Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Popclick net infection...


  • This topic is locked This topic is locked
6 replies to this topic

#1 Fracion

Fracion

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 26 January 2012 - 01:19 PM

I was alerted to the virus when task mgr was disabled and also it also disabled the symantec av that was installed on the laptop. I tried to remove it by running in safe mode and took a look through registry and didnt find anything. GMER freezes up when I tried to save the log so I cant post the logs from GMER. I also ran defog in order to disable the cd emulation.

Ran TDSS as per forum ijnstructions and here is the results:

11:01:14.0705 1856 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
11:01:16.0017 1856 ============================================================
11:01:16.0017 1856 Current date / time: 2012/01/23 11:01:16.0017
11:01:16.0017 1856 SystemInfo:
11:01:16.0017 1856
11:01:16.0017 1856 OS Version: 5.1.2600 ServicePack: 3.0
11:01:16.0017 1856 Product type: Workstation
11:01:16.0017 1856 ComputerName: NJ-WEN-JMILLER2
11:01:16.0017 1856 UserName: JMiller
11:01:16.0017 1856 Windows directory: C:\WINDOWS
11:01:16.0017 1856 System windows directory: C:\WINDOWS
11:01:16.0017 1856 Processor architecture: Intel x86
11:01:16.0017 1856 Number of processors: 2
11:01:16.0017 1856 Page size: 0x1000
11:01:16.0017 1856 Boot type: Normal boot
11:01:16.0017 1856 ============================================================
11:01:16.0642 1856 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:01:16.0658 1856 Drive \Device\Harddisk1\DR3 - Size: 0xF3630000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1F0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:01:16.0705 1856 Initialize success
11:01:26.0845 2588 ============================================================
11:01:26.0845 2588 Scan started
11:01:26.0845 2588 Mode: Manual; SigCheck; TDLFS;
11:01:26.0845 2588 ============================================================
11:01:27.0439 2588 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
11:01:27.0908 2588 a2acc - ok
11:01:28.0048 2588 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
11:01:28.0064 2588 A2DDA - ok
11:01:28.0173 2588 Abiosdsk - ok
11:01:28.0220 2588 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
11:01:29.0626 2588 abp480n5 - ok
11:01:29.0798 2588 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
11:01:30.0283 2588 ac97intc - ok
11:01:30.0486 2588 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:01:31.0064 2588 ACPI - ok
11:01:31.0236 2588 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
11:01:31.0720 2588 ACPIEC - ok
11:01:31.0923 2588 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
11:01:32.0361 2588 adpu160m - ok
11:01:32.0548 2588 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:01:33.0236 2588 aec - ok
11:01:33.0423 2588 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:01:33.0548 2588 AFD - ok
11:01:33.0611 2588 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
11:01:33.0986 2588 agp440 - ok
11:01:34.0173 2588 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
11:01:34.0595 2588 agpCPQ - ok
11:01:34.0751 2588 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
11:01:35.0095 2588 Aha154x - ok
11:01:35.0251 2588 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
11:01:35.0736 2588 aic78u2 - ok
11:01:35.0908 2588 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
11:01:36.0314 2588 aic78xx - ok
11:01:36.0501 2588 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
11:01:36.0986 2588 AliIde - ok
11:01:37.0173 2588 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
11:01:37.0548 2588 alim1541 - ok
11:01:37.0767 2588 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
11:01:38.0314 2588 amdagp - ok
11:01:38.0486 2588 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
11:01:38.0845 2588 amsint - ok
11:01:39.0048 2588 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
11:01:39.0080 2588 ANC ( UnsignedFile.Multi.Generic ) - warning
11:01:39.0080 2588 ANC - detected UnsignedFile.Multi.Generic (1)
11:01:39.0126 2588 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:01:39.0501 2588 Arp1394 - ok
11:01:39.0673 2588 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
11:01:40.0142 2588 asc - ok
11:01:40.0330 2588 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
11:01:40.0720 2588 asc3350p - ok
11:01:40.0892 2588 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
11:01:41.0314 2588 asc3550 - ok
11:01:41.0455 2588 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys
11:01:41.0455 2588 ASMMAP - ok
11:01:41.0658 2588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:01:42.0080 2588 AsyncMac - ok
11:01:42.0251 2588 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:01:42.0689 2588 atapi - ok
11:01:42.0814 2588 Atdisk - ok
11:01:42.0861 2588 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:01:43.0455 2588 Atmarpc - ok
11:01:43.0642 2588 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:01:44.0064 2588 audstub - ok
11:01:44.0236 2588 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:01:44.0751 2588 Beep - ok
11:01:44.0767 2588 catchme - ok
11:01:44.0908 2588 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
11:01:45.0361 2588 cbidf - ok
11:01:45.0533 2588 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:01:45.0970 2588 cbidf2k - ok
11:01:46.0142 2588 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
11:01:46.0501 2588 cd20xrnt - ok
11:01:46.0658 2588 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:01:47.0205 2588 Cdaudio - ok
11:01:47.0392 2588 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:01:47.0923 2588 Cdfs - ok
11:01:48.0095 2588 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:01:48.0517 2588 Cdrom - ok
11:01:48.0658 2588 Changer - ok
11:01:48.0736 2588 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:01:49.0142 2588 CmBatt - ok
11:01:49.0314 2588 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
11:01:49.0923 2588 CmdIde - ok
11:01:50.0095 2588 CnxtHdAudService (74d5c90052e936622e077d94121ec2c9) C:\WINDOWS\system32\drivers\CHDAU32.sys
11:01:50.0205 2588 CnxtHdAudService - ok
11:01:50.0392 2588 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:01:50.0908 2588 Compbatt - ok
11:01:51.0095 2588 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
11:01:51.0486 2588 Cpqarray - ok
11:01:51.0705 2588 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
11:01:51.0767 2588 CVirtA - ok
11:01:51.0830 2588 CVPNDRVA (03516f6d3b8c91c919de622196a84bce) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
11:01:51.0892 2588 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
11:01:51.0892 2588 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
11:01:52.0048 2588 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
11:01:52.0455 2588 dac2w2k - ok
11:01:52.0642 2588 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
11:01:53.0173 2588 dac960nt - ok
11:01:53.0376 2588 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:01:53.0861 2588 Disk - ok
11:01:54.0017 2588 DLABMFSM (5b149ccfe275f4de0b4b8ec6b9f6821e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS
11:01:54.0033 2588 DLABMFSM - ok
11:01:54.0048 2588 DLABOIOM (ad4cb3d783634c90a9d0ce360933a63c) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
11:01:54.0064 2588 DLABOIOM - ok
11:01:54.0126 2588 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
11:01:54.0142 2588 DLACDBHM - ok
11:01:54.0236 2588 DLADResM (93d03238cc3f0ee3c0b3985d110ec575) C:\WINDOWS\system32\DLA\DLADResM.SYS
11:01:54.0251 2588 DLADResM - ok
11:01:54.0267 2588 DLAIFS_M (6a82f77c4a6f5235bf352f0028e2ef52) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
11:01:54.0283 2588 DLAIFS_M - ok
11:01:54.0298 2588 DLAOPIOM (0e6052c0ada37504896a847231a3907d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
11:01:54.0298 2588 DLAOPIOM - ok
11:01:54.0314 2588 DLAPoolM (29670bb4e2b973c5b55a76107d4910b2) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
11:01:54.0330 2588 DLAPoolM - ok
11:01:54.0345 2588 DLARTL_M (77fe51f0f8d86804cb81f6ef6bfb86dd) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
11:01:54.0345 2588 DLARTL_M - ok
11:01:54.0361 2588 DLAUDFAM (6b087732b86c1d866d69dbbe463ea90a) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
11:01:54.0376 2588 DLAUDFAM - ok
11:01:54.0392 2588 DLAUDF_M (bbeecb95f2841ae4a3e3690d46d7153d) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
11:01:54.0408 2588 DLAUDF_M - ok
11:01:54.0564 2588 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:01:55.0033 2588 dmboot - ok
11:01:55.0236 2588 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:01:55.0689 2588 dmio - ok
11:01:55.0845 2588 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:01:56.0267 2588 dmload - ok
11:01:56.0470 2588 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:01:56.0939 2588 DMusic - ok
11:01:57.0126 2588 DNE (8101650993b2f79118d2bf24402c390d) C:\WINDOWS\system32\DRIVERS\dne2000.sys
11:01:57.0142 2588 DNE - ok
11:01:57.0173 2588 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
11:01:57.0595 2588 dpti2o - ok
11:01:57.0783 2588 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:01:58.0376 2588 drmkaud - ok
11:01:58.0564 2588 DRVMCDB (83106585494d5eb96f59187200c144bd) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
11:01:58.0580 2588 DRVMCDB - ok
11:01:58.0595 2588 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
11:01:58.0611 2588 DRVNDDM - ok
11:01:58.0642 2588 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:01:59.0080 2588 E100B - ok
11:01:59.0251 2588 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
11:01:59.0267 2588 eeCtrl - ok
11:01:59.0283 2588 EraserUtilRebootDrv - ok
11:01:59.0486 2588 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:01:59.0923 2588 Fastfat - ok
11:02:00.0111 2588 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:02:00.0517 2588 Fdc - ok
11:02:00.0720 2588 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:02:01.0376 2588 Fips - ok
11:02:01.0564 2588 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:02:01.0986 2588 Flpydisk - ok
11:02:02.0173 2588 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:02:02.0595 2588 FltMgr - ok
11:02:02.0783 2588 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:02:03.0298 2588 Fs_Rec - ok
11:02:03.0501 2588 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:02:04.0033 2588 Ftdisk - ok
