Here are the 2 logs you requested.
=========================================ComboFix 09-01-21.04 - Michael 2009-01-29 18:30:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1304 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: BitDefender Firewall *disabled*
FW: Norton Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\struct~.ini
.
---- Previous Run -------
.
c:\windows\struct~.ini
c:\windows\system32\bszip.dll
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.
2009-01-28 16:20 . 2009-01-28 16:20 <DIR> dr------- c:\program files\Norton Support
2009-01-27 19:46 . 2009-01-27 19:46 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-27 19:46 . 2009-01-27 19:46 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-27 19:46 . 2009-01-27 19:46 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-27 19:46 . 2009-01-27 19:46 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-27 19:46 . 2009-01-27 19:46 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-27 19:45 . 2009-01-27 19:45 <DIR> d-------- c:\windows\system32\drivers\NIS
2009-01-27 19:45 . 2009-01-27 19:45 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-27 19:45 . 2009-01-27 19:45 <DIR> d-------- c:\program files\Norton Internet Security
2009-01-27 19:43 . 2009-01-27 19:43 <DIR> d-------- c:\program files\NortonInstaller
2009-01-27 19:17 . 2009-01-27 19:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-27 19:17 . 2009-01-27 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-27 19:03 . 2009-01-27 19:03 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files
2009-01-26 19:18 . 2009-01-26 19:18 <DIR> d-------- c:\windows\Crystal
2009-01-26 19:18 . 2009-01-26 19:18 <DIR> d-------- C:\MultiCHX
2009-01-26 18:20 . 2008-05-30 00:58 373,464 --a------ c:\windows\system32\TIFF32.DLL
2009-01-26 18:20 . 2008-05-30 01:05 360,168 --a------ c:\windows\system32\MCHXMoNT.dll
2009-01-26 18:20 . 2008-05-30 01:05 250,592 --a------ c:\windows\system32\MCHRmvNT.dll
2009-01-26 18:20 . 2008-05-30 00:59 230,112 --a------ c:\windows\system32\BiImgUser.dll
2009-01-26 18:20 . 2008-05-30 00:59 164,568 --a------ c:\windows\system32\JPEG32.DLL
2009-01-26 18:20 . 2008-05-30 01:05 164,568 --a------ c:\windows\system32\BuMAppNT.exe
2009-01-26 18:20 . 2008-06-23 14:21 65,248 --a------ c:\windows\system32\MCHXRsNT.dll
2009-01-26 18:20 . 2006-02-08 13:55 1,078 --a------ c:\windows\system32\display.ico
2009-01-26 18:15 . 2009-01-26 18:15 202,822 --a------ c:\windows\system32\atasnt40.dll
2009-01-26 17:43 . 2009-01-28 11:12 <DIR> d-------- c:\program files\MultiChx
2009-01-26 11:36 . 2009-01-26 11:36 6,144 --ahs---- c:\windows\Thumbs.db
2009-01-25 13:06 . 2009-01-25 13:06 <DIR> d-------- c:\program files\BitDefender
2009-01-18 17:27 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-18 17:26 . 2009-01-18 17:26 <DIR> d-------- c:\program files\Panda Security
2009-01-18 17:15 . 2009-01-18 17:15 <DIR> d-------- C:\_OTMoveIt
2009-01-18 10:18 . 2009-01-18 10:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 10:18 . 2009-01-18 10:18 <DIR> d-------- c:\documents and settings\Michael\Application Data\Malwarebytes
2009-01-18 10:18 . 2009-01-18 10:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-18 10:18 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 10:18 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-17 22:58 . 2009-01-17 22:59 <DIR> d-------- C:\rsit
2009-01-16 13:10 . 2009-01-16 13:10 <DIR> d-------- c:\documents and settings\Michael\Application Data\DivX
2009-01-16 13:08 . 2009-01-16 13:08 <DIR> d-------- c:\program files\DivX
2009-01-15 10:22 . 2009-01-27 19:31 81,984 --a------ c:\windows\system32\bdod.bin
2009-01-15 09:35 . 2009-01-15 10:05 260 --a------ c:\windows\system32\BDUpdateV1.xml
2009-01-05 22:40 . 2009-01-05 22:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\eFax Messenger 4.3 Setup
2009-01-05 22:40 . 2009-01-05 22:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\eFax Messenger 4.3 Output
2009-01-05 22:40 . 2009-01-06 12:43 0 --a------ c:\windows\system32\eFax_4_3_Port
2009-01-05 22:39 . 2009-01-05 22:41 <DIR> d-------- c:\program files\eFax Messenger 4.3
2009-01-03 00:09 . 2009-01-25 13:06 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-01-02 11:46 . 2009-01-17 01:12 121 --a------ c:\windows\bdagent.INI
