Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with DNS Changer....


  • This topic is locked This topic is locked
18 replies to this topic

#1 man2know

man2know

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 16 February 2009 - 11:09 PM

New forum member in need of assistance please.

Infected PC - Lenovo T60, WinXP Professional SP2, Work Laptop, Home wireless connection, CDRW. Two days ago picked up the nasty booger along with MS Anti(something) 2009. Able to remove MS Anti-??? 2009 (enough) to keep application from constantly running. Then was able to run AVG Anti-virus to clean up a little more. AVG run now shows no infections.....however, not so.

Have tried to install various removal tools to no avail....in both standard and safe mode.....same M.O. as I've read in previous bleepingcomputer forum post. Unable to access removal sites. When able to download Malwarebytes and "other" tools, programs will not launch/run.

Was able to use spare laptop (IBM Thinkpad T21, Win2000, CDR only...no burner) to rename and save DDS file (DDS log below) to removeable thumb drive and install and run on infected T60 laptop.

Thanks in advance for any assistance.......will be working toward resolution throughout the night.


DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by tcreel at 22:22:56.96 on Mon 02/16/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1721 [GMT -5:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated)
AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Outdated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
E:\crap..scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.yahoo.com
uSearchMigratedDefaultURL =
uSearch Bar = hxxp://www.google.com
uStart Page = hxxp://infozone-usb.insight.com
mDefault_Page_URL = www.yahoo.com
mSearch Page = hxxp://www.yahoo.com
mStart Page = hxxp://infozone-usb.insight.com
mSearch Bar =
mSearchMigratedDefaultURL =
uInternet Settings,ProxyServer = hqisa01.hq.insight.com:8080
uInternet Settings,ProxyOverride = ;*.local;<local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {0BD071A6-C989-49E8-9B8E-80F92A868E26} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Win32-DNSChanger: {930e7881-d9f3-4293-a24b-23a80c013378} - c:\windows\system32\fejokt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [USB2Check] "RUNDLL32.EXE" "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [TVT Scheduler Proxy] "c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe"
mRun: [TPKMAPHELPER] "c:\program files\thinkpad\utilities\TpKmapAp.exe" -helper
mRun: [TP4EX] tp4ex.exe
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SoundMAXPnP] "c:\program files\analog devices\core\smax4pnp.exe"
mRun: [SAP_WUS_UNT] "c:\program files\sap\sapsetup\setup\updater\NwSapSetupUserNotificationTool.exe"
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [OfficeScanNT Monitor] "c:\program files\tmicro\officescan client\pccntmon.exe" -HideWindow
mRun: [matray] "c:\program files\triactive\microagent\bin\matray-2.0.23.exe"
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [Desktop Authority GUI] "c:\program files\desktopauthority\rmgui.exe"
mRun: [<NO NAME>]
dRun: [Communicator] "c:\program files\microsoft office communicator\Communicator.exe"
mExplorerRun: [some] c:\program files\web technologies\wcs.exe
mExplorerRun: [start] c:\program files\web technologies\iebtm.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{24c67b54-0718-445e-b663-3138d9246bd1}\Icon3E5562ED7.ico
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: HideLegacyLogonScripts = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: bmnet.dll
Trusted Zone: hqris1
Trusted Zone: hqris1
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203706036330
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} - hxxp://fdl.msn.com/public/investor/v9/ticker.cab
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: crypt - crypts.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: DAinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {ecc974ae-6ede-44a2-90da-93b996d8eaf8} - No File
LSA: Notification Packages = scecli psqlpwd

============= SERVICES / DRIVERS ===============

R0 cdburner;cdburner;c:\windows\system32\drivers\cdburner.sys [2008-10-12 15872]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2007-7-2 307984]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys --> c:\windows\system32\drivers\ntcdrdrv.sys [?]
S1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2008-10-5 33824]
S1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2008-2-25 4442]
S2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\desktopauthority\DAInfo.sys [2008-2-21 13240]
S2 DAMaint;Desktop Authority Maintenance Service;c:\program files\desktopauthority\DaMaint.exe [2008-2-21 59576]
S2 DAtf;Desktop Authority Token Factory;c:\program files\desktopauthority\DAtf.sys [2008-2-21 11448]
S2 DesktopAuthority;Desktop Authority Service;c:\program files\desktopauthority\DesktopAuthority.exe [2008-2-21 1235128]
S2 MA;TriActive MicroAgent;c:\program files\triactive\microagent\bin\ma.exe [2008-4-15 1425408]
S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\sap\sapsetup\setup\updater\NwSapAutoWorkstationUpdateService.exe [2008-10-10 251248]
S2 SLClient;ScriptLogic Service;c:\windows\system32\slClient.exe [2008-2-21 546472]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-8-14 10896]
S2 TmFilter;Trend Micro Filter;c:\program files\tmicro\officescan client\TmXpflt.sys [2007-7-2 205328]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files\tmicro\officescan client\TmPreflt.sys [2007-7-2 36368]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\drivers\apusbsnt.sys [2008-6-13 40064]
S3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2008-2-21 9528]
S3 DsAudioDevice_207;DsAudioDevice_207;c:\windows\system32\drivers\DsAudioDevice_207.sys [2009-1-19 16640]
S3 DsAudioDevice_310;DsAudioDevice_310;c:\windows\system32\drivers\DsAudioDevice_310.sys [2009-1-19 16640]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-10-16 3768]
S3 TmPfw;OfficeScan NT Firewall;c:\program files\tmicro\officescan client\TmPfw.exe [2007-7-2 943696]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WmaCAudio;WmaCAudio;c:\windows\system32\drivers\WmaCAudio.sys [2008-12-11 23096]
S3 WmaCVideo;WmaCVideo;c:\windows\system32\drivers\WmaCVideo.sys [2008-12-11 3768]
S3 wsvad_driver;WS Audio Device;c:\windows\system32\drivers\VirtualAudio.sys [2008-10-11 16896]

=============== Created Last 30 ================

2009-02-16 17:13 <DIR> --d----- c:\docume~1\tcreel\applic~1\DriverCure
2009-02-16 17:13 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-02-16 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-02-16 17:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverCure
2009-02-16 12:00 164 a------- C:\install.dat
2009-02-16 11:37 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-16 09:03 1,553,272 a------- c:\windows\WRSetup.dll
2009-02-15 22:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-14 23:25 14,848 a------- c:\windows\system32\drivers\sskbfd.sys
2009-02-14 23:25 <DIR> --d----- c:\program files\Webroot
2009-02-14 20:24 106,496 a------- c:\windows\system32\fejokt.dll
2009-02-14 20:24 19,214 a------- c:\windows\system32\sf.ico
2009-02-14 20:24 13,942 a------- c:\windows\system32\m3.ico
2009-02-14 20:24 13,942 a------- c:\windows\system32\c.ico
2009-02-14 20:24 11,062 a------- c:\windows\system32\p.ico
2009-02-14 20:24 7,662 a------- c:\windows\system32\m.ico
2009-02-14 20:24 4,286 a------- c:\windows\system32\s.ico
2009-02-14 20:24 3,182 a------- c:\windows\ios.dat
2009-02-14 20:24 90,119 a------- c:\windows\system32.exe
2009-02-14 20:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-02-12 17:30 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-01-24 22:58 <DIR> --d----- c:\program files\Avanquest update
2009-01-24 22:57 <DIR> --d----- c:\program files\Motorola Phone Tools
2009-01-21 17:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-01-21 17:33 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-01-20 23:15 <DIR> --d----- c:\program files\Motorola
2009-01-20 22:56 25,600 ac------ c:\windows\system32\dllcache\usbser.sys
2009-01-20 22:56 25,600 a------- c:\windows\system32\drivers\usbser.sys
2009-01-19 17:23 16,640 a------- c:\windows\system32\drivers\DsAudioDevice_310.sys
2009-01-19 17:03 16,640 a------- c:\windows\system32\drivers\DsAudioDevice_207.sys

==================== Find3M ====================

2008-12-19 19:47 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-12-19 19:47 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-08 13:50 102,400 a------- c:\windows\DUMPb815.tmp
2008-06-12 09:53 3,125,248 a------- c:\program files\common files\sapxlhelper.dll
2008-06-12 09:53 955,904 a------- c:\program files\common files\SAPActiveXL.xlt
2008-06-12 09:53 949,760 a------- c:\program files\common files\SAPActiveXL_nosig.xlt
2008-06-12 09:53 626,688 a------- c:\program files\common files\sapconsaccess.dll
2008-06-12 09:53 192,512 a------- c:\program files\common files\sapconsr3.dll
2008-06-12 09:53 40,960 a------- c:\program files\common files\DigitalSignature.ocx
2007-02-12 18:10 2,682,880 -------- c:\documents and settings\all users\VCREDI~3.EXE

============= FINISH: 22:23:46.18 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 man2know

man2know
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 18 February 2009 - 02:52 PM

Please Help.....problem appears to be getting worse. Unable to access any website, unable to download repair tools, unable to install with jump drive (renaiming file does not work).....using spare laptop to post.