11:02:04.0251 2588 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:02:04.0705 2588 Gpc - ok
11:02:04.0970 2588 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:02:05.0376 2588 HDAudBus - ok
11:02:05.0580 2588 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:02:06.0236 2588 HidUsb - ok
11:02:06.0423 2588 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
11:02:06.0892 2588 hpn - ok
11:02:07.0080 2588 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
11:02:07.0205 2588 HPZid412 - ok
11:02:07.0392 2588 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
11:02:07.0439 2588 HPZipr12 - ok
11:02:07.0470 2588 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
11:02:07.0548 2588 HPZius12 - ok
11:02:07.0736 2588 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
11:02:07.0830 2588 HSFHWAZL - ok
11:02:07.0876 2588 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
11:02:08.0126 2588 HSF_DPV - ok
11:02:08.0361 2588 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:02:08.0439 2588 HTTP - ok
11:02:08.0533 2588 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
11:02:08.0986 2588 i2omgmt - ok
11:02:09.0189 2588 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
11:02:09.0626 2588 i2omp - ok
11:02:09.0861 2588 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:02:10.0283 2588 i8042prt - ok
11:02:10.0517 2588 ialm (dcdb539f75beeff931cdc8e5bb6e1566) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:02:10.0673 2588 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\igxpmp32.sys. Real md5: dcdb539f75beeff931cdc8e5bb6e1566, Fake md5: f592a1b020723cfbd3d2722514066449
11:02:10.0705 2588 ialm ( ForgedFile.Multi.Generic ) - warning
11:02:10.0705 2588 ialm - detected ForgedFile.Multi.Generic (1)
11:02:10.0923 2588 iaStor (9f1220113a3a7f4f08042c699324d073) C:\WINDOWS\system32\DRIVERS\iaStor.sys
11:02:10.0955 2588 iaStor - ok
11:02:11.0080 2588 IBMPMDRV (4a8ab38fdf3649c1fe3e9d16bf79927d) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
11:02:11.0095 2588 IBMPMDRV - ok
11:02:11.0205 2588 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
11:02:11.0236 2588 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
11:02:11.0236 2588 IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
11:02:11.0251 2588 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:02:11.0642 2588 Imapi - ok
11:02:11.0830 2588 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
11:02:12.0220 2588 ini910u - ok
11:02:12.0423 2588 IntcHdmiAddService (331244286fa249f2456e6d78fda4a93e) C:\WINDOWS\system32\drivers\IntcHdmi.sys
11:02:12.0501 2588 IntcHdmiAddService - ok
11:02:12.0564 2588 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
11:02:13.0001 2588 IntelIde - ok
11:02:13.0173 2588 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:02:13.0626 2588 intelppm - ok
11:02:13.0783 2588 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:02:14.0189 2588 Ip6Fw - ok
11:02:14.0376 2588 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:02:14.0830 2588 IpFilterDriver - ok
11:02:15.0048 2588 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:02:15.0517 2588 IpInIp - ok
11:02:15.0720 2588 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:02:16.0142 2588 IpNat - ok
11:02:16.0345 2588 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:02:16.0939 2588 IPSec - ok
11:02:17.0111 2588 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:02:17.0501 2588 IRENUM - ok
11:02:17.0720 2588 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:02:18.0267 2588 isapnp - ok
11:02:18.0486 2588 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:02:18.0986 2588 Kbdclass - ok
11:02:19.0189 2588 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:02:19.0580 2588 kmixer - ok
11:02:19.0798 2588 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:02:19.0923 2588 KSecDD - ok
11:02:19.0939 2588 lbrtfdc - ok
11:02:20.0033 2588 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
11:02:20.0064 2588 LMIInfo - ok
11:02:20.0267 2588 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
11:02:20.0283 2588 lmimirr - ok
11:02:20.0298 2588 LMIRfsClientNP - ok
11:02:20.0330 2588 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
11:02:20.0345 2588 LMIRfsDriver - ok
11:02:20.0392 2588 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:02:20.0470 2588 mdmxsdk - ok
11:02:20.0658 2588 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:02:21.0095 2588 mnmdd - ok
11:02:21.0298 2588 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:02:21.0830 2588 Modem - ok
11:02:21.0986 2588 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:02:22.0455 2588 Mouclass - ok
11:02:22.0580 2588 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:02:23.0142 2588 mouhid - ok
11:02:23.0314 2588 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:02:23.0751 2588 MountMgr - ok
11:02:23.0908 2588 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
11:02:24.0298 2588 mraid35x - ok
11:02:24.0470 2588 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:02:24.0955 2588 MRxDAV - ok
11:02:25.0173 2588 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:02:25.0283 2588 MRxSmb - ok
11:02:25.0470 2588 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:02:26.0033 2588 Msfs - ok
11:02:26.0205 2588 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:02:26.0595 2588 MSKSSRV - ok
11:02:26.0783 2588 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:02:27.0158 2588 MSPCLOCK - ok
11:02:27.0345 2588 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:02:27.0783 2588 MSPQM - ok
11:02:27.0986 2588 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:02:28.0455 2588 mssmbios - ok
11:02:28.0658 2588 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\A0101X32.sys
11:02:28.0736 2588 MTsensor - ok
11:02:28.0798 2588 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:02:28.0861 2588 Mup - ok
11:02:29.0033 2588 NAVENG (7eea0e2634fde3c645c9a6d424825261) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100324.022\NAVENG.SYS
11:02:29.0064 2588 NAVENG - ok
11:02:29.0111 2588 NAVEX15 (83c4db2927a4e871cbf2078b6eed1beb) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100324.022\NAVEX15.SYS
11:02:29.0189 2588 NAVEX15 - ok
11:02:29.0392 2588 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:02:29.0861 2588 NDIS - ok
11:02:30.0048 2588 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:02:30.0173 2588 NdisTapi - ok
11:02:30.0220 2588 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:02:30.0642 2588 Ndisuio - ok
11:02:30.0830 2588 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:02:31.0251 2588 NdisWan - ok
11:02:31.0455 2588 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:02:31.0533 2588 NDProxy - ok
11:02:31.0595 2588 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:02:32.0048 2588 NetBIOS - ok
11:02:32.0251 2588 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:02:32.0798 2588 NetBT - ok
11:02:32.0986 2588 NETw5x32 (e1011641e3fbe7f0fa8438d57e0707da) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
11:02:33.0095 2588 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\NETw5x32.sys. Real md5: e1011641e3fbe7f0fa8438d57e0707da, Fake md5: aa88346ab7849a1cb34bd3424febfece
11:02:33.0111 2588 NETw5x32 ( ForgedFile.Multi.Generic ) - warning
11:02:33.0111 2588 NETw5x32 - detected ForgedFile.Multi.Generic (1)
11:02:33.0330 2588 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:02:33.0798 2588 NIC1394 - ok
11:02:33.0986 2588 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:02:34.0408 2588 Npfs - ok
11:02:34.0626 2588 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:02:35.0220 2588 Ntfs - ok
11:02:35.0423 2588 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:02:35.0970 2588 Null - ok
11:02:36.0189 2588 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:02:36.0673 2588 nv - ok
11:02:36.0923 2588 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:02:37.0361 2588 NwlnkFlt - ok
11:02:37.0548 2588 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:02:38.0064 2588 NwlnkFwd - ok
11:02:38.0251 2588 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:02:38.0626 2588 ohci1394 - ok
11:02:38.0814 2588 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
11:02:39.0392 2588 Parport - ok
11:02:39.0595 2588 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:02:39.0986 2588 PartMgr - ok
11:02:40.0158 2588 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:02:40.0564 2588 ParVdm - ok
11:02:40.0783 2588 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
11:02:41.0189 2588 PCI - ok
11:02:41.0345 2588 PCIDump - ok
11:02:41.0376 2588 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:02:41.0830 2588 PCIIde - ok
11:02:42.0033 2588 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:02:42.0423 2588 Pcmcia - ok
11:02:42.0580 2588 PDCOMP - ok
11:02:42.0595 2588 PDFRAME - ok
11:02:42.0642 2588 PDRELI - ok
11:02:42.0673 2588 PDRFRAME - ok
11:02:42.0705 2588 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
11:02:43.0220 2588 perc2 - ok
11:02:43.0408 2588 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
11:02:43.0892 2588 perc2hib - ok
11:02:44.0095 2588 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
11:02:44.0111 2588 pmem ( UnsignedFile.Multi.Generic ) - warning
11:02:44.0111 2588 pmem - detected UnsignedFile.Multi.Generic (1)
11:02:44.0173 2588 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:02:44.0580 2588 PptpMiniport - ok
11:02:44.0783 2588 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
11:02:45.0189 2588 Processor - ok
11:02:45.0392 2588 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
11:02:45.0408 2588 psadd - ok
11:02:45.0470 2588 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:02:45.0970 2588 PSched - ok
11:02:46.0173 2588 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:02:46.0580 2588 Ptilink - ok
11:02:46.0783 2588 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
11:02:46.0798 2588 PxHelp20 - ok
11:02:46.0845 2588 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
11:02:47.0283 2588 ql1080 - ok
11:02:47.0470 2588 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
11:02:47.0955 2588 Ql10wnt - ok
11:02:48.0173 2588 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
11:02:48.0689 2588 ql12160 - ok
11:02:48.0876 2588 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
11:02:49.0283 2588 ql1240 - ok
11:02:49.0470 2588 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
11:02:50.0033 2588 ql1280 - ok