2009-01-02 11:37 . 2009-01-02 11:37 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-01-02 11:37 . 2009-01-02 11:37 385 --a------ c:\windows\system32\user_gensett.xml
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 23:39 --------- d-----w c:\documents and settings\Michael\Application Data\Skype
2009-01-28 03:42 --------- d-----w c:\documents and settings\Michael\Application Data\U3
2009-01-28 03:09 --------- d-----w c:\documents and settings\Michael\Application Data\Symantec
2009-01-28 01:16 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-28 00:46 --------- d-----w c:\program files\Symantec
2009-01-28 00:46 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-27 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-01-27 02:52 --------- d-----w c:\program files\Scriptocean
2009-01-19 00:49 --------- d-----w c:\program files\Java
2009-01-09 00:09 --------- d-----w c:\program files\PeerGuardian2
2009-01-08 03:57 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-07 01:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 03:39 --------- d-----w c:\program files\eFax Messenger 4.4
2009-01-03 17:45 --------- d-----w c:\program files\Yahoo!
2009-01-03 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-03 17:45 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2008-12-28 18:06 --------- d-----w c:\program files\Microsoft Works
2008-12-25 18:40 --------- d-----w c:\program files\Diskeeper Corporation
2008-12-25 18:40 --------- d-----w c:\program files\Common Files\Diskeeper Corporation
2008-12-25 18:40 --------- d-----w c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2008-12-24 03:46 --------- d-----w c:\program files\CCleaner
2008-12-21 05:22 --------- d-----w c:\program files\Sophos
2008-12-21 05:12 --------- d-----w c:\program files\Trend Micro
2008-12-20 00:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2008-12-06 15:27 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-05 17:55 --------- d-----w c:\documents and settings\Michael\Application Data\j2 Global
2008-12-05 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\eFax Messenger 4.4 Output
2008-12-04 05:39 --------- d-----w c:\program files\Trillian
2008-12-03 04:03 --------- d-----w c:\documents and settings\Michael\Application Data\OfficeUpdate12
2008-12-01 23:43 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-25 13:57 3,433 ----a-w c:\documents and settings\Michael\Application Data\SAS7_000.DAT
2007-11-20 00:02 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-07-16 14:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071620080717\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-18_12.16.51.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-13 14:12:00 2,560 ----a-w c:\windows\_MSRSTRT.EXE
+ 2003-08-28 10:35:52 892,928 ----a-w c:\windows\aibmrun.exe
- 2008-12-22 22:47:50 16,152 ----a-w c:\windows\assembly\GAC\Interop.QBXMLRP2\7.0.0.134__31d8aec643e18259\Interop.QBXMLRP2.dll
+ 2009-01-27 00:18:46 16,152 ----a-w c:\windows\assembly\GAC\Interop.QBXMLRP2\7.0.0.134__31d8aec643e18259\Interop.QBXMLRP2.dll
+ 2008-01-09 20:01:48 53,248 ----a-w c:\windows\bdoscandel.exe
+ 2001-09-28 18:44:58 257,536 ----a-w c:\windows\BiImg.dll
+ 2003-12-11 13:32:14 147,456 ----a-w c:\windows\brunin03.dll
+ 2006-04-20 18:18:32 81,920 ------r c:\windows\bwUnin-6.1.4.68-8876480L.exe
+ 2004-11-09 08:02:00 110,592 ----a-w c:\windows\desktopset.exe
+ 2005-03-07 08:05:00 98,358 ----a-w c:\windows\dla.exe
+ 2008-06-30 15:39:58 128,256 ----a-w c:\windows\Downloaded Program Files\as2stubie.dll
+ 2008-08-12 19:15:10 450,560 ----a-w c:\windows\Downloaded Program Files\symdlmgr.dll
+ 2008-04-14 00:12:19 1,033,728 ----a-w c:\windows\explorer.exe
+ 2000-08-31 13:00:00 89,504 ----a-w c:\windows\fdsv.exe
+ 2000-08-31 13:00:00 80,412 ----a-w c:\windows\grep.exe
+ 2008-04-14 00:12:21 10,752 ----a-w c:\windows\hh.exe
+ 2006-01-06 19:07:25 36,864 ----a-w c:\windows\hpfsched.exe
+ 1992-12-07 04:00:00 27,488 ----a-w c:\windows\IMAGEMAN.DLL
- 2009-01-15 22:04:02 58,656 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\ARPPRODUCTICON.exe
+ 2009-01-27 00:18:52 58,656 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\ARPPRODUCTICON.exe
- 2009-01-15 22:04:02 46,368 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\MCSetUp.exe_05C5EB0D07B742849617A3F51F279949.exe