#3 man2know

man2know
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 22 February 2009 - 10:51 PM

Please help....it's been over five days now....

PC now will only boot in Safe Mode.....

Please.....

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 PM

Posted 23 February 2009 - 07:02 PM

Hi man2know,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Please download HiJackThis.exe, and save it to C: drive. This application doesn't need installation. Additional instruction per PM.

  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the OTViewIt icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Set File age to 60 days.
  • Type in the Custom Scans section: hijackthisbackups
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Tell me:
  • If you have done anything since previous post. Update me also about the current condition of your computer and the options we and don't have.
  • If this is the only computer or you have another computer at home we can eventually use.
  • If you have a Windows installation CD. Not that we need it now, just in case.
[/list]You might want to save this page on your favorites, so you can find it again when you return.

#5 man2know

man2know
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 23 February 2009 - 08:27 PM

Hi Farbar,

Thank you for your response.

This morning PC would not even boot in Save Mode.....rebooted from Last Knows Configuration and at least can now boot back in Normal Mode but all previous symptons returned....unable to acces Control Panel, My Documents, My Computer, etc.....just lanches IE with search on DNS Changer.



Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:43:39 PM, on 2/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\DesktopAuthority\DaMaint.exe
C:\Program Files\DesktopAuthority\DesktopAuthority.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\TriActive\MicroAgent\bin\ma.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TMicro\OfficeScan Client\ntrtscan.exe
C:\Program Files\DesktopAuthority\RMGui.exe
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\slClient.exe
C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\TMicro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\GRD13D.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TMicro\OfficeScan Client\pccntmon.exe
C:\Program Files\TriActive\MicroAgent\bin\matray-2.0.23.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TMicro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
E:\hamlet.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://infozone-usb.insight.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://infozone-usb.insight.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = hqisa01.hq.insight.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 734914 helper - {0BD071A6-C989-49E8-9B8E-80F92A868E26} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Win32-DNSChanger - {930E7881-D9F3-4293-A24B-23A80C013378} - C:\WINDOWS\system32\fejokt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [USB2Check] "RUNDLL32.EXE" "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [TVT Scheduler Proxy] "C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SAP_WUS_UNT] "C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\TMicro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [matray] "C:\Program Files\TriActive\MicroAgent\bin\matray-2.0.23.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Desktop Authority GUI] "C:\Program Files\DesktopAuthority\rmgui.exe"
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=http://infozone-usb.insight.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1203706036330
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} (GoToMeeting/GoToWebinar Web Starter) - https://www1.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DC765522-D5BE-49C9-AF5F-8C715A44BA28} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v9/ticker.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\Software\..\Telephony: DomainName = Insight.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = insight.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\System\CS7\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\System\CS8\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\System\CS9\Services\Tcpip\Parameters: SearchList = insight.com
O17 - HKLM\System\CS10\Services\Tcpip\Parameters: Domain = insight.com
O17 - HKLM\System\CS11\Services\Tcpip\Parameters: Domain = insight.com
O20 - AppInit_DLLs: DAinit.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: crypt - crypts.dll (file missing)
O22 - SharedTaskScheduler: frizzed - {ecc974ae-6ede-44a2-90da-93b996d8eaf8} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Desktop Authority Maintenance Service (DAMaint) - ScriptLogic Corporation - C:\Program Files\DesktopAuthority\DaMaint.exe
O23 - Service: Desktop Authority Service (DesktopAuthority) - ScriptLogic Corporation - C:\Program Files\DesktopAuthority\DesktopAuthority.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TriActive MicroAgent (MA) - TriActive, Inc. - C:\Program Files\TriActive\MicroAgent\bin\ma.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\TMicro\OfficeScan Client\ntrtscan.exe
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScriptLogic Service (SLClient) - ScriptLogic Software Corporation - C:\WINDOWS\system32\slClient.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\TMicro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\TMicro\OfficeScan Client\TmProxy.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 15263 bytes

---------------------------------------------------------------------------------------------------------------------------------------

OTViewIt Log

OTViewIt logfile created on: 2/23/2009 07:46:07 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = E:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.16% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 44.30 Gb Free Space | 39.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 246.50 Mb Total Space | 216.51 Mb Free Space | 87.83% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive U: | 111.79 Gb Total Space | 44.30 Gb Free Space | 39.63% Space Free | Partition Type: *NT5CSC

Computer Name: ATLTCREELLAP
Current User Name: tcreel
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== Processes ==========

[2007/05/31 21:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
[2008/01/03 14:43:36 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2007/11/19 16:40:08 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/04/18 15:18:24 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe
[2008/01/03 14:43:36 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/11/04 12:21:28 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2007/03/23 06:08:38 | 00,059,576 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\DesktopAuthority\DaMaint.exe
[2007/03/23 06:08:26 | 01,235,128 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\DesktopAuthority\DesktopAuthority.exe
[2007/11/19 17:00:38 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2008/12/16 12:39:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/06/21 13:16:22 | 01,425,408 | ---- | M] (TriActive, Inc.) -- C:\Program Files\TriActive\MicroAgent\bin\ma.exe
[2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2009/01/30 11:25:20 | 00,918,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\NTRtScan.exe
[2007/03/23 06:08:40 | 00,481,464 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\DesktopAuthority\rmgui.exe
[2008/07/14 16:37:48 | 00,251,248 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
[2007/11/19 16:35:46 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2007/03/28 03:06:32 | 00,546,472 | ---- | M] (ScriptLogic Software Corporation) -- C:\WINDOWS\system32\slClient.exe
[2005/08/23 13:23:20 | 00,167,936 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe
[2007/09/26 16:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
[2006/06/29 23:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
[2008/03/04 09:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
[2007/04/13 04:50:00 | 00,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
[2008/05/16 09:52:12 | 00,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
[2009/01/30 11:25:20 | 00,988,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\TmListen.exe
[2009/01/30 11:25:24 | 00,296,224 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Temp\GRD13D.EXE
[2004/08/04 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2004/08/04 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2008/03/04 09:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[2007/08/11 03:30:40 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2007/08/11 03:30:12 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2005/05/20 11:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2008/07/14 16:38:06 | 00,218,472 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
[2004/08/04 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2009/01/30 11:25:20 | 00,718,120 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\PccNTMon.exe
[2008/06/21 17:31:06 | 00,237,568 | ---- | M] () -- C:\Program Files\TriActive\MicroAgent\bin\matray-2.0.23.exe
[2007/04/27 04:10:00 | 00,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
[2007/04/27 04:33:00 | 00,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
[2006/02/02 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2009/01/30 21:27:07 | 00,435,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\CNTAoSMgr.exe
[2008/07/04 06:41:30 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2004/08/04 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2004/08/04 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2009/02/23 19:40:08 | 00,422,912 | ---- | M] (OldTimer Tools) -- E:\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 03:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/01/03 14:43:36 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2005/04/18 15:18:24 | 00,118,784 | ---- | M] (Bytemobile, Inc.) -- C:\WINDOWS\system32\bmwebcfg.exe -- (bmwebcfg [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/04/13 04:50:00 | 00,590,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec [Auto | Running])
[2007/10/24 03:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/11/04 12:21:28 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2007/03/23 06:08:38 | 00,059,576 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\DesktopAuthority\DaMaint.exe -- (DAMaint [Auto | Running])
[2007/03/23 06:08:26 | 01,235,128 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\DesktopAuthority\DesktopAuthority.exe -- (DesktopAuthority [Auto | Running])
[2007/11/19 17:00:38 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2009/02/12 17:31:12 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007/10/09 14:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/12/16 12:39:35 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/05/31 21:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
[2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/10/11 11:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/06/21 13:16:22 | 01,425,408 | ---- | M] (TriActive, Inc.) -- C:\Program Files\TriActive\MicroAgent\bin\ma.exe -- (MA [Auto | Running])
[2003/06/20 01:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
[2007/10/11 11:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2009/01/30 11:25:20 | 00,918,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\NTRtScan.exe -- (ntrtscan [Auto | Running])
[2008/07/14 16:37:48 | 00,251,248 | ---- | M] (SAP AG) -- C:\Program Files\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe -- (NWSAPAutoWorkstationUpdateSvc [Auto | Running])
[2003/07/28 14:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/19 16:35:46 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/11/19 16:40:08 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2007/03/28 03:06:32 | 00,546,472 | ---- | M] (ScriptLogic Software Corporation) -- C:\WINDOWS\system32\slClient.exe -- (SLClient [Auto | Running])
[2005/08/23 13:23:20 | 00,167,936 | ---- | M] (Sprint Spectrum, L.L.C) -- C:\Program Files\Sprint\AirCard 580\Sprint PCS Connection Manager\SPCSUtilityService.exe -- (SPCSUtilityService [Auto | Running])
[2008/05/16 09:52:12 | 00,032,768 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
[2007/09/26 16:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
[2009/01/30 11:25:20 | 00,988,456 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\TmListen.exe -- (tmlisten [Auto | Running])
[2006/06/29 23:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running])
[2008/03/04 09:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
[2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/08/09 18:36:04 | 00,652,552 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\TmProxy.exe -- (TmProxy [On_Demand | Stopped])