11:02:50.0236 2588 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:02:50.0689 2588 RasAcd - ok
11:02:50.0892 2588 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:02:51.0267 2588 Rasl2tp - ok
11:02:51.0486 2588 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:02:52.0033 2588 RasPppoe - ok
11:02:52.0236 2588 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:02:52.0689 2588 Raspti - ok
11:02:52.0892 2588 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:02:53.0330 2588 Rdbss - ok
11:02:53.0533 2588 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:02:54.0001 2588 RDPCDD - ok
11:02:54.0205 2588 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:02:54.0580 2588 rdpdr - ok
11:02:54.0876 2588 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:02:54.0955 2588 RDPWD - ok
11:02:55.0033 2588 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:02:55.0564 2588 redbook - ok
11:02:55.0783 2588 rimmptsk (a5b12a4b3b774432db9b9fa221190e59) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
11:02:55.0908 2588 rimmptsk - ok
11:02:55.0955 2588 rimsptsk (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:02:56.0001 2588 rimsptsk - ok
11:02:56.0017 2588 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
11:02:56.0064 2588 rismxdp - ok
11:02:56.0283 2588 RTLE8023xp (76b0d8ea66af27b1492f70b7d8f8a320) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
11:02:56.0330 2588 RTLE8023xp - ok
11:02:56.0376 2588 s24trans (87940243ea2ad3ebe274f5409c5e9072) C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:02:56.0439 2588 s24trans - ok
11:02:56.0501 2588 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:02:56.0923 2588 sdbus - ok
11:02:57.0126 2588 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:02:57.0548 2588 Secdrv - ok
11:02:57.0751 2588 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:02:58.0267 2588 serenum - ok
11:02:58.0470 2588 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:02:58.0970 2588 Serial - ok
11:02:59.0158 2588 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
11:02:59.0564 2588 sffdisk - ok
11:02:59.0751 2588 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
11:03:00.0173 2588 sffp_sd - ok
11:03:00.0345 2588 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:03:00.0830 2588 Sfloppy - ok
11:03:01.0048 2588 Shockprf (1310c5e81966e86b2ced7ae8ce3d74f1) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
11:03:01.0064 2588 Shockprf - ok
11:03:01.0064 2588 Simbad - ok
11:03:01.0111 2588 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
11:03:01.0501 2588 sisagp - ok
11:03:01.0611 2588 SMNDIS5 (4ef5ea44583c37383c289d4b8c354698) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS
11:03:01.0642 2588 SMNDIS5 ( UnsignedFile.Multi.Generic ) - warning
11:03:01.0642 2588 SMNDIS5 - detected UnsignedFile.Multi.Generic (1)
11:03:01.0830 2588 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
11:03:02.0158 2588 Sparrow - ok
11:03:02.0361 2588 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:03:02.0798 2588 splitter - ok
11:03:03.0001 2588 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:03:03.0548 2588 sr - ok
11:03:03.0767 2588 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:03:03.0892 2588 Srv - ok
11:03:04.0095 2588 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:03:04.0486 2588 swenum - ok
11:03:04.0689 2588 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:03:05.0095 2588 swmidi - ok
11:03:05.0298 2588 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
11:03:05.0798 2588 symc810 - ok
11:03:06.0001 2588 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
11:03:06.0455 2588 symc8xx - ok
11:03:06.0658 2588 SymEvent (4517bd567d4eab459194feccfa654a51) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
11:03:06.0673 2588 SymEvent - ok
11:03:06.0720 2588 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
11:03:07.0126 2588 sym_hi - ok
11:03:07.0314 2588 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
11:03:07.0814 2588 sym_u3 - ok
11:03:08.0017 2588 SynTP (5b2b0ec5b08aec3cf3c8e41a28a51a4e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:03:08.0111 2588 SynTP - ok
11:03:08.0158 2588 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:03:08.0580 2588 sysaudio - ok
11:03:09.0017 2588 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:03:09.0267 2588 Tcpip - ok
11:03:09.0580 2588 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:03:10.0642 2588 TDPIPE - ok
11:03:10.0814 2588 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:03:11.0392 2588 TDTCP - ok
11:03:11.0580 2588 Teefer2 (043a9cde84e4bff3cf8040dae4c4cd24) C:\WINDOWS\system32\DRIVERS\teefer2.sys
11:03:11.0595 2588 Teefer2 - ok
11:03:11.0673 2588 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:03:12.0158 2588 TermDD - ok
11:03:12.0361 2588 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
11:03:12.0830 2588 TosIde - ok
11:03:13.0048 2588 TPDIGIMN (d7a29e343632e2fc5f7ebfc886f12675) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
11:03:13.0080 2588 TPDIGIMN - ok
11:03:13.0142 2588 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
11:03:13.0205 2588 TPHKDRV - ok
11:03:13.0251 2588 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
11:03:13.0283 2588 TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
11:03:13.0283 2588 TPPWRIF - detected UnsignedFile.Multi.Generic (1)
11:03:13.0439 2588 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
11:03:13.0455 2588 TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
11:03:13.0455 2588 TSMAPIP - detected UnsignedFile.Multi.Generic (1)
11:03:13.0501 2588 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys
11:03:13.0580 2588 tvtfilter - ok
11:03:13.0642 2588 tvtumon (a6e0aafbe64592871f9a9f38a61c1fa5) C:\WINDOWS\system32\DRIVERS\tvtumon.sys
11:03:13.0658 2588 tvtumon - ok
11:03:13.0845 2588 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:03:14.0236 2588 Udfs - ok
11:03:14.0423 2588 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
11:03:14.0923 2588 ultra - ok
11:03:15.0126 2588 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:03:15.0626 2588 Update - ok
11:03:15.0798 2588 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:03:16.0189 2588 usbccgp - ok
11:03:16.0423 2588 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:03:16.0939 2588 usbehci - ok
11:03:17.0142 2588 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:03:17.0548 2588 usbhub - ok
11:03:17.0736 2588 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:03:18.0267 2588 usbprint - ok
11:03:18.0439 2588 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:03:18.0876 2588 usbscan - ok
11:03:19.0048 2588 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:03:19.0501 2588 USBSTOR - ok
11:03:19.0705 2588 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:03:20.0126 2588 usbuhci - ok
11:03:20.0314 2588 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:03:20.0767 2588 VgaSave - ok
11:03:20.0955 2588 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
11:03:21.0345 2588 viaagp - ok
11:03:21.0517 2588 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
11:03:22.0080 2588 ViaIde - ok
11:03:22.0283 2588 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:03:22.0689 2588 VolSnap - ok
11:03:22.0830 2588 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
11:03:22.0861 2588 vsdatant - ok
11:03:23.0017 2588 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:03:23.0486 2588 Wanarp - ok
11:03:23.0642 2588 wanatw - ok
11:03:23.0658 2588 WDICA - ok
11:03:23.0720 2588 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:03:24.0173 2588 wdmaud - ok
11:03:24.0408 2588 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
11:03:24.0501 2588 winachsf - ok
11:03:24.0736 2588 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:03:24.0908 2588 WpdUsb - ok
11:03:25.0095 2588 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:03:25.0548 2588 WS2IFSL - ok
11:03:25.0751 2588 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:03:25.0845 2588 WudfPf - ok
11:03:25.0908 2588 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:03:25.0939 2588 WudfRd - ok
11:03:26.0017 2588 MBR (0x1B8) (576a91b2ff86a0130581dca3638ec8ee) \Device\Harddisk0\DR0
11:03:26.0064 2588 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:03:26.0064 2588 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:03:26.0080 2588 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
11:03:26.0173 2588 \Device\Harddisk1\DR3 - ok
11:03:26.0173 2588 Boot (0x1200) (6d5e7c20a08420487488032ae9db3376) \Device\Harddisk0\DR0\Partition0
11:03:26.0189 2588 \Device\Harddisk0\DR0\Partition0 - ok
11:03:26.0189 2588 Boot (0x1200) (9e2b43070968db760bdad822e723af5d) \Device\Harddisk1\DR3\Partition0
11:03:26.0189 2588 \Device\Harddisk1\DR3\Partition0 - ok
11:03:26.0189 2588 ============================================================
11:03:26.0189 2588 Scan finished
11:03:26.0189 2588 ============================================================
11:03:26.0298 3572 Detected object count: 10
11:03:26.0298 3572 Actual detected object count: 10
11:04:29.0439 3572 ANC ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:29.0439 3572 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:29.0455 3572 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:29.0455 3572 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:29.0455 3572 ialm ( ForgedFile.Multi.Generic ) - skipped by user
11:04:29.0455 3572 ialm ( ForgedFile.Multi.Generic ) - User select action: Skip
11:04:29.0455 3572 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:29.0455 3572 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:29.0455 3572 NETw5x32 ( ForgedFile.Multi.Generic ) - skipped by user
11:04:29.0455 3572 NETw5x32 ( ForgedFile.Multi.Generic ) - User select action: Skip
11:04:29.0455 3572 pmem ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:29.0455 3572 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:29.0455 3572 SMNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:29.0455 3572 SMNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:29.0455 3572 TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:29.0455 3572 TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:29.0455 3572 TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
11:04:29.0455 3572 TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:04:29.0470 3572 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:04:29.0470 3572 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:04:31.0767 3380 Deinitialize success