+ 2009-01-27 00:18:52 46,368 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\MCSetUp.exe_05C5EB0D07B742849617A3F51F279949.exe
- 2009-01-15 22:04:02 46,368 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\MultiChx.exe_7A42ABDF5DA24F22BFD0822289228ABE.exe
+ 2009-01-27 00:18:52 46,368 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\MultiChx.exe_7A42ABDF5DA24F22BFD0822289228ABE.exe
- 2009-01-15 22:04:02 46,368 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\MultiChx.exe1_F2C17C13A6454B5890EC9B7410740698.exe
+ 2009-01-27 00:18:52 46,368 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\MultiChx.exe1_F2C17C13A6454B5890EC9B7410740698.exe
- 2009-01-15 22:04:02 46,368 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\VPSetup.exe_21225473BEFF4D4189AE183C8935C9C2.exe
+ 2009-01-27 00:18:52 46,368 ----a-r c:\windows\Installer\{E541E010-30C4-44D5-963A-F5E59D0F70D3}\VPSetup.exe_21225473BEFF4D4189AE183C8935C9C2.exe
+ 1998-10-29 21:45:06 306,688 ----a-w c:\windows\IsUninst.exe
+ 2002-05-10 21:30:08 110,592 ----a-w c:\windows\JPEG32.DLL
+ 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2008-04-14 00:12:29 69,120 ----a-w c:\windows\notepad.exe
+ 1995-07-18 23:55:20 55,792 ----a-w c:\windows\odbc.dll
+ 1995-07-18 23:55:20 82,704 ----a-w c:\windows\odbcinst.dll
+ 2007-09-17 21:40:56 524,288 ------w c:\windows\opuc.dll
+ 2007-03-22 17:38:52 215,144 ----a-r c:\windows\patchw32.dll
+ 2007-03-22 17:38:52 215,144 ----a-r c:\windows\pw32a.dll
+ 2006-05-26 06:13:00 16,384 ------w c:\windows\PWMBTHLP.EXE
+ 2008-04-14 00:12:32 146,432 ----a-w c:\windows\regedit.exe
+ 2000-08-31 13:00:00 98,816 ----a-w c:\windows\sed.exe
+ 2008-04-14 00:12:35 32,866 ------w c:\windows\slrundll.exe
+ 2001-09-13 06:15:28 90,112 ------w c:\windows\snymsico.dll
+ 2006-08-12 15:36:22 372,736 ----a-w c:\windows\suinsta4001.exe
+ 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 136,704 ----a-w c:\windows\SWSC.exe
+ 2000-08-31 13:00:00 212,480 ----a-w c:\windows\SWXCACLS.exe
- 2007-04-11 15:11:20 511,328 ----a-w c:\windows\system32\capicom.dll
+ 2007-04-11 16:11:20 511,328 ----a-w c:\windows\system32\capicom.dll
+ 2009-01-28 00:46:02 255,536 ----a-w c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys
+ 2009-01-28 00:46:02 362,544 ----a-w c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys
+ 2009-01-28 00:46:03 306,736 ----a-w c:\windows\system32\drivers\NIS\1002000.007\srtsp.sys
+ 2009-01-28 00:46:03 43,696 ----a-w c:\windows\system32\drivers\NIS\1002000.007\srtspx.sys
+ 2009-01-28 00:46:03 12,976 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symdns.sys
+ 2009-01-28 00:46:03 309,296 ----a-w c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys
+ 2009-01-28 00:46:03 89,904 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symfw.sys
+ 2009-01-28 00:46:03 34,608 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symids.sys
+ 2009-01-28 00:46:03 37,424 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symndis.sys
+ 2009-01-28 00:46:03 40,496 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symndisv.sys
+ 2009-01-28 00:46:03 24,624 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symredrv.sys
+ 2009-01-28 00:46:03 198,192 ----a-w c:\windows\system32\drivers\NIS\1002000.007\symtdi.sys
- 2008-12-23 13:54:40 344,216 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-27 12:52:06 344,216 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-03-31 17:28:00 131,072 ----a-w c:\windows\system32\mapi32.dll
+ 2004-03-31 18:28:00 131,072 ----a-w c:\windows\system32\mapi32.dll
- 2002-01-05 07:48:16 974,848 ----a-w c:\windows\system32\mfc70.dll
+ 2002-01-05 08:48:16 974,848 ----a-w c:\windows\system32\mfc70.dll
- 2002-01-05 07:36:38 964,608 ----a-w c:\windows\system32\mfc70u.dll
+ 2002-01-05 08:36:38 964,608 ----a-w c:\windows\system32\mfc70u.dll
- 2006-07-11 23:43:32 1,060,864 ----a-w c:\windows\system32\mfc71.dll
+ 2003-03-19 02:20:00 1,060,864 ----a-w c:\windows\system32\mfc71.dll
- 2006-07-12 00:02:30 1,053,184 ----a-w c:\windows\system32\mfc71u.dll
+ 2003-03-19 02:12:12 1,047,552 ----a-w c:\windows\system32\mfc71u.dll
- 2002-01-05 07:38:38 54,784 ----a-w c:\windows\system32\msvci70.dll
+ 2002-01-05 08:38:38 54,784 ----a-w c:\windows\system32\msvci70.dll
- 2002-01-05 07:40:20 487,424 ----a-w c:\windows\system32\msvcp70.dll
+ 2002-01-05 08:40:20 487,424 ----a-w c:\windows\system32\msvcp70.dll