========== Driver Services ==========

[2006/06/20 13:56:48 | 00,178,688 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2006/08/07 09:57:30 | 00,093,952 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService [On_Demand | Running])
[2008/02/25 13:00:56 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2003/12/09 14:52:04 | 00,040,064 | ---- | M] (Sierra Wireless America, Inc.) -- C:\WINDOWS\system32\drivers\apusbsnt.sys -- (apusbsnt [On_Demand | Stopped])
[2002/07/17 07:53:02 | 00,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32 [Auto | Running])
[2008/01/03 15:32:52 | 02,782,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/08/04 01:10:40 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys -- (BthEnum [On_Demand | Running])
[2004/08/04 00:58:40 | 00,100,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys -- (BthPan [On_Demand | Running])
[2008/06/13 08:10:50 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2004/08/04 01:10:36 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Running])
[2008/07/24 01:49:52 | 00,015,872 | ---- | M] () -- C:\WINDOWS\system32\drivers\cdburner.sys -- (cdburner [Boot | Running])
[2005/05/17 06:51:34 | 00,005,315 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2005/11/04 12:20:40 | 00,303,735 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2007/03/23 06:08:46 | 00,013,240 | ---- | M] (ScriptLogic Corporation) -- C:\Program Files\DesktopAuthority\DAInfo.sys -- (DAInfo [Auto | Running])
[2007/03/23 06:08:50 | 00,009,528 | ---- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\drivers\DAmirr.sys -- (DAmirr [On_Demand | Running])
[2007/03/23 06:09:12 | 00,011,448 | ---- | M] (Windows ® 2000 DDK provider) -- C:\Program Files\DesktopAuthority\DAtf.sys -- (DAtf [Auto | Running])
[2005/12/21 08:14:52 | 00,100,957 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA [On_Demand | Stopped])
[2006/02/02 07:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/11/18 14:02:50 | 00,005,660 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/02/02 07:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2006/02/02 07:20:00 | 00,086,652 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/02/02 07:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/02/02 07:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/11/18 14:02:10 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2006/02/02 07:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/02/02 07:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2005/08/18 21:22:30 | 00,110,080 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2004/08/03 21:58:30 | 00,207,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4.sys -- (dot4 [On_Demand | Stopped])
[2001/08/17 12:47:32 | 00,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4Prt.sys -- (Dot4Print [On_Demand | Stopped])
[2001/08/17 12:47:32 | 00,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\Dot4usb.sys -- (dot4usb [On_Demand | Stopped])
[2006/03/01 05:30:00 | 00,089,472 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/11/18 07:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2009/01/08 18:00:54 | 00,016,640 | ---- | M] (Wondershare) -- C:\WINDOWS\system32\drivers\DsAudioDevice_207.sys -- (DsAudioDevice_207 [On_Demand | Stopped])
[2009/01/08 18:00:54 | 00,016,640 | ---- | M] (Wondershare) -- C:\WINDOWS\system32\drivers\DsAudioDevice_310.sys -- (DsAudioDevice_310 [On_Demand | Stopped])
[2007/10/12 18:30:46 | 00,252,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2006/12/12 10:16:06 | 00,022,528 | ---- | M] (Pinnacle Systems GmbH) -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio [On_Demand | Stopped])
[2005/12/21 08:14:52 | 00,005,245 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/03/08 16:18:00 | 00,008,320 | ---- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
[2005/01/07 19:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/12/22 13:56:00 | 00,209,664 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2006/12/22 13:56:44 | 00,988,800 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/05/31 21:01:30 | 00,021,424 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
[2006/06/19 16:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem [On_Demand | Stopped])
[2008/09/30 07:11:56 | 00,003,768 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\MovRVDrv32.sys -- (MovRVDrv32 [On_Demand | Running])
[2004/08/03 22:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE [On_Demand | Stopped])
[2006/08/02 09:45:32 | 00,114,560 | ---- | M] (Mars Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910 [On_Demand | Stopped])
[2007/11/27 01:37:00 | 02,236,544 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
[2004/08/04 06:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2004/08/04 01:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Running])
[2008/10/05 00:16:54 | 00,033,824 | ---- | M] () -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32 [System | Running])
[2007/04/13 04:50:00 | 00,023,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr [On_Demand | Running])
[2008/02/25 13:02:00 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd [On_Demand | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/09/15 19:14:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2004/08/04 01:10:40 | 00,059,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Running])
[2007/11/20 18:39:56 | 00,012,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2005/12/21 08:14:52 | 00,004,493 | ---- | M] (eMPIA Technology, Inc.) -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA [On_Demand | Stopped])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2006/10/02 03:55:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [System | Running])
[2007/08/14 17:46:36 | 00,010,896 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp [Auto | Running])
[2008/09/07 21:35:01 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2006/07/07 16:41:48 | 00,014,848 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD [On_Demand | Running])
[2007/08/11 03:25:28 | 00,177,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/09/25 11:33:16 | 00,043,552 | ---- | M] (RapidSolution Software AG) -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd [On_Demand | Stopped])
[2007/08/14 17:25:52 | 00,047,376 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2006/10/02 03:55:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
[2009/01/30 11:25:24 | 00,142,992 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2009/01/20 21:14:58 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\TmXpflt.sys -- (TmFilter [Auto | Running])
[2009/01/20 21:14:56 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter [Auto | Running])
[2007/12/07 03:22:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [System | Running])
[2009/01/20 21:03:36 | 01,195,512 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TMicro\OfficeScan Client\VsapiNT.sys -- (VSApiNt [Auto | Running])
[2005/01/26 08:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Stopped])
[2006/12/22 13:55:56 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/11/11 14:56:08 | 00,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\drivers\WmaCAudio.sys -- (WmaCAudio [On_Demand | Stopped])
[2008/11/11 14:56:12 | 00,003,768 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\WmaCVideo.sys -- (WmaCVideo [On_Demand | Stopped])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])
[2008/09/11 17:05:02 | 00,016,896 | ---- | M] (Wondershare) -- C:\WINDOWS\system32\drivers\VirtualAudio.sys -- (wsvad_driver [On_Demand | Stopped])
[2008/08/09 18:36:34 | 00,072,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.yahoo.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.yahoo.com
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://infozone-usb.insight.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.yahoo.com
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=
"Start Page"=http://infozone-usb.insight.com

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://internetsearchservice.com/search?q=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = ;*.local;<local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.yahoo.com
"SearchMigratedDefaultName"=Search
"SearchMigratedDefaultURL"=
"Start Page"=http://infozone-usb.insight.com

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\SearchURL\w]
""=http://internetsearchservice.com/search?q=%s

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = ;*.local;<local>

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{0BD071A6-C989-49E8-9B8E-80F92A868E26} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
{930E7881-D9F3-4293-A24B-23A80C013378} (HKLM) -- C:\WINDOWS\system32\fejokt.dll ()
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
{F4971EE7-DAA0-4053-9964-665D8EE6A077} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{85BDD81D-31FD-4A6B-A73C-3955B128D2EC}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{85BDD81D-31FD-4A6B-A73C-3955B128D2EC}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{85BDD81D-31FD-4A6B-A73C-3955B128D2EC}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()
"Desktop Authority GUI"="C:\Program Files\DesktopAuthority\rmgui.exe" (ScriptLogic Corporation)
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup (InstallShield Software Corporation)
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (Lenovo Group Limited)
"matray"="C:\Program Files\TriActive\MicroAgent\bin\matray-2.0.23.exe" ()
"OfficeScanNT Monitor"="C:\Program Files\TMicro\OfficeScan Client\pccntmon.exe" -HideWindow (Trend Micro Inc.)
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
"SAP_WUS_UNT"="C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe" (SAP AG)
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" (Analog Devices, Inc.)
"Synchronization Manager"=%SystemRoot%\system32\mobsync.exe /logon (Microsoft Corporation)
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" (Synaptics, Inc.)
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" (Synaptics, Inc.)
"TP4EX"=tp4ex.exe (Lenovo Group Limited)
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper (Lenovo)
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" (Lenovo Group Limited)
"USB2Check"="RUNDLL32.EXE" "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController (Pinnacle Systems)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="C:\Program Files\Microsoft Office Communicator\Communicator.exe" (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2008/02/25 17:25:51 | 00,006,144 | R--- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{24C67B54-0718-445E-B663-3138D9246BD1}\Icon3E5562ED7.ico