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:04 AM

Posted 29 January 2012 - 10:12 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Fracion

Fracion
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 30 January 2012 - 09:14 AM

OTL TEXT

OTL logfile created on: 1/30/2012 8:22:15 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\jmiller.BRIAD.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.23 Mb Total Physical Memory | 386.26 Mb Available Physical Memory | 39.05% Memory free
2.33 Gb Paging File | 1.89 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.15 Gb Total Space | 99.26 Gb Free Space | 69.34% Space Free | Partition Type: NTFS
Drive E: | 3.80 Gb Total Space | 3.68 Gb Free Space | 96.86% Space Free | Partition Type: FAT32

Computer Name: JMILLER | User Name: JMiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/17 00:18:20 | 000,046,080 | --S- | M] () -- C:\DOCUME~1\JMILLE~1.000\LOCALS~1\Temp\svchost.exe
PRC - [2012/01/17 00:18:20 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\winlogon.scr
PRC - [2012/01/09 08:41:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\OTL.exe
PRC - [2011/12/15 20:39:53 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\RaMaint.exe
PRC - [2011/12/15 20:39:30 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/04/18 13:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\program files\lenovo\system update\suservice.exe
PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/26 11:48:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2008/09/27 01:24:34 | 000,090,112 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008/09/27 01:24:14 | 000,135,168 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008/09/27 01:23:08 | 000,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/09/27 01:21:16 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2008/09/27 01:17:14 | 000,143,360 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008/08/20 19:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 19:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 19:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 00:53:12 | 000,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Zoom\TpScrex.exe
PRC - [2008/07/30 14:00:00 | 000,060,192 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
PRC - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2008/06/08 13:00:00 | 000,165,208 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
PRC - [2008/06/08 13:00:00 | 000,124,248 | ---- | M] (Lenovo Group Limited) -- C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe
PRC - [2008/06/04 12:36:00 | 000,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
PRC - [2008/05/14 19:25:12 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/09 08:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2008/04/15 23:38:24 | 000,315,392 | R--- | M] (Lenovo) -- C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe
PRC - [2008/04/13 19:12:40 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/04/10 01:56:00 | 000,122,880 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/03/24 00:41:22 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/03/23 20:15:06 | 000,064,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe
PRC - [2008/03/20 00:46:46 | 000,077,824 | R--- | M] (ATK0101) -- C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe
PRC - [2008/03/20 00:46:44 | 000,208,896 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
PRC - [2007/10/30 14:35:20 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/10 09:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/17 00:18:20 | 000,046,080 | --S- | M] () -- C:\DOCUME~1\JMILLE~1.000\LOCALS~1\Temp\svchost.exe
MOD - [2012/01/17 00:18:20 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\winlogon.scr
MOD - [2012/01/07 17:07:43 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/13 02:12:08 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/13 02:12:01 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011/10/13 02:09:08 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 02:09:03 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:08:52 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll
MOD - [2011/10/13 02:07:36 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 02:07:29 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2008/10/26 11:48:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2008/10/26 11:48:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
MOD - [2008/10/26 11:48:00 | 000,045,056 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2008/09/27 01:15:52 | 000,229,376 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll
MOD - [2008/09/27 01:15:48 | 000,039,936 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll
MOD - [2008/09/27 01:15:46 | 000,036,352 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll
MOD - [2008/08/20 19:10:50 | 000,200,704 | ---- | M] () -- C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
MOD - [2008/05/14 19:25:12 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
MOD - [2008/05/14 19:08:56 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2008/05/14 19:08:56 | 000,139,264 | ---- | M] () -- c:\Program Files\Common Files\Lenovo\CDRecord.dll
MOD - [2008/04/13 19:12:40 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
MOD - [2008/04/13 19:12:08 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll
MOD - [2008/03/20 00:46:44 | 000,208,896 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe
MOD - [2007/10/30 14:35:20 | 000,094,208 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe
MOD - [2007/06/18 19:28:44 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL
MOD - [2007/03/09 19:16:52 | 000,106,496 | R--- | M] () -- C:\Program Files\Lenovo\ATK Hotkey\AGFNEX.dll
MOD - [2006/11/10 09:46:36 | 000,197,680 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/12/15 20:39:53 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/15 20:39:30 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/04/18 13:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\program files\lenovo\system update\suservice.exe -- (SUService)
SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/10/26 11:48:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2008/09/27 01:24:34 | 000,090,112 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/09/27 01:23:08 | 000,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008/08/20 19:38:30 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 19:18:34 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 19:08:02 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/06/13 20:29:44 | 000,746,808 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2008/05/14 19:25:12 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/09 08:50:46 | 000,253,952 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/04/25 11:18:10 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2008/04/25 11:18:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2008/04/25 11:16:04 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/04/25 11:15:58 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/04/25 11:15:24 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/03/20 00:46:44 | 000,208,896 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\LFKAS.exe -- (LFKAS)
SRV - [2007/10/30 14:35:20 | 000,094,208 | R--- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/11 19:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/10 09:46:26 | 001,504,304 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)