- 2003-03-19 00:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll
+ 2003-03-19 01:14:52 499,712 ----a-w c:\windows\system32\msvcp71.dll
- 2002-01-05 06:37:28 344,064 ----a-w c:\windows\system32\msvcr70.dll
+ 2002-01-05 07:37:28 344,064 ----a-w c:\windows\system32\msvcr70.dll
- 2003-02-21 08:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll
+ 2003-02-21 09:42:22 348,160 ----a-w c:\windows\system32\msvcr71.dll
+ 2009-01-26 23:15:39 27,136 ----a-w c:\windows\system32\spool\drivers\w32x86\3\atprint.dll
+ 2008-04-14 00:12:07 373,248 ----a-w c:\windows\system32\spool\drivers\w32x86\unidrv.dll
+ 2008-04-14 00:12:07 744,448 ----a-w c:\windows\system32\spool\drivers\w32x86\unidrvui.dll
+ 2007-05-15 08:08:53 761,344 ----a-w c:\windows\system32\spool\drivers\w32x86\unires.dll
- 2008-10-09 20:31:54 192,512 ----a-w c:\windows\system32\txmlutil.dll
+ 2009-01-25 19:01:29 192,512 ----a-w c:\windows\system32\txmlutil.dll
+ 2004-08-04 12:00:00 15,360 ----a-w c:\windows\TASKMAN.EXE
+ 2009-01-29 23:37:55 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_8b8.dat
+ 2009-01-29 23:37:53 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_db8.dat
+ 2009-01-29 23:38:41 16,384 ----atw c:\windows\TEMP\Perflib_Perfdata_f94.dat
+ 2002-05-10 21:27:00 221,184 ----a-w c:\windows\TIFF32.DLL
+ 2004-08-04 12:00:00 94,784 ----a-w c:\windows\twain.dll
+ 2008-04-14 00:12:07 50,688 ----a-w c:\windows\twain_32.dll
+ 2004-08-04 12:00:00 49,680 ----a-w c:\windows\twunk_16.exe
+ 2004-08-04 12:00:00 25,600 ----a-w c:\windows\twunk_32.exe
+ 1999-12-17 14:13:04 86,016 ----a-w c:\windows\unvise32.exe
+ 2000-08-31 13:00:00 49,152 ----a-w c:\windows\VFIND.exe
+ 2004-08-04 12:00:00 18,944 ----a-w c:\windows\vmmreg32.dll
+ 2004-08-04 12:00:00 256,192 ----a-w c:\windows\winhelp.exe
+ 2008-04-14 00:12:39 283,648 ----a-w c:\windows\winhlp32.exe
- 2006-04-18 23:07:56 1,233,920 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2009-01-27 00:18:44 1,233,920 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
- 2006-04-18 19:56:56 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
+ 2009-01-27 00:18:46 82,432 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.0.0_x-ww_29c3ad6a\msxml4r.dll
- 2006-12-02 02:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-02 03:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-02 02:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 03:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-02 02:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 03:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-02 04:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 05:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-02 04:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 05:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-02 04:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 05:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-02 04:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 05:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-02 04:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 05:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-02 04:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 05:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-02 04:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 05:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-02 04:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 05:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-02 04:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-02 04:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-02 04:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 05:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-02 04:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-02 04:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 05:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2000-08-31 13:00:00 68,096 ----a-w c:\windows\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2004-02-04 32768]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-04 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-04-04 94208]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 512000]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-06-28 32768]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 