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoJITSetup"=1
"NoUpdateCheck"=1

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Main]
"DisableFirstRunCustomize"=1

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\PhishingFilter]
"Enabled"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"HomePage"=1
"Autoconfig"=1

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\New Windows]
"ListBox_Support_Allow"=1

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\New Windows\Allow]
"*.insight.com"=*.insight.com
"*.mysapapps04.insight.com"=*.mysapapps04.insight.com
"*.netg.com"=*.netg.com
"*.ninthhouse.net"=*.ninthhouse.net
"*.successfactors.com"=*.successfactors.com
"*.traininsight.com"=*.traininsight.com
"*.xtremelearning.com"=*.xtremelearning.com
"*mysapappx04.insight.com"=*mysapappx04.insight.com

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoHelpItemTipOfTheDay"=1
"NoHelpItemNetscapeHelp"=1
"NoHelpItemTutorial"=1
"NoHelpItemSendFeedback"=1

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\policies\microsoft\internet explorer\Control Panel]
"HomePage"=1
"Autoconfig"=1

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\policies\microsoft\internet explorer\New Windows]
"ListBox_Support_Allow"=1

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\policies\microsoft\internet explorer\New Windows\Allow]
"*.insight.com"=*.insight.com
"*.mysapapps04.insight.com"=*.mysapapps04.insight.com
"*.netg.com"=*.netg.com
"*.ninthhouse.net"=*.ninthhouse.net
"*.successfactors.com"=*.successfactors.com
"*.traininsight.com"=*.traininsight.com
"*.xtremelearning.com"=*.xtremelearning.com
"*mysapappx04.insight.com"=*mysapappx04.insight.com

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\policies\microsoft\internet explorer\Restrictions]
"NoHelpItemTipOfTheDay"=1
"NoHelpItemNetscapeHelp"=1
"NoHelpItemTutorial"=1
"NoHelpItemSendFeedback"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"HonorAutoRunSetting"=1
"NoWelcomeScreen"=1
"NoMSAppLogo5ChannelNotify"=1
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]
"some"=C:\Program Files\Web Technologies\wcs.exe -- File not found
"start"=C:\Program Files\Web Technologies\iebtm.exe -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=Insight's Computer Use Policy
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
"NoFolderOptions"=1
"NoDriveTypeAutoRun"=145
"ForceStartMenuLogOff"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"ForceClassicControlPanel"=1
"NoWelcomeScreen"=1
"NoSMConfigurePrograms"=1
"NoStartMenuMyMusic"=1
"NoSMMyPictures"=1
"NoSMHelp"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=1
"HideLegacyLogonScripts"=1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0
"NoFolderOptions"=1
"NoDriveTypeAutoRun"=145
"ForceStartMenuLogOff"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"ForceClassicControlPanel"=1
"NoWelcomeScreen"=1
"NoSMConfigurePrograms"=1
"NoStartMenuMyMusic"=1
"NoSMMyPictures"=1
"NoSMHelp"=1

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=1
"HideLegacyLogonScripts"=1

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append Link Target to Existing PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008/06/11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008/06/11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008/06/11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008/06/11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\Software\Microsoft\Internet Explorer\MenuExt\]
Append Link Target to Existing PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008/06/11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Append to Existing PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008/06/11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert Link Target to Adobe PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008/06/11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008/06/11 22:42:44 | 00,345,480 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- Reg Error: Key does not exist or could not be opened. File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 16:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{38E51477-DDB4-4aed-9D61-D0C193E10749} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 16:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 16:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 16:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> [Sun Java Console] -> File not found
CmdMapping\\{38E51477-DDB4-4aed-9D61-D0C193E10749} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 16:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 11:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
hqris1: file in Trusted sites
insight.com\dataworld: http in Computer
insight.com\dataworld-iww: http in Computer
insight.com\ecomcfiss01: http in Computer
insight.com\ess: http in Computer
insight.com\icace: http in Computer
insight.com\infozone: http in Computer
insight.com\infozone-ica: http in Computer
insight.com\infozone-idc: http in Computer
insight.com\infozoneqa-branch: http in Computer
insight.com\infozoneqa-ca: http in Computer
insight.com\infozoneqa-east: http in Computer
insight.com\infozoneqa-west: http in Computer
insight.com\infozone-usb: http in Computer
insight.com\infozone-use: http in Computer
insight.com\infozone-usw: http in Computer
insight.com\insighthelp: http in Computer
insight.com\iusce: http in Computer
insight.com\ozplace-us: http in Computer
insight.com\oz-us: http in Computer
insight.com\reportzone: http in Computer
insight.com\resources: http in Computer
insight.com\reviews: http in Computer
insight.com\software: http in Computer
insight.com\sysmon: http in Computer
insight.com\timetrack: http in Computer
insight.com\train: http in Computer
planetcalence.com: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
hqris1: file in Trusted sites
insight.com\dataworld: http in My Computer
insight.com\dataworld-iww: http in My Computer
insight.com\ecomcfiss01: http in My Computer
insight.com\ess: http in My Computer
insight.com\icace: http in My Computer
insight.com\infozone: http in My Computer
insight.com\infozone-ica: http in My Computer
insight.com\infozone-idc: http in My Computer
insight.com\infozoneqa-branch: http in My Computer
insight.com\infozoneqa-ca: http in My Computer
insight.com\infozoneqa-east: http in My Computer
insight.com\infozoneqa-west: http in My Computer
insight.com\infozone-usb: http in My Computer
insight.com\infozone-use: http in My Computer
insight.com\infozone-usw: http in My Computer
insight.com\insighthelp: http in My Computer
insight.com\iusce: http in My Computer
insight.com\ozplace-us: http in My Computer
insight.com\oz-us: http in My Computer
insight.com\reportzone: http in My Computer
insight.com\resources: http in My Computer
insight.com\reviews: http in My Computer
insight.com\software: http in My Computer
insight.com\sysmon: http in My Computer
insight.com\timetrack: http in My Computer
insight.com\train: http in My Computer
planetcalence.com: https in Local intranet
27 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
hqris1: file in Trusted sites
insight.com\dataworld: http in My Computer
insight.com\dataworld-iww: http in My Computer
insight.com\ecomcfiss01: http in My Computer
insight.com\ess: http in My Computer
insight.com\icace: http in My Computer
insight.com\infozone: http in My Computer
insight.com\infozone-ica: http in My Computer
insight.com\infozone-idc: http in My Computer
insight.com\infozoneqa-branch: http in My Computer
insight.com\infozoneqa-ca: http in My Computer
insight.com\infozoneqa-east: http in My Computer
insight.com\infozoneqa-west: http in My Computer
insight.com\infozone-usb: http in My Computer
insight.com\infozone-use: http in My Computer
insight.com\infozone-usw: http in My Computer
insight.com\insighthelp: http in My Computer
insight.com\iusce: http in My Computer
insight.com\ozplace-us: http in My Computer
insight.com\oz-us: http in My Computer
insight.com\reportzone: http in My Computer
insight.com\resources: http in My Computer
insight.com\reviews: http in My Computer
insight.com\software: http in My Computer
insight.com\sysmon: http in My Computer
insight.com\timetrack: http in My Computer
insight.com\train: http in My Computer
planetcalence.com: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
hqris1: file in Trusted sites
insight.com\dataworld: http in My Computer
insight.com\dataworld-iww: http in My Computer
insight.com\ecomcfiss01: http in My Computer
insight.com\ess: http in My Computer
insight.com\icace: http in My Computer
insight.com\infozone: http in My Computer
insight.com\infozone-ica: http in My Computer
insight.com\infozone-idc: http in My Computer
insight.com\infozoneqa-branch: http in My Computer
insight.com\infozoneqa-ca: http in My Computer
insight.com\infozoneqa-east: http in My Computer
insight.com\infozoneqa-west: http in My Computer
insight.com\infozone-usb: http in My Computer
insight.com\infozone-use: http in My Computer
insight.com\infozone-usw: http in My Computer
insight.com\insighthelp: http in My Computer
insight.com\iusce: http in My Computer
insight.com\ozplace-us: http in My Computer
insight.com\oz-us: http in My Computer
insight.com\reportzone: http in My Computer
insight.com\resources: http in My Computer
insight.com\reviews: http in My Computer
insight.com\software: http in My Computer
insight.com\sysmon: http in My Computer
insight.com\timetrack: http in My Computer
insight.com\train: http in My Computer
planetcalence.com: https in Local intranet
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
hqris1: file in Trusted sites
insight.com\dataworld: http in My Computer
insight.com\dataworld-iww: http in My Computer
insight.com\ecomcfiss01: http in My Computer
insight.com\ess: http in My Computer
insight.com\icace: http in My Computer
insight.com\infozone: http in My Computer
insight.com\infozone-ica: http in My Computer
insight.com\infozone-idc: http in My Computer
insight.com\infozoneqa-branch: http in My Computer
insight.com\infozoneqa-ca: http in My Computer
insight.com\infozoneqa-east: http in My Computer
insight.com\infozoneqa-west: http in My Computer
insight.com\infozone-usb: http in My Computer
insight.com\infozone-use: http in My Computer
insight.com\infozone-usw: http in My Computer
insight.com\insighthelp: http in My Computer
insight.com\iusce: http in My Computer
insight.com\ozplace-us: http in My Computer
insight.com\oz-us: http in My Computer
insight.com\reportzone: http in My Computer
insight.com\resources: http in My Computer
insight.com\reviews: http in My Computer
insight.com\software: http in My Computer
insight.com\sysmon: http in My Computer
insight.com\timetrack: http in My Computer
insight.com\train: http in My Computer
planetcalence.com: https in Local intranet
27 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1203706036330 -- WUWebControl Class
{6F15128C-E66A-490C-B848-5000B5ABEEAC}: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab -- HP Download Manager
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.5.0_06
{8BBDC81D-81B3-49EE-87E8-47B7A707FAE8}: https://www1.gotomeeting.com/default/applets/g2mdlax.cab -- GoToMeeting/GoToWebinar Web Starter
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{DC765522-D5BE-49C9-AF5F-8C715A44BA28}: http://fdl.msn.com/public/investor/v9/ticker.cab -- MS Investor Ticker