========== Driver Services (SafeList) ==========

DRV - [2011/12/15 20:39:30 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/02/04 04:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100324.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/04 04:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100324.022\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/27 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/03/25 09:37:36 | 000,136,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/02/12 06:06:18 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\psadd.sys -- (psadd)
DRV - [2008/10/26 11:48:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Tppwrif.sys -- (TPPWRIF)
DRV - [2008/08/29 02:34:30 | 003,632,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - [2008/08/04 14:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - [2008/07/30 14:00:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2008/06/12 03:38:52 | 000,764,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2008/05/14 19:21:16 | 000,114,728 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2008/05/14 19:21:16 | 000,019,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2008/05/12 23:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/05/09 08:50:48 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\tvtumon.sys -- (tvtumon)
DRV - [2008/04/29 02:09:56 | 000,108,032 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/03/25 01:22:50 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 01:22:10 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/25 01:22:06 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys -- (rimmptsk)
DRV - [2007/10/03 07:31:40 | 000,102,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/24 14:46:48 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\A0101X32.sys -- (MTsensor)
DRV - [2007/08/06 14:29:28 | 000,049,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\teefer2.sys -- (Teefer2)
DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 14:09:04 | 000,013,880 | R--- | M] () [Kernel | Auto | Running] -- C:\Program Files\Lenovo\ATK Hotkey\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/18 19:29:56 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2007/06/18 19:29:10 | 000,035,064 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/06/18 19:29:08 | 000,093,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/06/18 19:29:06 | 000,098,136 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/06/18 19:29:04 | 000,026,744 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/06/18 19:28:58 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/06/18 19:28:54 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/06/18 19:28:52 | 000,105,048 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 23:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/10 09:44:52 | 000,305,788 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2006/09/21 16:55:16 | 000,126,864 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2005/09/28 20:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ANC.SYS -- (ANC)
DRV - [2005/05/17 03:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant)
DRV - [2002/11/26 13:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS -- (SMNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-432552709-631503538-700009328-1207\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-432552709-631503538-700009328-1207\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-432552709-631503538-700009328-1207\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.popclick.net
IE - HKU\S-1-5-21-432552709-631503538-700009328-1207\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.13 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Elf 1.13 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.aol.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.652
FF - prefs.js..extensions.enabledItems: {795828a9-f271-43a8-8536-4484bb991d3d}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {b80f591e-fe9a-46cf-a13e-180377240586}:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2009/07/29 09:43:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Mozilla\Extensions
[2011/04/25 09:13:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Mozilla\Firefox\Profiles\tu5z3i0y.default\extensions
[2010/05/07 13:42:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Mozilla\Firefox\Profiles\tu5z3i0y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/18 06:39:10 | 000,000,000 | ---D | M] (Productivity 2 Community Toolbar) -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Mozilla\Firefox\Profiles\tu5z3i0y.default\extensions\{795828a9-f271-43a8-8536-4484bb991d3d}
[2011/04/18 06:39:10 | 000,000,000 | ---D | M] (Elf 1.13 Community Toolbar) -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Mozilla\Firefox\Profiles\tu5z3i0y.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2011/04/18 06:39:10 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Mozilla\Firefox\Profiles\tu5z3i0y.default\extensions\engine@conduit.com
[2011/04/11 20:07:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Mozilla\Firefox\Profiles\tu5z3i0y.default\extensions\LogMeInClient@logmein.com
[2011/01/17 14:45:04 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Mozilla\Firefox\Profiles\tu5z3i0y.default\searchplugins\conduit.xml
[2009/03/23 08:56:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2012/01/30 08:24:19 | 000,000,053 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: http://conduit.com http://popclicks.ourtoolbar.com/
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [Email] C:\Program Files/Email/Internet/run.exe ()
O4 - HKLM..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
O4 - HKLM..\Run: [LCONTROL] C:\Program Files\Lenovo\ATK Hotkey\LCONTROL.exe (ATK0101)
O4 - HKLM..\Run: [LFKA] C:\Program Files\Lenovo\ATK Hotkey\LFKA.exe (Lenovo)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\PROGRA~1\Lenovo\LENOVO~2\LPMLCHK.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe (Sonic Solutions)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\LVOSDSVC.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-432552709-631503538-700009328-1207..\Run: [Email] C:\Program Files/Email/Internet/run.exe ()
O4 - HKU\S-1-5-21-432552709-631503538-700009328-1207..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-432552709-631503538-700009328-1207..\RunOnce: [Internet] C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-432552709-631503538-700009328-1207..\RunOnce: [winlogon] C:\WINDOWS/system32/drivers/winlogon.scr ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: svchost = C:\DOCUME~1\JMILLE~1.000\LOCALS~1\Temp\svchost.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-432552709-631503538-700009328-1207\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-432552709-631503538-700009328-1207\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-432552709-631503538-700009328-1207\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-432552709-631503538-700009328-1207\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-432552709-631503538-700009328-1207\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-432552709-631503538-700009328-1207\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O15 - HKU\.DEFAULT\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\.DEFAULT\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-18\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-432552709-631503538-700009328-1207\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-432552709-631503538-700009328-1207\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237995003162 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237994991304 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=722 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = briad.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0BFC800-5C9F-4B0F-929B-95DEC214EFC9}: DhcpNameServer = 192.168.1.14 4.2.2.2 4.2.2.3
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Documents and Settings\jmiller.BRIAD.000\Application Data/Email/avg.exe) -C:\Documents and Settings\jmiller.BRIAD.000\Application Data/Email/avg.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\jmiller.BRIAD.000\svchost.exe) -C:\Documents and Settings\jmiller.BRIAD.000\svchost.exe ()
O20 - Winlogon\Notify\ACNotify: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/01/23 09:12:56 | 000,000,031 | -HS- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - Reg Error: Value error.
SafeBootMin: ccSetMgr - Reg Error: Value error.
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - Reg Error: Value error.
SafeBootMin: Symantec Antvirus - Reg Error: Value error.
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 08:19:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\OTL.exe
[2012/01/26 14:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/25 16:11:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/01/25 15:41:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\gustavo
[2012/01/23 10:27:11 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\aswMBR.exe
[2012/01/23 10:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/01/23 10:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jmiller.BRIAD.000\My Documents\Anti-Malware
[2012/01/23 10:19:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/01/20 17:36:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/01/20 17:33:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/01/20 17:33:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/01/20 17:33:57 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/01/20 17:33:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/01/20 17:33:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/01/20 17:33:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/20 17:33:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/20 17:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\VRT
[2012/01/19 15:00:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jmiller.BRIAD.000\Recent
[2012/01/19 14:49:29 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\ccsetup314.exe
[2012/01/19 13:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Malwarebytes
[2012/01/19 13:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/01/19 13:29:40 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/19 12:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2012/01/19 12:22:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2012/01/19 12:22:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/01/19 10:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\security1
[2012/01/19 10:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\conduit
[2012/01/19 09:55:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Email
[2012/01/19 09:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Email
[2012/01/19 09:55:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/01/19 09:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 08:26:31 | 000,000,053 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/01/30 08:22:48 | 000,445,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/30 08:22:48 | 000,072,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/30 08:20:24 | 005,491,722 | ---- | M] () -- C:\Documents
[2012/01/30 08:20:24 | 005,471,829 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\and
[2012/01/30 08:20:24 | 000,107,730 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Ops
[2012/01/30 08:20:24 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Web
[2012/01/30 08:20:24 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Sites
[2012/01/30 08:20:24 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\on
[2012/01/30 08:20:23 | 000,033,858 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Flash
[2012/01/30 08:20:23 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\RESPONSE
[2012/01/30 08:20:21 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\WEEKLY
[2012/01/30 08:20:19 | 000,594,054 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Time
[2012/01/30 08:20:16 | 000,009,234 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\LATIMORE
[2012/01/30 08:20:14 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Lee
[2012/01/30 08:20:12 | 000,033,858 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\End
[2012/01/30 08:20:12 | 000,033,858 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Daily
[2012/01/30 08:20:12 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\HOURS
[2012/01/30 08:20:10 | 000,055,404 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\of
[2012/01/30 08:20:10 | 000,018,468 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\HALL
[2012/01/30 08:20:10 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Period
[2012/01/30 08:20:10 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\6
[2012/01/30 08:20:09 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\SHIFT
[2012/01/30 08:20:09 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\TRACKING
[2012/01/30 08:20:09 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\MANUAL
[2012/01/30 08:20:09 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\GLOVE
[2012/01/30 08:20:08 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\farm
[2012/01/30 08:20:08 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Dance
[2012/01/30 08:20:08 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Cancer
[2012/01/30 08:20:08 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Camping
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Zoo
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Xmas
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Summer
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Spring
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Salad
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\SAFETY
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Plance
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Place
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Penn
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\order
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Halloween
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Gold
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Destiny
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Concert
[2012/01/30 08:20:08 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\1st
[2012/01/30 08:20:07 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\You
[2012/01/30 08:20:07 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Walk
[2012/01/30 08:20:07 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Communion
[2012/01/30 08:20:07 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Amber's
[2012/01/30 08:20:06 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Day
[2012/01/30 08:20:06 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Memorial
[2012/01/30 08:20:05 | 000,184,680 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\FOR
[2012/01/30 08:20:05 | 000,178,524 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Crews
[2012/01/30 08:20:05 | 000,098,496 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\QUARTER
[2012/01/30 08:20:05 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Shirts
[2012/01/30 08:20:05 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Maintance
[2012/01/30 08:20:04 | 000,009,234 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\July
[2012/01/30 08:20:04 | 000,009,234 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\April
[2012/01/30 08:20:04 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\October
[2012/01/30 08:20:04 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\March
[2012/01/30 08:20:04 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\June
[2012/01/30 08:20:04 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\January
[2012/01/30 08:20:04 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\December
[2012/01/30 08:20:04 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\MAY
[2012/01/30 08:20:03 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\September
[2012/01/30 08:20:03 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Noverber
[2012/01/30 08:20:03 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Feburary
[2012/01/30 08:20:03 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\August
[2012/01/30 08:20:02 | 000,116,964 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\QTR
[2012/01/30 08:20:02 | 000,015,390 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Employer
[2012/01/30 08:20:01 | 000,070,794 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\COMP
[2012/01/30 08:20:01 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\EXCELLENCE
[2012/01/30 08:19:59 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\TEST
[2012/01/30 08:19:58 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\nd
[2012/01/30 08:19:57 | 000,018,468 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\THE
[2012/01/30 08:19:57 | 000,009,234 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Month
[2012/01/30 08:19:57 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\7
[2012/01/30 08:19:57 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Heather
[2012/01/30 08:19:57 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\COMPLAINT
[2012/01/30 08:19:57 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Ave
[2012/01/30 08:19:56 | 000,009,234 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\EVALUATION
[2012/01/30 08:19:56 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Gate
[2012/01/30 08:19:55 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\U
[2012/01/30 08:19:55 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\LINE
[2012/01/30 08:19:55 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\BHI
[2012/01/30 08:19:54 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\with
[2012/01/30 08:19:54 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\VERIFY
[2012/01/30 08:19:54 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\New
[2012/01/30 08:19:54 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Hire
[2012/01/30 08:19:54 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\FROM
[2012/01/30 08:19:54 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Difficult
[2012/01/30 08:19:54 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Crew
[2012/01/30 08:19:54 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\03
[2012/01/30 08:19:53 | 000,012,312 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\WK
[2012/01/30 08:19:53 | 000,009,234 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\8
[2012/01/30 08:19:53 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\LEADER
[2012/01/30 08:19:53 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\K
[2012/01/30 08:19:53 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Enrollment
[2012/01/30 08:19:51 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Labor
