 15:37:02 | 00,000,060 | ---- | C] () -- C:\exec.drv
[2009/11/18 15:37:01 | 00,001,667 | ---- | C] () -- C:\System Defender.lnk
[2009/11/13 18:05:55 | 00,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bing Maps 3D.lnk
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/10 14:31:13 | 00,000,245 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2008/11/10 17:06:53 | 00,000,439 | ---- | C] () -- C:\WINDOWS\ArcView9x.INI
[2008/10/01 07:50:42 | 00,001,129 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI
[2008/02/11 09:06:43 | 00,050,688 | ---- | C] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/22 11:00:41 | 00,000,061 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2007/12/18 16:06:16 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\fusioncache.dat
[2007/12/17 15:32:34 | 00,000,418 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2007/12/13 13:38:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\doug shaw\Application Data\desktop.ini
[2007/12/13 13:38:57 | 04,839,456 | -H-- | C] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\IconCache.db
[2007/12/13 13:38:57 | 00,141,536 | ---- | C] () -- C:\Documents and Settings\doug shaw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/11/27 14:02:11 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/11/20 15:43:29 | 00,000,102 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/11/20 15:42:27 | 00,147,506 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2007/11/20 15:42:27 | 00,049,852 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/10/09 13:54:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/09 13:54:39 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/10/09 13:54:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007/10/06 08:27:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/10/06 08:06:00 | 00,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/10/06 08:00:14 | 00,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/06 07:58:37 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/10/06 07:58:37 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/10/06 07:58:37 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/10/06 07:58:37 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/10/06 07:58:37 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/10/06 07:58:37 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/10/06 07:52:16 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/10/06 07:52:16 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/10/06 07:52:16 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/10/06 07:52:14 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/10/06 07:48:35 | 00,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007/10/06 07:48:17 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/10/06 07:47:28 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/10/06 07:47:27 | 09,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/10/06 07:46:25 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/10/06 07:46:11 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/10/06 07:46:11 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/10/06 07:28:28 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/03/02 05:15:36 | 00,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/03/02 05:15:25 | 00,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/01/16 08:12:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 14:20:36 | 00,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/30 00:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 00:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 00:13:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2006/04/30 00:09:54 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2006/04/30 00:09:54 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2006/04/30 00:09:23 | 00,013,223 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2006/04/30 00:09:23 | 00,001,931 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2006/04/29 23:56:30 | 00,004,126 | ---- | C] () -- C:\WINDOWS\System32\msdxmlc.dll
[2006/04/29 23:56:29 | 00,498,742 | ---- | C] () -- C:\WINDOWS\System32\dxmasf.dll
[2006/04/29 23:56:09 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2006/04/29 23:56:08 | 00,000,807 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/04/29 23:56:06 | 00,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2006/04/29 23:56:06 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2006/04/29 23:56:05 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2006/04/29 23:55:59 | 00,270,848 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2006/04/29 23:55:59 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2006/04/29 23:55:58 | 00,012,082 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2006/04/29 23:55:57 | 01,291,264 | ---- | C] () -- C:\WINDOWS\System32\quartz.dll
[2006/04/29 23:55:57 | 00,003,458 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2006/04/29 23:55:56 | 00,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2006/04/29 23:55:56 | 00,562,176 | ---- | C] () -- C:\WINDOWS\System32\qedit.dll
[2006/04/29 23:55:56 | 00,386,048 | ---- | C] () -- C:\WINDOWS\System32\qdvd.dll
[2006/04/29 23:55:56 | 00,279,040 | ---- | C] () -- C:\WINDOWS\System32\qdv.dll
[2006/04/29 23:55:56 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\qcap.dll
[2006/04/29 23:55:56 | 00,006,877 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2006/04/29 23:55:56 | 00,000,343 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2006/04/29 23:55:55 | 00,002,891 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2006/04/29 23:55:55 | 00,002,732 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2006/04/29 23:55:55 | 00,001,152 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2006/04/29 23:55:51 | 00,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2006/04/29 23:55:51 | 00,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2006/04/29 23:55:51 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2006/04/29 23:55:51 | 00,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2006/04/29 23:55:51 | 00,033,840 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2006/04/29 23:55:51 | 00,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2006/04/29 23:55:51 | 00,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2006/04/29 23:55:51 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2006/04/29 23:55:51 | 00,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2006/04/29 23:55:51 | 00,027,866 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2006/04/29 23:55:49 | 00,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2006/04/29 23:55:45 | 00,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2006/04/29 23:55:45 | 00,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2006/04/29 23:55:45 | 00,010,110 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2006/04/29 23:55:45 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006/04/29 23:55:43 | 00,035,328 | ---- | C] () -- C:\WINDOWS\System32\mciqtz32.dll
[2006/04/29 23:55:42 | 00,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2006/04/29 23:55:42 | 00,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2006/04/29 23:55:41 | 00,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2006/04/29 23:55:39 | 00,004,768 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2006/04/29 23:55:38 | 01,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2006/04/29 23:55:38 | 00,186,880 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2006/04/29 23:55:29 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\devenum.dll
[2006/04/29 23:55:28 | 00,252,928 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2006/04/29 23:55:28 | 00,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2006/04/29 23:55:27 | 00,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006/04/29 23:55:25 | 00,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2006/04/29 23:55:25 | 00,009,029 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2006/04/29 17:04:29 | 00,554,992 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2006/04/29 17:04:28 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/29 17:04:07 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2003/01/29 17:34:30 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2002/11/28 18:23:16 | 00,684,032 | ---- | C] () -- C:\WINDOWS\System32\aclibeay.dll
[2001/08/17 15:36:28 | 00,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[1999/01/22 11:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/25 15:24:16 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== LOP Check ==========