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=DAinit.dll
>[2007/03/23 06:08:38 | 00,053,248 | ---- | M] (ScriptLogic Corporation) -- C:\WINDOWS\system32\DAinit.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"=vrlogon.dll
>[2007/08/14 17:56:16 | 00,615,936 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\vrlogon.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
crypt: "DllName" = crypts.dll -- File not found
psfus: "DllName" = C:\WINDOWS\system32\psqlpwd.dll -- C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
WRNotifier: "DllName" = WRLogonNTF.dll -- C:\WINDOWS\system32\WRLogonNtf.dll (Webroot Software, Inc.)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ecc974ae-6ede-44a2-90da-93b996d8eaf8}" (HKLM) = frizzed -- Reg Error: Key does not exist or could not be opened. File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/02/21 15:46:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/02/23 13:32:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tcreel\Desktop\Copy of Backup My Doc
[2009/02/23 13:10:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tcreel\Desktop\mail file My Doc
[2009/02/23 13:05:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tcreel\Desktop\Backup My Doc
[2009/02/23 12:53:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/02/23 10:27:45 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/23 09:27:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\log
[2009/02/23 09:24:39 | 00,001,809 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/02/23 09:23:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/02/23 09:19:56 | 00,000,021 | ---- | C] () -- C:\tmuninst.ini
[2009/02/21 13:33:48 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\tcreel\Desktop\Pin Connector Wiring.xls
[2009/02/19 09:49:52 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/19 09:49:49 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/02/19 09:49:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tcreel\Application Data\SUPERAntiSpyware.com
[2009/02/19 09:49:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/02/18 15:12:39 | 00,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/02/16 23:41:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/16 17:13:29 | 00,000,396 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/02/16 17:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tcreel\Application Data\DriverCure
[2009/02/16 17:13:24 | 00,000,382 | ---- | C] () -- C:\WINDOWS\tasks\DriverCure.job
[2009/02/16 17:13:23 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/02/16 17:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/02/16 17:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/02/16 17:13:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/02/16 12:00:42 | 00,000,164 | ---- | C] () -- C:\install.dat
[2009/02/16 11:37:08 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/16 11:32:47 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\tcreel\Desktop\CCleaner.lnk
[2009/02/16 09:03:42 | 01,553,272 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/02/15 22:30:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/02/14 23:25:22 | 00,208,896 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\System32\WRLogonNtf.dll
[2009/02/14 23:25:20 | 00,014,848 | ---- | C] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\System32\drivers\sskbfd.sys
[2009/02/14 23:25:13 | 00,000,000 | ---D | C] -- C:\Program Files\Webroot
[2009/02/14 20:24:47 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\fejokt.dll
[2009/02/14 20:24:47 | 00,019,214 | ---- | C] () -- C:\WINDOWS\System32\sf.ico
[2009/02/14 20:24:47 | 00,013,942 | ---- | C] () -- C:\WINDOWS\System32\m3.ico
[2009/02/14 20:24:47 | 00,013,942 | ---- | C] () -- C:\WINDOWS\System32\c.ico
[2009/02/14 20:24:47 | 00,011,062 | ---- | C] () -- C:\WINDOWS\System32\p.ico
[2009/02/14 20:24:47 | 00,007,662 | ---- | C] () -- C:\WINDOWS\System32\m.ico
[2009/02/14 20:24:47 | 00,004,286 | ---- | C] () -- C:\WINDOWS\System32\s.ico
[2009/02/14 20:24:47 | 00,003,182 | ---- | C] () -- C:\WINDOWS\ios.dat
[2009/02/14 20:24:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd
[2009/02/13 09:01:27 | 03,406,607 | ---- | C] () -- C:\Documents and Settings\tcreel\Desktop\Portfolio1.pdf
[2009/02/12 17:28:38 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2009/02/12 16:47:19 | 34,243,7920 | ---- | C] ( ) -- C:\Documents and Settings\tcreel\Desktop\AcroPro90_efg.exe
[2009/02/12 15:59:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tcreel\Application Data\Download Manager
[2009/01/27 11:21:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\tcreel\Desktop\Font
[2009/01/24 22:59:17 | 00,001,677 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk
[2009/01/24 22:58:29 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2009/01/24 22:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\Motorola Phone Tools
[2009/01/21 17:33:21 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2009/01/21 17:33:20 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2009/01/20 23:15:28 | 00,000,000 | ---D | C] -- C:\Program Files\Motorola
[2009/01/20 22:56:17 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbser.sys
[2009/01/20 22:56:17 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2009/01/19 17:23:08 | 00,016,640 | ---- | C] (Wondershare) -- C:\WINDOWS\System32\drivers\DsAudioDevice_310.sys
[2009/01/19 17:03:06 | 00,016,640 | ---- | C] (Wondershare) -- C:\WINDOWS\System32\drivers\DsAudioDevice_207.sys
[2009/01/13 16:05:54 | 00,000,328 | ---- | C] () -- C:\Documents and Settings\tcreel\Desktop\LRL Sports Club.url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\tcreel\Desktop\LRL Sports Club.url:favicon
[2009/01/13 13:37:21 | 00,146,417 | ---- | C] () -- C:\Documents and Settings\tcreel\Desktop\Behind The Mirror TV Monitors.pdf
[2009/01/01 21:42:51 | 00,979,407 | ---- | C] () -- C:\Documents and Settings\tcreel\Desktop\6A2R3.pdf