[2012/01/30 08:19:51 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Scott
[2012/01/30 08:19:51 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\BUDGETS
[2012/01/30 08:19:50 | 000,061,560 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\BONUS
[2012/01/30 08:19:50 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Quater
[2012/01/30 08:19:48 | 000,054,036 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Internet
[2012/01/30 08:19:47 | 000,009,234 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Corporate
[2012/01/30 08:19:47 | 000,009,234 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\AntiVirus
[2012/01/30 08:19:47 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Files
[2012/01/30 08:19:45 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Restart
[2012/01/30 08:19:44 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Downloaded
[2012/01/30 08:19:43 | 000,003,078 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Recommended
[2012/01/30 08:19:37 | 000,015,390 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Security
[2012/01/30 08:19:35 | 000,006,156 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Digital
[2012/01/30 08:19:34 | 000,015,390 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Custom
[2012/01/30 08:18:48 | 000,000,386 | ---- | M] () -- C:\WINDOWS\System32\sys.bat
[2012/01/30 08:18:34 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2012/01/30 08:18:17 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 08:18:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 08:18:01 | 1037,352,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/25 15:41:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\defogger_reenable
[2012/01/23 10:28:09 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\aswMBR.exe
[2012/01/20 17:54:00 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/20 17:36:58 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/01/19 15:35:33 | 000,317,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/19 14:49:34 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\ccsetup314.exe
[2012/01/19 13:29:58 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/17 00:18:20 | 000,046,080 | --S- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\svchost.exe
[2012/01/17 00:18:20 | 000,046,080 | --S- | M] () -- C:\WINDOWS\System32\nw.exe
[2012/01/17 00:18:20 | 000,046,080 | --S- | M] () -- C:\WINDOWS\System32\csrcs.exe
[2012/01/17 00:18:20 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\drivers\winlogon.scr
[2012/01/17 00:18:20 | 000,046,080 | ---- | M] () -- C:\WINDOWS\System32\ping.com
[2012/01/17 00:18:20 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\Internet.pif
[2012/01/17 00:18:20 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\Email.pif
[2012/01/15 17:25:41 | 000,046,632 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\My Documents\livingsocial_voucher_100042794190[1].pdf
[2012/01/11 16:26:52 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/09 08:41:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\OTL.exe
[2012/01/05 08:31:58 | 000,746,010 | ---- | M] () -- C:\Documents and Settings\jmiller.BRIAD.000\My Documents\Stuffed Peppers.mht
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/30 08:18:01 | 1037,352,960 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/27 13:16:02 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\gmer.exe
[2012/01/25 15:41:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\defogger_reenable
[2012/01/23 10:17:31 | 159,984,089 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\Setup.exe
[2012/01/20 17:49:07 | 000,046,080 | --S- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\svchost.exe
[2012/01/20 17:36:58 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/01/20 17:36:55 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/01/20 17:33:57 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/01/20 17:33:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/01/20 17:33:57 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/01/20 17:33:57 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/01/20 17:33:57 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/01/20 16:56:41 | 000,046,080 | --S- | C] () -- C:\WINDOWS\System32\csrcs.exe
[2012/01/20 16:56:41 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\winlogon.scr
[2012/01/20 16:56:36 | 000,000,386 | ---- | C] () -- C:\WINDOWS\System32\sys.bat
[2012/01/19 15:35:33 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/19 12:24:03 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2012/01/19 10:11:06 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Web
[2012/01/19 10:11:06 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Sites
[2012/01/19 10:11:06 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\on
[2012/01/19 10:11:05 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\RESPONSE
[2012/01/19 10:11:04 | 000,033,858 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Flash
[2012/01/19 10:11:02 | 000,107,730 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Ops
[2012/01/19 10:10:55 | 000,009,234 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\LATIMORE
[2012/01/19 10:10:52 | 000,594,054 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Time
[2012/01/19 10:10:52 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\HOURS
[2012/01/19 10:10:50 | 000,033,858 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\End
[2012/01/19 10:10:50 | 000,033,858 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Daily
[2012/01/19 10:10:50 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Period
[2012/01/19 10:10:50 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\6
[2012/01/19 10:10:49 | 000,018,468 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\HALL
[2012/01/19 10:10:49 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\GLOVE
[2012/01/19 10:10:48 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\WEEKLY
[2012/01/19 10:10:48 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\TRACKING
[2012/01/19 10:10:48 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Salad
[2012/01/19 10:10:48 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\SAFETY
[2012/01/19 10:10:48 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\order
[2012/01/19 10:10:48 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\MANUAL
[2012/01/19 10:10:48 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Gold
[2012/01/19 10:10:47 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\farm
[2012/01/19 10:10:47 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Dance
[2012/01/19 10:10:47 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Cancer
[2012/01/19 10:10:47 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Camping
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Zoo
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Xmas
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Walk
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Summer
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Spring
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Plance
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Place
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Penn
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Halloween
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Destiny
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Concert
[2012/01/19 10:10:47 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\1st
[2012/01/19 10:10:46 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Day
[2012/01/19 10:10:46 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\You
[2012/01/19 10:10:46 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Memorial
[2012/01/19 10:10:46 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Communion
[2012/01/19 10:10:46 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Amber's
[2012/01/19 10:10:44 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Shirts
[2012/01/19 10:10:44 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Maintance
[2012/01/19 10:10:43 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\MAY
[2012/01/19 10:10:42 | 000,009,234 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\April
[2012/01/19 10:10:42 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\October
[2012/01/19 10:10:42 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\March
[2012/01/19 10:10:42 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\June
[2012/01/19 10:10:42 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\January
[2012/01/19 10:10:42 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\September
[2012/01/19 10:10:42 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Noverber
[2012/01/19 10:10:42 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Feburary
[2012/01/19 10:10:42 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\August
[2012/01/19 10:10:41 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\December
[2012/01/19 10:10:40 | 000,015,390 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Employer
[2012/01/19 10:10:40 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\EXCELLENCE
[2012/01/19 10:10:38 | 000,070,794 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\COMP
[2012/01/19 10:10:36 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\TEST
[2012/01/19 10:10:35 | 000,009,234 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\July
[2012/01/19 10:10:35 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\nd
[2012/01/19 10:10:35 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Heather
[2012/01/19 10:10:35 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Ave
[2012/01/19 10:10:34 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Gate
[2012/01/19 10:10:34 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\COMPLAINT
[2012/01/19 10:10:32 | 000,178,524 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Crews
[2012/01/19 10:10:32 | 000,009,234 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\EVALUATION
[2012/01/19 10:10:32 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\LINE
[2012/01/19 10:10:32 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\FROM
[2012/01/19 10:10:32 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Crew
[2012/01/19 10:10:32 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\BHI
[2012/01/19 10:10:31 | 000,055,404 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\of
[2012/01/19 10:10:31 | 000,009,234 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Month
[2012/01/19 10:10:31 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\U
[2012/01/19 10:10:31 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\SHIFT
[2012/01/19 10:10:31 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\with
[2012/01/19 10:10:31 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\VERIFY
[2012/01/19 10:10:31 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\New
[2012/01/19 10:10:31 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\LEADER
[2012/01/19 10:10:31 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\K
[2012/01/19 10:10:31 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Hire
[2012/01/19 10:10:31 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Enrollment
[2012/01/19 10:10:31 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Difficult
[2012/01/19 10:10:31 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\03
[2012/01/19 10:10:30 | 000,012,312 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\WK
[2012/01/19 10:10:30 | 000,009,234 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\8
[2012/01/19 10:10:30 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\7
[2012/01/19 10:10:28 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Lee
[2012/01/19 10:10:28 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Labor
[2012/01/19 10:10:28 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Scott
[2012/01/19 10:10:27 | 000,098,496 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\QUARTER
[2012/01/19 10:10:27 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Quater
[2012/01/19 10:10:27 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\BUDGETS
[2012/01/19 10:10:26 | 000,116,964 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\QTR
[2012/01/19 10:10:26 | 000,061,560 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\BONUS
[2012/01/19 10:10:25 | 000,184,680 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\FOR
[2012/01/19 10:10:25 | 000,018,468 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\THE
[2012/01/19 10:10:21 | 000,009,234 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Corporate
[2012/01/19 10:10:21 | 000,009,234 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\AntiVirus
[2012/01/19 10:10:21 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Files
[2012/01/19 10:10:19 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Restart
[2012/01/19 10:10:18 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Downloaded
[2012/01/19 10:10:17 | 000,054,036 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Internet
[2012/01/19 10:10:17 | 000,003,078 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Recommended
[2012/01/19 10:09:43 | 000,015,390 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Security
[2012/01/19 10:09:43 | 000,006,156 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Digital
[2012/01/19 10:09:42 | 000,015,390 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Custom
[2012/01/19 10:09:40 | 005,491,722 | ---- | C] () -- C:\Documents
[2012/01/19 10:09:40 | 005,471,829 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\and
[2012/01/19 09:55:20 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\ping.com
[2012/01/19 09:55:20 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\Internet.pif
[2012/01/19 09:55:20 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Desktop\Email.pif
[2012/01/19 09:55:19 | 000,046,080 | --S- | C] () -- C:\WINDOWS\System32\nw.exe
[2012/01/15 17:25:41 | 000,046,632 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\My Documents\livingsocial_voucher_100042794190[1].pdf
[2012/01/11 16:26:52 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/01/11 16:26:52 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/05 08:31:51 | 000,746,010 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\My Documents\Stuffed Peppers.mht
[2011/04/26 07:08:34 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/04/11 08:23:12 | 004,653,440 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/18 14:55:43 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Local Settings\Application Data\fusioncache.dat
[2010/04/19 06:38:03 | 000,140,577 | ---- | C] () -- C:\WINDOWS\hpoins14.dat.temp
[2010/04/19 06:38:03 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat.temp
[2010/04/19 06:30:56 | 000,140,577 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2010/04/19 06:30:55 | 000,002,000 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2009/12/27 21:44:40 | 000,003,954 | ---- | C] () -- C:\WINDOWS\System32\ClipData.dat
[2009/05/14 13:29:30 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2009/05/03 16:10:31 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2009/05/03 15:18:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/04/23 14:38:51 | 000,002,281 | ---- | C] () -- C:\Documents and Settings\jmiller.BRIAD.000\Application Data\Barracuda-WhiteList.xml
[2009/03/25 09:51:42 | 000,000,332 | ---- | C] () -- C:\WINDOWS\System32\cspContainer.dat
[2009/03/25 09:35:21 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2009/03/25 09:35:04 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/03/25 09:35:03 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/03/23 09:28:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/12 06:22:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/12 06:06:02 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/02/12 06:05:15 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2009/02/12 06:05:14 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2009/02/12 06:05:10 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2009/02/12 06:02:17 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\AABATT.dll
[2009/02/12 06:02:17 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\A0101X32.sys
[2009/02/12 06:02:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/12 06:02:09 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/12 06:02:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/12 06:02:09 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/12 06:02:09 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/12 06:02:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/12 06:01:13 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2009/02/12 06:01:13 | 000,000,167 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/02/12 05:50:16 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/02/12 05:50:15 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/02/12 05:50:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2009/02/12 05:43:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2009/02/12 05:36:38 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2007/04/12 14:21:58 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 02:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 01:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 01:55:55 | 000,445,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 01:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 01:55:55 | 000,072,754 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 01:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 01:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 01:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 01:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 01:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 01:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 01:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 01:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/29 19:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\WINDOWS\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\WINDOWS\Temp\RarSFX11\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\WINDOWS\Temp\RarSFX14\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\WINDOWS\Temp\RarSFX6\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\WINDOWS\Temp\RarSFX7\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\WINDOWS\Temp\RarSFX8\procs\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\WINDOWS\Temp\RarSFX0\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\WINDOWS\Temp\RarSFX11\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\WINDOWS\Temp\RarSFX14\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\WINDOWS\Temp\RarSFX6\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\WINDOWS\Temp\RarSFX7\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\WINDOWS\Temp\RarSFX8\h\explorer.exe