151552]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-25 31232]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-11-17 237568]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-05-26 208896]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-01-21 344064]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-11 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-11 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 780312]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-01-31 385024]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"PrettyMay"="c:\program files\PrettyMayBusiness\PrettyMay.exe" [2008-09-29 3067904]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-10 1351680]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-10 1191936]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-07 122939]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-12-12 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 505368]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-02-27 58656]
"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-02-27 795936]
"WFXSwtch"="c:\progra~1\WinFax\WFXSWTCH.exe" [2002-12-12 28160]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"TpShocks"="TpShocks.exe" [2008-06-06 c:\windows\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2004-11-12 c:\windows\system32\TP4EX.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 c:\windows\system32\bthprops.cpl]
"WD Button Manager"="WDBtnMgr.exe" [2008-05-03 c:\windows\system32\WDBtnMgr.exe]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 c:\windows\system32\WFXSNT40.EXE]
c:\documents and settings\Michael\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files\Trillian\trillian.exe [2008-11-26 1873280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Polycom Communicator.lnk - c:\program files\Polycom\Communicator_for_skype\Application\Polycom_Communicator.exe [2008-08-15 225364]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-25 18:20 40448 c:\windows\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-12 22:11 24576 c:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 00:18 57344 c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
--a------ 2006-07-11 07:24 341504 c:\program files\TiVo\Desktop\TiVoNotify.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
--a------ 2006-07-11 07:26 1313792 c:\program files\TiVo\Desktop\TiVoServer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
--a------ 2006-07-11 07:23 1174528 c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TivoBeacon2"=2 (0x2)
"aawservice"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 otman5;Open Transation Manager;c:\windows\system32\drivers\otman5.sys [2004-05-12 65295]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-18 28544]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2008-05-14 114728]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys [2009-01-27 309296]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-05-14 19496]
R0 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [2006-04-18 14848]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-01-27 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-01-27 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090120.002\IDSxpx86.sys [2009-01-27 274808]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2007-01-31 4442]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-27 99376]
R3 PlcmAEC;Polycom Communicator;c:\windows\system32\drivers\PlcmAEC.sys [2008-07-28 512896]
R3 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [2006-04-18 6528]
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [1980-01-01 14336]
R4 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-01-27 115560]
R4 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2008-02-27 144672]
R4 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-12-10 88576]
R4 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 3456]
R4 XobniService;XobniService;c:\program files\Xobni\XobniService.exe [2008-05-16 36352]
R4 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-05-26 16512]
S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\IcdSX.sys [2006-04-19 31744]
S4 BDVEDISK;BDVEDISK;\??\c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys --> c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [?]