========== Files - Modified Within 60 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/02/23 12:54:43 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/02/23 12:54:33 | 00,000,306 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2009/02/23 12:54:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/23 12:53:47 | 00,000,455 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2009/02/23 12:52:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/23 12:52:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/23 11:55:01 | 00,014,378 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2009/02/23 10:27:45 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/23 09:43:23 | 00,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/23 09:38:06 | 00,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/02/23 09:30:25 | 00,000,021 | ---- | M] () -- C:\tmuninst.ini
[2009/02/23 09:18:38 | 00,002,433 | ---- | M] () -- C:\Documents and Settings\tcreel\Desktop\VPN Client.lnk
[2009/02/21 13:33:48 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\tcreel\Desktop\Pin Connector Wiring.xls
[2009/02/19 09:49:52 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/02/19 00:33:02 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/02/19 00:30:04 | 00,000,634 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/19 00:30:04 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/02/19 00:30:04 | 00,000,212 | -HS- | M] () -- C:\boot.ini
[2009/02/18 15:12:52 | 04,314,466 | -H-- | M] () -- C:\Documents and Settings\tcreel\Local Settings\Application Data\IconCache.db
[2009/02/18 14:09:31 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/02/16 18:20:37 | 00,000,382 | ---- | M] () -- C:\WINDOWS\tasks\DriverCure.job
[2009/02/16 17:13:29 | 00,000,396 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/02/16 12:00:42 | 00,000,164 | ---- | M] () -- C:\install.dat
[2009/02/16 11:32:47 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\tcreel\Desktop\CCleaner.lnk
[2009/02/14 20:24:47 | 00,106,496 | ---- | M] () -- C:\WINDOWS\System32\fejokt.dll
[2009/02/14 20:24:47 | 00,019,214 | ---- | M] () -- C:\WINDOWS\System32\sf.ico
[2009/02/14 20:24:47 | 00,013,942 | ---- | M] () -- C:\WINDOWS\System32\m3.ico
[2009/02/14 20:24:47 | 00,013,942 | ---- | M] () -- C:\WINDOWS\System32\c.ico
[2009/02/14 20:24:47 | 00,011,062 | ---- | M] () -- C:\WINDOWS\System32\p.ico
[2009/02/14 20:24:47 | 00,007,662 | ---- | M] () -- C:\WINDOWS\System32\m.ico
[2009/02/14 20:24:47 | 00,004,286 | ---- | M] () -- C:\WINDOWS\System32\s.ico
[2009/02/14 20:24:47 | 00,003,182 | ---- | M] () -- C:\WINDOWS\ios.dat
[2009/02/13 09:01:27 | 03,406,607 | ---- | M] () -- C:\Documents and Settings\tcreel\Desktop\Portfolio1.pdf
[2009/02/13 08:41:09 | 00,329,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/12 17:28:38 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2009/02/12 16:57:03 | 34,243,7920 | ---- | M] ( ) -- C:\Documents and Settings\tcreel\Desktop\AcroPro90_efg.exe
[2009/02/03 15:21:14 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/03 14:47:33 | 00,000,328 | ---- | M] () -- C:\Documents and Settings\tcreel\Desktop\LRL Sports Club.url
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\tcreel\Desktop\LRL Sports Club.url:favicon
[2009/01/30 11:25:24 | 00,142,992 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/01/27 14:09:25 | 00,033,280 | -HS- | M] () -- C:\Documents and Settings\tcreel\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\tcreel\My Documents\Thumbs.db:encryptable
[2009/01/24 22:59:17 | 00,001,677 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk
[2009/01/21 17:33:21 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
[2009/01/21 17:33:20 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01005.Wdf
[2009/01/20 09:07:48 | 01,553,272 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/01/13 13:37:21 | 00,146,417 | ---- | M] () -- C:\Documents and Settings\tcreel\Desktop\Behind The Mirror TV Monitors.pdf
[2009/01/08 18:00:54 | 00,016,640 | ---- | M] (Wondershare) -- C:\WINDOWS\System32\drivers\DsAudioDevice_310.sys
[2009/01/08 18:00:54 | 00,016,640 | ---- | M] (Wondershare) -- C:\WINDOWS\System32\drivers\DsAudioDevice_207.sys
[2009/01/01 21:42:51 | 00,979,407 | ---- | M] () -- C:\Documents and Settings\tcreel\Desktop\6A2R3.pdf

========== Custom Scans ==========

< End of report >

----------------------------------------------------------------------------------------------------------------------------------------

Extras Log

OTViewIt Extras logfile created on: 2/23/2009 07:46:07 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = E:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 63.16% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 44.30 Gb Free Space | 39.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 246.50 Mb Total Space | 216.51 Mb Free Space | 87.83% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive U: | 111.79 Gb Total Space | 44.30 Gb Free Space | 39.63% Space Free | Partition Type: *NT5CSC

Computer Name: ATLTCREELLAP
Current User Name: tcreel
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days
"Use My Stylesheet"=
"User Stylesheet"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/10/10 07:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Motorola\Software Update\msu.exe:*:Disabled:msu

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] -- C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
Protocol_Catalog9\Catalog_Entries\000000000001 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000002 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000003 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000004 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000005 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000006 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000007 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000008 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000009 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000010 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000011 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000012 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000013 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000014 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000015 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000016 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000017 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000018 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000019 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000020 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000021 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000022 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000023 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000024 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000025 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000026 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000027 -- File not found
Protocol_Catalog9\Catalog_Entries\000000000028 -- File not found

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 14:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 14:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 14:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 20:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 15:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 15:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/19 07:42:36 | 00,069,632 | ---- | M] (SAP AG, Walldorf) c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (saphtmlp:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} (HKLM) [SAP HTML Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/02/19 07:42:36 | 00,069,632 | ---- | M] (SAP AG, Walldorf) c:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (sapr3:{D1F8BD1E-7967-11D2-B43A-006094B9EADB} (HKLM) [SAP HTML Pluggable Protocol])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 15:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04566A17-0760-23F1-9295-54705E3B877E}"=Catalyst Control Center Localization Swedish
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{06036425-687F-3894-0641-8EA75FFE609A}"=Catalyst Control Center Localization Italian
"{075473F5-846A-448B-BCB3-104AA1760205}"=RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{1297C681-92D7-40EF-93BF-03F66EC5105C}"=ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}"=ThinkPad UltraNav Utility
"{1B8A2B9C-4561-E3FC-BAF6-D069710D3620}"=Catalyst Control Center Localization Portuguese
"{1C1BCB70-E3E8-C485-7718-43F2BE420BCC}"=Catalyst Control Center Localization Chinese Standard
"{1C8CE90A-1F62-B5E5-7A1F-ECAEA90C1809}"=Catalyst Control Center Localization Japanese
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}"=ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{24C67B54-0718-445E-B663-3138D9246BD1}"=Cisco Systems VPN Client 4.8.00.0440
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service Pack 1
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}"=Adobe Flash Player 10 ActiveX
"{2EA132B6-4796-B2AC-066F-CADD3D8C5256}"=CCC Help German
"{2F221920-DB3B-4A74-A010-26ABDBA07AC2}"=SMS Advanced Client
"{2F8C106A-7DFC-45DE-8006-F9145AADF1D8}"=iPod Updater 2004-08-06
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{30BB734A-415A-4BAD-A021-07B9D273234D}"=ISIS Portal
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{32A64E70-2504-6723-002B-F9C04108A2A1}"=CCC Help Japanese
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3CA92ABE-CAEA-BF05-BF4A-A72CEAD7B4D1}"=Catalyst Control Center Localization Dutch
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}"=Spy Sweeper Core
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}"=MSXML4.0 redistributable
"{4BCE1668-B34B-4A51-A73D-1A7074A38787}"=Sprint PCS Connection Manager
"{56E5C91F-556C-184D-52F5-C3E501B5EEDD}"=CCC Help Portuguese
"{58B5C4F4-33FF-71DE-6619-FA04F0BC1482}"=CCC Help Italian
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{67183F00-3DDC-497B-A090-4E2B79EAF1CD}"=Photo Viewer
"{68A35043-C55A-4237-88C9-37EE1C63ED71}"=Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}"=Microsoft Baseline Security Analyzer 2.1
"{6E5C9B5E-8AB6-4D49-9DF7-1A48B29BB9E1}"=Windows Resource Kit Tools - DelProf.exe
"{7148F0A8-6813-11D6-A77B-00B0D0142000}"=Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{75A0EB9D-2D1E-4FB7-BF61-498E33C73EB4}"=Motorola Driver Installation
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}"=Avanquest update
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}"=ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}"=System Update
"{888A411C-430C-217C-4433-3C9D28385AF2}"=Catalyst Control Center Localization French
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}"=Windows Support Tools
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}"=Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{90160409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Excel 2003
"{90170409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office FrontPage 2003
"{903B0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Professional 2003
"{90F80409-6000-11D3-8CFE-0150048383C9}"=Remove Hidden Data Tool
"{92D42AFF-ADC3-7465-3893-00DF5FB4546E}"=ccc-core-static
"{947BC4E5-F21D-8C14-98A0-54AF74B64E87}"=ccc-utility
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}"=Help Center
"{9A211ECF-1D7B-F6FA-C0D4-1EEC07003F0C}"=CCC Help Chinese Traditional
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ED59DA3-5667-7D3D-008C-68DCC4AC3AD4}"=CCC Help Dutch
"{9FD77787-15D1-E12E-4D69-1CFAE467E77D}"=Catalyst Control Center Localization Spanish
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}"=ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}"=mDriver
"{A1D50D4D-0327-1E09-E392-EB1278121B3B}"=CCC Help Chinese Standard
"{A2289997-10A3-48F2-AA03-99180D761661}"=ThinkVantage Fingerprint Software 5.6
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=RecordNow Audio
"{AC3D865A-0D8C-43C0-8BA7-7EC2D34BFBFE}"=Quality Center Microsoft Excel Addin
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-1033-F400-7760-000000000004}"=Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}"=Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AF28A7B4-F86B-2708-43D8-19F9220C7946}"=CCC Help French
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=RecordNow Copy
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}"=PixiePack Codec Pack
"{B334D9AE-1393-423E-97C0-3BDC3360E692}"=Sonic Icons for Lenovo
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B6108EB8-1C29-FC8A-55E7-BC5044460DB0}"=Catalyst Control Center Core Implementation
"{B686BEB9-6D2A-C2E4-26BB-F52F066B8AA9}"=Catalyst Control Center Localization Korean
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}"=Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB17F8F8-926A-1ED0-7354-3644C407C21E}"=ccc-core-preinstall
"{BB9882D2-EF12-7393-1F5F-4EA44C461ED6}"=CCC Help Swedish
"{BBE9CD7B-E894-477F-B5A1-D642D672C713}"=Catalyst Control Center - Branding
"{BD608B39-EB7A-A8F8-3BA8-94A1013A758E}"=Catalyst Control Center Graphics Full Existing
"{BDF820F3-79A6-4ACF-B910-43B26BB894CC}"=Microsoft Network Monitor 3.1
"{BE5AD430-9E0C-4243-AB3F-593835869855}"=Microsoft Office Communicator 2005
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}"=Pinnacle Instant DVD Recorder
"{C1A8A87E-FAF8-43EC-9862-B2636710B63F}"=Repui
"{C5C7FBB0-3EEE-D531-0C2A-D0330193528B}"=Catalyst Control Center Localization German
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}"=WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}"=ThinkVantage Productivity Center
"{CF91B514-70EF-F45F-56A8-D366C6D84504}"=CCC Help English
"{D0D1EF04-A961-27B9-EAB5-D646F541B0CD}"=Skins
"{D23B2191-2414-974B-FCFE-5DA8A3E27C6C}"=CCC Help Korean
"{D26979FD-F093-C21D-D805-43043BCF8BE3}"=Catalyst Control Center Graphics Full New
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}"=Windows Resource Kit Tools - SubInAcl.exe
"{D728E945-256D-4477-B377-6BBA693714AC}"=Productivity Center Supplement for ThinkPad
"{DA56C01D-C70A-401D-ABE2-7188B9FF161F}"=Microsoft Office Live Meeting 2005
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}"=Google Toolbar for Internet Explorer
"{DC474FD1-1AEF-6518-5572-F8649F2FDC07}"=Catalyst Control Center Graphics Light
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{E842613A-B987-485B-A4CB-44DCD49A9F1E}"=Motorola Phone Tools
"{E89956F9-5B89-470E-818D-BD46102D0A01}"=Citrix Presentation Server Client
"{EA664480-3844-11D5-8C25-444553540000}"=TrackPoint Accessibility Features
"{ECEA7878-2100-4525-915D-B09174E36971}"=Trend Micro OfficeScan Client
"{F036C12B-0FC5-C0E1-DDF5-BDA24AF467D4}"=CCC Help Spanish
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F1FC34F1-572D-2681-58B9-796311E3013F}"=Catalyst Control Center Localization Chinese Traditional
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}"=Motorola Phone Tools
"{F539210E-8474-44E3-9035-01CB6444DB46}"=OutlookTools 2
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}"= Sansa Media Converter
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}"=ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"693218053459EBF14C6505EA1172F17672B50DD1"=Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
"ActiveTouchMeetingClient"=WebEx
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8.1.3 Professional
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"CCleaner"=CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588"=ThinkPad Modem
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2008-09-21 16:18
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"ImgBurn"=ImgBurn
"InstallShield_{2F8C106A-7DFC-45DE-8006-F9145AADF1D8}"=iPod Updater 2004-08-06
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package"=Microsoft Visual J# 2.0 Redistributable Package
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PlayMaker Pro Football"=PlayMaker Pro Football
"Power Management Driver"=ThinkPad Power Management Driver
"ProInst"=Intel® PROSet/Wireless Software
"PROSet"=Intel® PRO Network Connections Drivers
"Remove Multimedia Center"=Remove Multimedia Center
"Sanse Playlister_is1"=Sanse Playlister Ver1.5
"SAP_WUS"=SAPSetup Automatic Workstation Update Service
"SAPBI"=SAP Business Explorer
"SAPGUI710"=SAP GUI 7.10
"SynTPDeinstKey"=ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier"=ThinkPad FullScreen Magnifier
"Tunatic"=Tunatic
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting"=GoToMeeting/GoToWebinar 3.0.0.198