[2007/10/06 08:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lenovo
[2007/10/06 08:26:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2007/12/13 16:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Adobe
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\administrator.HBA\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\InstallShield
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Lenovo
[2007/10/09 14:17:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Macromedia
[2009/11/19 13:22:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Malwarebytes
[2009/11/19 13:22:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Microsoft
[2007/10/09 13:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Microsoft Web Folders
[2007/10/09 14:27:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\OfficeUpdate12
[2009/11/19 13:22:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\administrator.HBA\Application Data\Windows Desktop Search
[2009/11/19 14:30:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\87dc6
[2008/10/30 06:55:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/09/25 07:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/09/25 07:34:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2007/12/14 14:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/12/14 14:01:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESRI
[2009/08/31 13:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/11/23 11:03:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2007/10/06 08:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/10/30 15:04:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/11/02 08:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/04 16:36:07 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/11 16:38:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/19 15:49:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/19 14:09:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/03/05 08:18:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2007/10/06 08:05:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2007/10/06 07:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/11/19 15:48:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2007/10/06 07:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/10/09 10:19:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/09/25 07:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/10/06 08:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Adobe
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Default User\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InstallShield
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Lenovo
[2009/05/18 12:07:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Macromedia
[2007/10/06 08:26:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2008/08/21 10:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Adobe
[2009/04/23 07:52:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Apple Computer
[2007/12/14 14:58:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Autodesk
[2007/12/17 13:35:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Corel
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\doug shaw\Application Data\desktop.ini
[2008/02/28 16:42:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\ESRI
[2008/01/11 16:39:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Google
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Identities
[2009/08/31 14:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Indigo Renderer
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\InstallShield
[2008/07/29 08:13:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\InterVideo
[2009/05/01 13:28:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\KONICA MINOLTA
[2008/09/09 07:29:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Leadertech
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Lenovo
[2007/12/14 13:52:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Macromedia
[2009/11/02 08:39:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Malwarebytes
[2009/10/01 14:21:22 | 00,000,000 | --SD | M] -- C:\Documents and Settings\doug shaw\Application Data\Microsoft
[2009/03/05 08:37:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\OfficeUpdate12
[2007/12/28 15:28:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\pdf995
[2009/03/13 11:00:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Smith Micro
[2008/09/09 07:29:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Sonic
[2008/01/23 14:34:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Sun
[2009/05/06 08:55:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\U3
[2009/03/04 16:36:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Windows Desktop Search
[2009/03/05 08:16:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\doug shaw\Application Data\Windows Search
[2007/10/06 08:04:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba\Application Data\Adobe
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\hba\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba\Application Data\InstallShield
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba\Application Data\Lenovo
[2007/10/06 08:26:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\hba\Application Data\Microsoft
[2007/12/13 16:50:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Adobe
[2007/11/20 15:18:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Autodesk
[2007/11/20 14:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Corel
[2006/04/29 17:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\hba.HBA\Application Data\desktop.ini
[2007/10/06 07:19:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Identities
[2007/10/06 07:47:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\InstallShield
[2007/12/03 08:43:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Leadertech
[2007/10/06 08:12:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Lenovo
[2007/11/21 18:59:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Macromedia
[2007/11/27 19:26:56 | 00,000,000 | --SD | M] -- C:\Documents and Settings\hba.HBA\Application Data\Microsoft
[2007/11/27 14:02:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\pdf995
[2007/12/03 08:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\hba.HBA\Application Data\Sonic
[2009/03/04 16:37:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/21 10:06:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2009/11/21 10:06:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2007/10/10 00:30:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/21 10:11:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/11/23 15:56:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/24 08:07:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/11/24 08:07:08 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/11/23 15:36:11 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2007/10/09 10:11:06 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/11/24 08:06:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

************

It'll be a few hours before our IT manager arrives and we can re-install our corporate Norton suite. We had to install a stand-alone copy last week when this whole mess started.

I'll post a report of performance once that's done, in the mean time, we're keeping the computer off the network.