< MD5 for: WINLOGON.EXE >
[2005/04/01 13:19:51 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=986EC72D788E00E8E397B7BB7F5A9E45 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\WINDOWS\Temp\RarSFX0\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\WINDOWS\Temp\RarSFX11\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\WINDOWS\Temp\RarSFX14\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\WINDOWS\Temp\RarSFX6\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\WINDOWS\Temp\RarSFX7\winlogon.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\WINDOWS\Temp\RarSFX8\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >


EXTRA TEXT

OTL Extras logfile created on: 1/30/2012 8:22:15 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\jmiller.BRIAD.000\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

989.23 Mb Total Physical Memory | 386.26 Mb Available Physical Memory | 39.05% Memory free
2.33 Gb Paging File | 1.89 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.15 Gb Total Space | 99.26 Gb Free Space | 69.34% Space Free | Partition Type: NTFS
Drive E: | 3.80 Gb Total Space | 3.68 Gb Free Space | 96.86% Space Free | Partition Type: FAT32

Computer Name: NJ-WEN-JMILLER2 | User Name: JMiller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%programfiles%\Microsoft Office\Office\OUTLOOK.EXE:*:enabled:DP_Outlook2k" = %programfiles%\Microsoft Office\Office\OUTLOOK.EXE:*:enabled:DP_Outlook2k

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"2967:TCP:*:enabled:DP_SAVClient" = 2967:TCP:*:enabled:DP_SAVClient
"4899:TCP:*:enabled:DP_RAdmin1" = 4899:TCP:*:enabled:DP_RAdmin1
"4899:UDP:*:enabled:DP_RAdmin2" = 4899:UDP:*:enabled:DP_RAdmin2
"5900:TCP:*:enabled:DP_VNC" = 5900:TCP:*:enabled:DP_VNC

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications\List]
"%programfiles%\Microsoft Office\Office\OUTLOOK.EXE:*:enabled:SP_Outlook2k" = %programfiles%\Microsoft Office\Office\OUTLOOK.EXE:*:enabled:SP_Outlook2k

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"2967:TCP:*:enabled:SP_SAVClient" = 2967:TCP:*:enabled:SP_SAVClient
"4899:TCP:*:enabled:SP_RAdmin1" = 4899:TCP:*:enabled:SP_RAdmin1
"4899:UDP:*:enabled:SP_RAdmin2" = 4899:UDP:*:enabled:SP_RAdmin2
"5900:TCP:*:enabled:SP_VNC" = 5900:TCP:*:enabled:SP_VNC