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting"=GoToMeeting/GoToWebinar 3.0.0.198

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/23/2009 10:17:01 AM | Computer Name = ATLTCREELLAP | Source = UserInit | ID = 1000
Description = Could not execute the following script javasettings.vbs. The system
cannot find the file specified. .

Error - 2/23/2009 10:19:09 AM | Computer Name = ATLTCREELLAP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for HQ\tcreel failed to contact the
active directory (0x8007054b). The specified domain either does not exist or could
not be contacted. Enrollment will not be performed.

Error - 2/23/2009 10:21:57 AM | Computer Name = ATLTCREELLAP | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 2/23/2009 01:52:09 PM | Computer Name = ATLTCREELLAP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/23/2009 01:53:29 PM | Computer Name = ATLTCREELLAP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/23/2009 01:53:57 PM | Computer Name = ATLTCREELLAP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/23/2009 01:54:03 PM | Computer Name = ATLTCREELLAP | Source = UserInit | ID = 1000
Description = Could not execute the following script DisableIM.vbs. The system cannot
find the file specified. .

Error - 2/23/2009 01:54:03 PM | Computer Name = ATLTCREELLAP | Source = UserInit | ID = 1000
Description = Could not execute the following script GoogleAllowPopUps.vbs. The
system cannot find the file specified. .

Error - 2/23/2009 01:54:03 PM | Computer Name = ATLTCREELLAP | Source = UserInit | ID = 1000
Description = Could not execute the following script javasettings.vbs. The system
cannot find the file specified. .

Error - 2/23/2009 01:55:37 PM | Computer Name = ATLTCREELLAP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for HQ\tcreel failed to contact the
active directory (0x8007054b). The specified domain either does not exist or could
not be contacted. Enrollment will not be performed.

[ Application Events ]
Error - 2/23/2009 10:17:01 AM | Computer Name = ATLTCREELLAP | Source = UserInit | ID = 1000
Description = Could not execute the following script javasettings.vbs. The system
cannot find the file specified. .

Error - 2/23/2009 10:19:09 AM | Computer Name = ATLTCREELLAP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for HQ\tcreel failed to contact the
active directory (0x8007054b). The specified domain either does not exist or could
not be contacted. Enrollment will not be performed.

Error - 2/23/2009 10:21:57 AM | Computer Name = ATLTCREELLAP | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 2/23/2009 01:52:09 PM | Computer Name = ATLTCREELLAP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/23/2009 01:53:29 PM | Computer Name = ATLTCREELLAP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/23/2009 01:53:57 PM | Computer Name = ATLTCREELLAP | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/23/2009 01:54:03 PM | Computer Name = ATLTCREELLAP | Source = UserInit | ID = 1000
Description = Could not execute the following script DisableIM.vbs. The system cannot
find the file specified. .

Error - 2/23/2009 01:54:03 PM | Computer Name = ATLTCREELLAP | Source = UserInit | ID = 1000
Description = Could not execute the following script GoogleAllowPopUps.vbs. The
system cannot find the file specified. .

Error - 2/23/2009 01:54:03 PM | Computer Name = ATLTCREELLAP | Source = UserInit | ID = 1000
Description = Could not execute the following script javasettings.vbs. The system
cannot find the file specified. .

Error - 2/23/2009 01:55:37 PM | Computer Name = ATLTCREELLAP | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for HQ\tcreel failed to contact the
active directory (0x8007054b). The specified domain either does not exist or could
not be contacted. Enrollment will not be performed.

[ System Events ]
Error - 12/22/2008 01:10:13 AM | Computer Name = ATLTCREELLAP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain HQ due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 12/22/2008 10:51:45 AM | Computer Name = ATLTCREELLAP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain HQ due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 12/23/2008 01:37:18 AM | Computer Name = ATLTCREELLAP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain HQ due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 12/23/2008 09:57:37 AM | Computer Name = ATLTCREELLAP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain HQ due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 12/23/2008 06:44:20 PM | Computer Name = ATLTCREELLAP | Source = PSched | ID = 14103
Description = QoS [Adapter {DAE6E940-BC57-49CB-90FC-8265DD6F0287}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 12/23/2008 07:41:43 PM | Computer Name = ATLTCREELLAP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain HQ due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 12/23/2008 07:45:57 PM | Computer Name = ATLTCREELLAP | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000005, parameter2 ba2f4371, parameter3
ba513954, parameter4 ba513650.

Error - 12/23/2008 08:54:40 PM | Computer Name = ATLTCREELLAP | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 12/23/2008 11:31:22 PM | Computer Name = ATLTCREELLAP | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 12/24/2008 01:48:25 PM | Computer Name = ATLTCREELLAP | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain HQ due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.


< End of report >

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 PM

Posted 24 February 2009 - 07:44 AM

man2know,

Are you able to connect to internet? In case you wanted to update an application? If yes does IE allows you to get to any web pages?

The computer is indeed infected. Some of the infections are removed but the rest is still on the system.

Before we proceed I need to clear something. It seems this is not a home computer:

* There is a proxy setting: hqisa01.hq.insight.com:8080. Then the setting is disabled and let to be overridden. This might be because the computer is used both at office and at home. But for me it is difficult to know who has disabled the setting, the user or the malware.
* This is the domain server: insight.com
* You are not logged in as administrator.
* There are restrictions set, probably some of them by the malware and some of them by the Administrator. It is difficult for me to distinguish between them and I don't want to mess up with the settings added by an Administrator.
* Most of the tools we use need administrator's privileges to be able to remove the infection.