S4 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2006-07-11 857088]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e75d4ee0-3a8b-11dd-8a67-000e9b9da0c1}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-01-28 c:\windows\Tasks\Norton Internet Security - Michael - Full Scheduled Scan.job
- c:\program files\Norton Internet Security\Engine\16.2.0.7\Navw32.exe [2009-01-27 19:46]
2009-01-29 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-05-26 01:13]
2009-01-29 c:\windows\Tasks\User_Feed_Synchronization-{2620EAD7-BC1C-4251-AAE1-29259DC03806}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://my.yahoo.com/uInternet Settings,ProxyOverride = localhost
IE: &Download All by Gigaget - c:\program files\Giganology\Gigaget\getallurl.htm
IE: &Download by Gigaget - c:\program files\Giganology\Gigaget\geturl.htm
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Send To &Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: runaware.com\www
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
DPF: {01118F00-3E00-11D2-8470-0060089874ED} -
hxxp://symantec.atgnow.com/sdccommon/download/ssrc.cabDPF: {01119400-3E00-11D2-8470-0060089874ED} -
hxxp://symantec.atgnow.com/sdccommon/do ... tctlln.cabDPF: {2DAD3559-2923-4935-AD49-B673D2539944} -
hxxps://www-307.ibm.com/pc/support/acce ... /AcpIR.cabDPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} -
hxxp://192.168.0.11/RtspVaPgDec.cabFF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\m1avtbsq.default\
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-29 18:38:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1808520581-749987178-1554975260-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1808520581-749987178-1554975260-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F41CD467-AFEC-446D-8D68-CA42FD624646}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oafldjdeelohgpceimacjeppfljbja"=hex:6a,61,6d,6a,66,68,69,6d,70,6b,6d,63,6c,69,
69,6f,68,70,61,67,00,4b
"napjbciendolihgeahgoldhodfkc"=hex:69,61,6d,6a,6c,66,6f,69,67,6f,6f,67,66,6c,
6d,6f,6c,6b,00,00
[HKEY_USERS\S-1-5-21-1808520581-749987178-1554975260-1005\Software\YourCompanyName\YourProductName\Version*]
"VersionData"=hex:19,ce,e3,3f,a8,5f,6b,85,ba,9e,5e,be,46,5c,0c,a8,a4,70,1d,29,
89,dc,6c,6d,e0,0f,75,d0,91,33,fa,0d,40,1f,c1,0d,a3,67,a8,c2,2f,22,ee,86,84,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1180)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\windows\system32\tphklock.dll
- - - - - - - > 'lsass.exe'(1236)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\progra~1\Polycom\COMMUN~1\APPLIC~1\PLCMGO~1.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\windows\system32\TPHDEXLG.exe
c:\windows\system32\TpKmpSvc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\system32\WFXSVC.EXE
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-01-29 18:44:13 - machine was rebooted [Michael]
ComboFix-quarantined-files.txt 2009-01-29 23:43:57
Pre-Run: 36,228,427,776 bytes free
Post-Run: 36,279,349,248 bytes free
496 --- E O F --- 2008-12-18 13:41:52
==================================================Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:48:41 PM, on 1/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\PrettyMayBusiness\PrettyMay.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Polycom\Communicator_for_skype\Application\Polycom_Communicator.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\Polycom\COMMUN~1\APPLIC~1\PLCMGO~1.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://windowsupdate.microsoft.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll
O3 - Toolbar: NewsStand Toolbar - {6E94ACD5-2C6A-48AC-84EF-A4DE746D385F} - C:\Program Files\NewsStand\Reader\NSIETool.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PrettyMay] C:\Program Files\PrettyMayBusiness\PrettyMay.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Professional 5\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Polycom Communicator.lnk = C:\Program Files\Polycom\Communicator_for_skype\Application\Polycom_Communicator.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: Append the content of the link to existing PDF file -
res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file -
res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Append to existing PDF file -
res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Create PDF file -
res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link -
res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links -
res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 -
res://C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll /100
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone:
http://www.runaware.comO16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) -
http://symantec.atgnow.com/sdccommon/do ... gctlsi.cabO16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) -
http://symantec.atgnow.com/sdccommon/download/ssrc.cabO16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) -
http://symantec.atgnow.com/sdccommon/do ... tctlln.cabO16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) -
https://support.microsoft.com/OAS/ActiveX/MSDcode.cabO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... oader5.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/betapit/PCPitStop.CABO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://www.pandasecurity.com/activescan ... stubie.cabO16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) -
https://www-307.ibm.com/pc/support/acce ... /AcpIR.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) -
http://192.168.0.11/RtspVaPgDec.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se6662.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -
https://webdl.symantec.com/activex/symdlmgr.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 5341675437O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) -
http://software.newsstand.com/reader/li ... etupml.cabO16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
http://www-307.ibm.com/pc/support/IbmEgath.cabO16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) -
http://192.168.0.253/bl_camera.cabO16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) -
http://192.168.0.251/SysCamInst.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
https://www-secure.symantec.com/techsup ... mAData.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) -
https://livewc01.custhelp.com/7530-b327 ... a/RntX.cabO16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -
http://dlm.tools.akamai.com/dlmanager/v ... .2.1.6.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 22897 bytes