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055B9AD2-48E1-462E-9992-814123063C46}" = Lenovo_ATK_Package
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20DD6A51-F309-431E-B561-4C6B075D3F0F}" = Barracuda Networks Outlook Plug-in
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FE5855A-F7F7-4F6A-A6CC-6F3CBBF263EB}" = Rapid Eye Multi-Media Admin and View 8.0.82
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Small Business Edition
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5E4CA329-0289-492E-BA2D-9F43F402818C}" = RapidEye Multi-Media
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{70CCD7C5-39E3-40C4-92CB-0A4281CE3B99}" = Motorola Driver Installation
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5991CEF-CAB5-4598-A4B3-9EE0A799E276}" = Mobile Auditor PC
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{DB34E5AF-6DC0-4C21-8A70-EAEA2CECE469}" = Mobile Broadband Connect
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E8A54984-9776-4283-ACE2-782BA850A1C0}" = Roxio Creator Small Business Edition
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Interceptor Remote Client" = Interceptor Remote Client
"Lenovo Registration" = Lenovo Registration
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Power Management Driver" = ThinkPad Power Management Driver for SL Series
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"Wendy's Test Generator" = Wendy's Test Generator
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-432552709-631503538-700009328-1207\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2012 1:20:49 AM | Computer Name = NJ-WEN-JMILLER2 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/26/2012 9:20:49 AM | Computer Name = NJ-WEN-JMILLER2 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/26/2012 3:20:13 PM | Computer Name = NJ-WEN-JMILLER2 | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15641, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/27/2012 1:20:51 AM | Computer Name = NJ-WEN-JMILLER2 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/27/2012 9:20:51 AM | Computer Name = NJ-WEN-JMILLER2 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/27/2012 2:59:00 PM | Computer Name = NJ-WEN-JMILLER2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/27/2012 2:59:10 PM | Computer Name = NJ-WEN-JMILLER2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/30/2012 9:18:05 AM | Computer Name = NJ-WEN-JMILLER2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 1/30/2012 9:18:06 AM | Computer Name = NJ-WEN-JMILLER2 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 1/30/2012 9:18:16 AM | Computer Name = NJ-WEN-JMILLER2 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 1/27/2012 3:48:39 PM | Computer Name = NJ-WEN-JMILLER2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/27/2012 5:13:58 PM | Computer Name = NJ-WEN-JMILLER2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: Insufficient system resources exist to complete the requested service.
.

Error - 1/27/2012 5:13:58 PM | Computer Name = NJ-WEN-JMILLER2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll.
Reference
error message: The operation completed successfully. .

Error - 1/27/2012 5:13:58 PM | Computer Name = NJ-WEN-JMILLER2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.mui.
Reference
error message: Insufficient system resources exist to complete the requested service.
.

Error - 1/27/2012 5:13:58 PM | Computer Name = NJ-WEN-JMILLER2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\browseui.dll.
Reference
error message: The operation completed successfully. .

Error - 1/27/2012 5:13:58 PM | Computer Name = NJ-WEN-JMILLER2 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: Insufficient system resources exist to complete the requested service.
.

Error - 1/27/2012 5:13:58 PM | Computer Name = NJ-WEN-JMILLER2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\ntshrui.dll.
Reference
error message: The operation completed successfully. .

Error - 1/27/2012 5:14:09 PM | Computer Name = NJ-WEN-JMILLER2 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000009A'
while processing the file 'gmmer.lnk' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 1/30/2012 9:18:05 AM | Computer Name = NJ-WEN-JMILLER2 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain BRIAD due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 1/30/2012 9:18:09 AM | Computer Name = NJ-WEN-JMILLER2 | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:04 AM

Posted 30 January 2012 - 05:24 PM

Hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Fracion

Fracion
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 31 January 2012 - 09:40 AM

ComboFix 12-01-23.02 - JMiller 01/31/2012 8:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.989.492 [GMT -5:00]
Running from: e:\virus removal tools\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jmiller.BRIAD.000\svchost.exe
C:\Program Files/Email/Internet/run.exe
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Windows network Service
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-26 19:38 . 2012-01-26 19:38 -------- d-----w- c:\program files\ESET
2012-01-25 21:11 . 2012-01-25 21:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-01-23 15:22 . 2012-01-25 19:52 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-01-20 21:56 . 2012-01-17 05:18 46080 --s---w- c:\windows\system32\csrcs.exe
2012-01-20 21:56 . 2012-01-17 05:18 46080 ----a-w- c:\windows\system32\drivers\winlogon.scr
2012-01-20 21:56 . 2012-01-31 13:28 386 ----a-w- c:\windows\system32\sys.bat
2012-01-19 20:20 . 2012-01-19 20:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-01-19 20:16 . 2012-01-24 20:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Email
2012-01-19 18:30 . 2012-01-19 18:30 -------- d-----w- c:\documents and settings\jmiller.BRIAD.000\Application Data\Malwarebytes
2012-01-19 18:30 . 2012-01-19 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-19 17:24 . 2012-01-20 22:54 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-01-19 17:24 . 2012-01-19 17:24 -------- d-----w- c:\program files\Hitman Pro 3.5
2012-01-19 17:22 . 2012-01-19 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2012-01-19 17:22 . 2012-01-19 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-01-19 15:24 . 2012-01-19 15:24 -------- d-----w- c:\program files\security1
2012-01-19 15:24 . 2012-01-19 15:24 -------- d-----w- c:\program files\conduit
2012-01-19 14:55 . 2012-01-24 20:24 -------- d-----w- c:\documents and settings\jmiller.BRIAD.000\Application Data\Email
2012-01-19 14:55 . 2012-01-19 14:55 -------- d--h--w- c:\program files\Email
2012-01-19 14:55 . 2012-01-17 05:18 46080 ----a-w- c:\windows\system32\ping.com
2012-01-19 14:55 . 2011-10-31 10:46 634504 ----a-w- c:\program files\Internet Explorer\bk.exe
2012-01-19 14:55 . 2012-01-17 05:18 46080 --s---w- c:\windows\system32\nw.exe
2012-01-19 14:55 . 2012-01-19 14:55 -------- d-----w- c:\program files\Microsoft
2012-01-09 21:49 . 2012-01-09 21:49 -------- d-----w- c:\documents and settings\administrator.BRIAD
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 01:39 . 2009-11-19 18:54 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-16 01:39 . 2009-11-19 18:54 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-16 01:39 . 2009-11-19 18:54 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-16 01:39 . 2009-11-19 18:54 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-11-25 21:57 . 2006-04-30 06:55 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-04-30 06:55 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-04-30 06:55 60416 ------w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2006-04-30 06:56 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2006-04-30 06:55 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-03 15:28 . 2006-04-30 06:55 1292288 ------w- c:\windows\system32\quartz.dll
2011-11-03 15:28 . 2006-04-30 06:55 386048 ------w- c:\windows\system32\qdvd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Email"="C:\Program Files/Email/Internet/run.exe" [2012-01-17 46080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2008-04-10 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 524288]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-30 60192]
"TpShocks"="TpShocks.exe" [2008-06-07 181536]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\LVOSDSVC.exe" [2008-03-24 64368]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-06-04 242976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-04 141848]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-15 487424]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2008-04-25 244208]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2008-06-08 165208]
"LPMailChecker"="c:\progra~1\Lenovo\LENOVO~2\LPMLCHK.exe" [2008-06-08 124248]
"LCONTROL"="c:\program files\Lenovo\ATK Hotkey\LCONTROL.exe" [2008-03-20 77824]
"LFKA"="c:\program files\Lenovo\ATK Hotkey\LFKA.exe" [2008-04-16 315392]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-10-26 335872]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-10-26 208896]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2008-09-27 425984]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2008-09-27 143360]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2008-06-14 3073336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Email"="C:\Program Files/Email/Internet/run.exe" [2012-01-17 46080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2009-3-25 1528880]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-16 01:39 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-08 10:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"="1"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [5/14/2008 7:21 PM 19496]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [5/9/2008 8:50 AM 46144]
R2 LFKAS;Service of LFKA;c:\program files\Lenovo\ATK Hotkey\LFKAS.exe [2/12/2009 6:02 AM 208896]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/5/2010 6:41 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2/12/2009 6:05 AM 94208]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [5/14/2008 7:25 PM 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [5/9/2008 8:50 AM 253952]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2/12/2009 5:50 AM 108032]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [4/25/2008 11:18 AM 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [4/25/2008 11:16 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [4/25/2008 11:15 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [4/25/2008 11:18 AM 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [4/25/2008 11:15 AM 1120752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-02-12 16:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.popclick.net
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-31 08:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1880)
c:\windows\system32\LMIinit.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3400)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Lenovo\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Lenovo\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Lenovo\ATK Hotkey\GFNEXSrv.exe
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\System32\TPHDEXLG.exe
c:\program files\Lenovo\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\system32\TpShocks.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-01-31 08:42:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-31 13:42
ComboFix2.txt 2012-01-20 22:53
.
Pre-Run: 106,509,627,392 bytes free
Post-Run: 106,566,971,392 bytes free
.
- - End Of File - - 6677340D9DFE5962323D035731D3CD2F

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:04 AM

Posted 01 February 2012 - 04:27 PM

Hi,

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.


c:\windows\system32\ping.com
c:\program files\Internet Explorer\bk.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:04 AM

Posted 06 February 2012 - 09:53 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users