So knowing all that, either the computer should be cleaned by your IT workers, or you should get administrative privileges to be able to clean the computer and should provide sufficient information on the above settings so that I can not only clean the computer but also remove the restrictions set by the malware without doing any harm to the settings added by the administrators or the script run by default.

Please be specific in you response.

#7 man2know

man2know
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 24 February 2009 - 10:31 AM

Hi,

If I select IE it will launch but goes to a search page with win32.dnschanger search results....

It does this if I try and open Control Panel, My Computer, pretty much anything.....some applications on my desktop will open, like Image Burn....which is how I was able to get a backup of my .pst file and Office docs.

Yes, this is a corp. work PC and set up to be used from both home and office....however, I work from home 99% of the time and connect in using a VPN connection....after running last know configuration yesterda, I was able to connect in and access my mail server, but not my company home page (InfoZone) when I try and launch IE.

Hey, let's do what we can....if we got to send it in, we send it in.....

Oh, one last thing....when I first ran my Trend Micro it found virus' and deleted most of them but was unable to delete some....I'll see if I can get that log and send it over.....ran Trend Micro several more times since this happened and it shows clean.....when I load SpySweeper from CD everything looks like it loads correctly, but when I try and open the app. I get a message saying the program has been damanged, please reload.

Thanks,

Terry

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 PM

Posted 24 February 2009 - 11:01 AM

Thanks for the information. To be frank I'm reluctant to do as the complications I mentioned makes it not so easy. Though I'm very cautious I might remove some restrictions or settings, as far as you work at home they should not negatively effect the working of the system, but I'm not sure how it would be if you use the computer at work.

However I am at work now and after 3-4 hours I send a reply with the initial fix.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 PM

Posted 24 February 2009 - 03:49 PM

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: 734914 helper - {0BD071A6-C989-49E8-9B8E-80F92A868E26} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Win32-DNSChanger - {930E7881-D9F3-4293-A24B-23A80C013378} - C:\WINDOWS\system32\fejokt.dll
    O3 - Toolbar: (no name) - {85BDD81D-31FD-4A6B-A73C-3955B128D2EC} - (no file)
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O15 - ESC Trusted Zone: http://runonce.msn.com
    O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
    O20 - Winlogon Notify: crypt - crypts.dll (file missing)
    O22 - SharedTaskScheduler: frizzed - {ecc974ae-6ede-44a2-90da-93b996d8eaf8} - (no file)


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Open a notepad (Start > Run and type in Notepad ) make sure the wordwrap under Format menu is not selected.
    Copy and paste the text in code box into it.

    REGEDIT4 
    
    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
    Page_Transitions"=dword:00000001
    
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Page_Transitions"=dword:00000001
    
    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Page_Transitions"=dword:00000001
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoFolderOptions"=-
    "NoDesktopCleanupWizard"=-
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "DisableRegistryTools"=-
    "HideLegacyLogonScripts"=-
    
    [HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoFolderOptions"=-
    "NoDesktopCleanupWizard"=-
    
    [HKEY_USERS\S-1-5-21-1348084339-127748045-929701000-74878\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "DisableRegistryTools"=-
    "HideLegacyLogonScripts"=-
    • Save the file to the desktop as regfix.reg
    • Make sure the Save as type field says All files.
    • Locate regfix.reg on the desktop and double-click on it and confirm.
    • A window pops up asking if you are sure to add the file to the registry. Click Yes.
    • You get another window popup saying that regfix.reg successfully added to the registry.
    Note: You have to turn off any registry protector software you have in order the changes to be taken place.

  • Restart the computer.

  • Please download, install, update and run MBAM. Additional instruction per PM.

    MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please copy and paste a fresh Hijackthis log to your reply.

Edited by farbar, 24 February 2009 - 04:05 PM.


#10 man2know

man2know
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 24 February 2009 - 08:18 PM

Hi farbar,

Malwarebytes log.....Thanks for all your help! Guess I'm in the clear....

Thanks again.....Terry


Malwarebytes' Anti-Malware 1.34
Database version: 1800
Windows 5.1.2600 Service Pack 2

2/24/2009 07:49:03 PM
mbam-log-2009-02-24 (19-49-03).txt

Scan type: Quick Scan
Objects scanned: 120081
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 7
Files Infected: 56

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\UACxmttabwq.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\lmaspois (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lmaspois.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7a85cdf5-284b-4496-a9a7-dd82fee9dcec} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fcd4b2f5-8793-4e1f-8774-6e520cf6cd79} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a8954909-1f0f-41a5-a7fa-3b376d69e226} (Rogue.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0bd071a6-c989-49e8-9b8e-80f92a868e26} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e2090673-256b-4632-94ee-fec7f551543c} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{930e7881-d9f3-4293-a24b-23a80c013378} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{85bdd81d-31fd-4a6b-a73c-3955b128d2ec} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\734914 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
\\?\globalroot\systemroot\system32\UACxmttabwq.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACsnppeysw.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACvpaievcv.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACmckbgsur.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACqeuhuymd.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACrbnepyme.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACwtvgodwb.dll (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\UACxmttabwq.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\UACnaplodkj.sys (Rootkit.TDSS) -> Delete on reboot.
C:\WINDOWS\system32\drivers\UACtetsayla.sys (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\tcreel\Local Settings\Temp\UAC3bb5.tmp (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090214202440062.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090215001930203.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090215003025328.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090215100624265.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sf.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m3.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\p.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\s.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\ios.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\services.001 (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\etc\services.archive (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UACjpbntnbo.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACaarwhgfc.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACbanirwrg.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACcraggdvy.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACcssgvjun.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACecevaxjn.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACeegffsuk.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACeulhxghi.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACfhpqivla.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UAChpyaanhm.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACjeaqqmgh.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACrmrhtkce.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACsrirasta.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACtfqeamqd.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACucyssvaf.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACugtahgyt.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACuhrhoerh.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACvkyiuxxt.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACjpoukggj.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACkkmcphnp.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UAClgbtoogj.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACltxbtgax.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACmjqvuigm.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACmowjdcex.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACmppwnmwm.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACnfqruejp.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACqtwdctql.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACriyqtmbo.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACrmphqfvl.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACxxpdadbf.log (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\UACyobcjqxa.log (Trojan.Agent) -> Delete on reboot.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 PM

Posted 24 February 2009 - 08:24 PM

Thanks for the log.

C:\WINDOWS\system32\UACsnppeysw.dll (Trojan.TDSS) -> Delete on reboot.


I will feel safer if you reboot and get the log after reboot. Those files should be deleted after reboot. Until we get a clean log of MBAM it is not safe.
So please reboot and get the log after reboot. It should be under Logs tab.

Edited by farbar, 24 February 2009 - 08:25 PM.


#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:39 PM

Posted 24 February 2009 - 08:33 PM

Please don't miss my previous post. We want to get a clean MBAM log, no more deletion on reboot, even if you have to run it again.

Also post a fresh hijackthis log.

Tell me if you get any error at startup, and any problem you are still having.

We are going to do one more fix tomorrow after I saw those logs. Now I'm going to get some sleep.

#13 man2know

man2know
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 24 February 2009 - 09:39 PM

Please don't miss my previous post. We want to get a clean MBAM log, no more deletion on reboot, even if you have to run it again.

Also post a fresh hijackthis log.

Tell me if you get any error at startup, and any problem you are still having.

We are going to do one more fix tomorrow after I saw those logs. Now I'm going to get some sleep.



#14 man2know

man2know
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 24 February 2009 - 09:40 PM

Please don't miss my previous post. We want to get a clean MBAM log, no more deletion on reboot, even if you have to run it again.

Also post a fresh hijackthis log.

Tell me if you get any error at startup, and any problem you are still having.

We are going to do one more fix tomorrow after I saw those logs. Now I'm going to get some sleep.



#15 man2know

man2know
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:39 AM

Posted 24 February 2009 - 09:51 PM

Please don't miss my previous post. We want to get a clean MBAM log, no more deletion on reboot, even if you have to run it again.

Also post a fresh hijackthis log.

Tell me if you get any error at startup, and any problem you are still having.

We are going to do one more fix tomorrow after I saw those logs. Now I'm going to get some sleep.



Rebooted per your request and posted the log....had been waiting for the full scann to complete....no objectes infected....Terry

Malwarebytes' Anti-Malware 1.34
Database version: 1800
Windows 5.1.2600 Service Pack 2

2/24/2009 09:35:33 PM
mbam-log-2009-02-24 (21-35-33).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 201896
Time elapsed: 1 hour(s), 10 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users