Thread: Ad popups/spyware/who knows what :(
View Single Post
Old 07-03-2007, 10:36 PM   #5 (permalink)
tstevens
Registered User
 
Join Date: Jul 2007
Posts: 7
OS: WinXP


Re: Ad popups/spyware/who knows what :(
Thanks for the reply.

For some reason, that activescan just unceremoniously dies in the middle of the scan so no results are generated - but, it never did show viruses again.

I re-ran mcafee & adaware & they found plenty of cookies but nothing else; and, have yet to see any more popups, so hopefully that's that.

Below is a post-removal hijack scan. I see that these entries are there:
O2 - BHO: (no name) - {930D35D2-094D-41B9-8E89-D1B76F2C6E97} - C:\WINDOWS\system32\ljjjhgh.dll (file missing)
O2 - BHO: (no name) - {93160B03-7D13-48B7-824C-D520D952FC61} - C:\WINDOWS\system32\awvtr.dll (file missing)

And:
{930D35D2-094D-41B9-8E89-D1B76F2C6E97} C:\WINDOWS\system32\ljjjhgh.dll [x]
{93160B03-7D13-48B7-824C-D520D952FC61} C:\WINDOWS\system32\awvtr.dll [x]

These were the pesky DLLs. Any suggestions on how to completely get rid of them (assume the "file missing" and "[x]" is a good thing, but would like to remove ALL traces of this junk).

Thanks for your advice!
Tim

Deckard's System Scanner v20070611.50
Run by tstevens on 2007-07-03 at 21:30:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as tstevens.exe) --------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:31:15 PM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Cisco Systems\CEPS\CEPSWatch.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\NetTime\NeTmSvNT.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpScrLk.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\NetTime\NetTime.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\FarStone\GameDrive\GDTask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Funk Software\Odyssey Client\OdTray.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Restore Desktop\RestoreDesktop.exe
C:\Program Files\Pidgin\pidgin.exe
C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~1\OFFICE11\OUTLOOK.EXE
C:\Program Files\Qualcomm\Eudora\Eudora.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Documents and Settings\tstevens\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\tstevens.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/tstevens/Application%20Data/Mozilla/Firefox/Profiles/tstevens/bookmarks.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wwwin.cisco.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {930D35D2-094D-41B9-8E89-D1B76F2C6E97} - C:\WINDOWS\system32\ljjjhgh.dll (file missing)
O2 - BHO: (no name) - {93160B03-7D13-48B7-824C-D520D952FC61} - C:\WINDOWS\system32\awvtr.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iPCCheck] "C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe" /startup
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [NetTime] C:\Program Files\NetTime\NetTime.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [GameDrive] "C:\Program Files\FarStone\GameDrive\GDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Funk Software\Odyssey Client\OdTray.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [Restore Desktop] "C:\Program Files\Restore Desktop\Restore Desktop.exe"
O4 - HKCU\..\Run: [RestoreDesktop] C:\Program Files\Restore Desktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O4 - HKCU\..\Run: [NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Manage Printers.lnk = C:\Program Files\Cisco Systems\CEPS\AddPrinter.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {89242969-422B-46BF-B0D5-6A7B7DC4D0E0} (NAS Finder Helper) - file://C:\Documents and Settings\tstevens\My Documents\Downloads\SimpleShare NASfinder\html\nafcom.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cisco.com
O17 - HKLM\Software\..\Telephony: DomainName = cisco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{64FAB028-E97D-41AB-AC5F-86EFFDCCF481}: Domain = cisco.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAECE885-DD55-4FF7-B392-F0324082F68B}: Domain = cisco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cisco.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cisco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cisco.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = cisco.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cisco.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: OdysseyClient - C:\WINDOWS\SYSTEM32\odyEvent.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winopn32 - winopn32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: CEPS Watch - Cisco Systems - C:\Program Files\Cisco Systems\CEPS\CEPSWatch.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: CREDANT Mobile Guardian Gatekeeper (guardian) - CREDANT Technologies - C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NetTime (NetTimeSvc) - Subjective Software - C:\Program Files\NetTime\NeTmSvNT.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe


-- Files created between 2007-06-03 and 2007-07-03 -----------------------------

2007-07-03 1726 0 d-------- C:\VundoFix Backups
2007-07-03 14:26:03 0 d-------- C:\Program Files\SpywareBlaster
2007-07-03 14:17:56 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-01 18:10:20 0 d-------- C:\Program Files\Lavasoft
2007-07-01 18:10:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-07-01 18:09:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-01 17:57:46 0 d-------- C:\Program Files\Burrrn
2007-07-01 12:58:05 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-06-30 12:04:44 0 d-------- C:\Program Files\Rockstar Games
2007-06-28 23:50:17 0 d-------- C:\Documents and Settings\tstevens\Application Data\Leadertech
2007-06-28 20:38:49 0 d-------- C:\Program Files\Creative
2007-06-28 10:18:02 0 d-------- C:\usr
2007-06-27 20:59:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-06-27 20:43:01 0 d-------- C:\Documents and Settings\tstevens\Application Data\Symantec
2007-06-27 20:42:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-06-27 20:42:16 0 d-------- C:\Program Files\Symantec
2007-06-27 20:42:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-27 20:42:03 4588454 --a------ C:\Program Files\setup.exe <Not Verified; Symantec; Norton Ghost 10.0>
2007-06-27 20:42:00 0 d-------- C:\Program Files\Support
2007-06-27 20:42:00 0 d-------- C:\Program Files\Driver Validation
2007-06-22 21:18:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-06-22 21:14:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\FarStone
2007-06-22 21:13:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Kensington
2007-06-22 21:00:38 0 d-------- C:\Documents and Settings\tstevens\Application Data\Smith Micro
2007-06-22 20:57:58 0 d-------- C:\Program Files\Novatel Wireless
2007-06-22 20:57:38 0 d-------- C:\Program Files\Verizon Wireless
2007-06-22 11:04:18 0 d-------- C:\Documents and Settings\tstevens\Application Data\AdobeUM
2007-06-21 23:41:35 0 d-------- C:\Temp
2007-06-21 23:34:55 0 d-------- C:\Program Files\IP_Viewer
2007-06-21 23:34:44 286720 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-06-21 23:34:43 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-06-21 19:20:22 0 d-------- C:\Program Files\Funk Software
2007-06-21 19:20:22 0 d-------- C:\Program Files\Common Files\Funk Software
2007-06-21 18:18:06 0 d-------- C:\Documents and Settings\tstevens\Application Data\AcWizard
2007-06-21 13:49:59 0 d-------- C:\WINDOWS\pss
2007-06-21 09:35:52 0 d-------- C:\Documents and Settings\tstevens\.thumbnails
2007-06-21 09:33:17 0 d-------- C:\Documents and Settings\tstevens\.gimp-2.2
2007-06-20 19:20:21 0 d-------- C:\Documents and Settings\tstevens\Application Data\FarStone
2007-06-20 19:14:15 65536 --a------ C:\WINDOWS\system32\GDPersns.dat
2007-06-20 19:13:56 37409 --a------ C:\WINDOWS\system32\drivers\fsRamDsk.sys <Not Verified; FarStone; FarStone RamDisk>
2007-06-20 19:13:44 14496 --a------ C:\WINDOWS\system32\GDI08X.dat
2007-06-20 19:13:44 10899 --a------ C:\WINDOWS\system32\drivers\fgdxbus.sys <Not Verified; FarStone Inc.; >
2007-06-20 19:13:44 72475 --a------ C:\WINDOWS\system32\drivers\fgdscsi.sys <Not Verified; FarStone Inc.; FarStone GameDrive>
2007-06-20 19:13:40 0 d-------- C:\Program Files\FarStone
2007-06-20 19:12:55 53248 -----n--- C:\WINDOWS\system32\RDrvNTInterface.dll <Not Verified; ; RDrv2KInterface Dynamic Link Library>
2007-06-20 19:12:55 32768 -----n--- C:\WINDOWS\system32\RDrv9xInterface.dll <Not Verified; ; RDrv9XInterface Dynamic Link Library>
2007-06-20 19:12:55 77824 -----n--- C:\WINDOWS\system32\RDrv2KInterface.dll <Not Verified; ; RDrv2KInterface Dynamic Link Library>
2007-06-20 19:12:54 36864 -----n--- C:\WINDOWS\system32\unVHDDrvExe.exe
2007-06-20 19:12:54 28672 -----n--- C:\WINDOWS\system32\RDrvInterface.dll <Not Verified; ; RDrvInterface Dynamic Link Library>
2007-06-20 19:12:54 36864 -----n--- C:\WINDOWS\system32\inVHDDrvExe.exe
2007-06-20 19:12:54 45056 --a------ C:\WINDOWS\system32\Fsinst32.dll
2007-06-20 19:12:54 5120 --a------ C:\WINDOWS\system32\Fsinst16.DLL
2007-06-20 19:12:54 81920 --a------ C:\WINDOWS\system32\Dversion.dll <Not Verified; FarStone; Farstone Dversion>
2007-06-20 19:12:54 122880 --a------ C:\WINDOWS\system32\DVC.dll <Not Verified; Farstone; Farstone DVC>
2007-06-20 19:10:21 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-06-20 19:08:59 0 d-------- C:\Program Files\CyberLink
2007-06-20 11:09:56 4608 --a------ C:\WINDOWS\system32\W95Inf32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-06-20 11:09:56 2272 --a------ C:\WINDOWS\system32\W95Inf16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-06-20 10:08:45 0 d-------- C:\Documents and Settings\tstevens\Application Data\gtk-2.0
2007-06-20 07:31:36 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-19 21:50:05 0 d-------- C:\Documents and Settings\tstevens\Application Data\Talkback
2007-06-19 21:49:26 0 d-------- C:\Documents and Settings\tstevens\Application Data\Thunderbird
2007-06-19 21:41:18 0 d-------- C:\Documents and Settings\tstevens\Application Data\Adobe
2007-06-19 15:37:42 0 d-------- C:\Documents and Settings\tstevens\Bluetooth Software
2007-06-19 15:23:44 0 d-------- C:\WINDOWS\Sun
2007-06-19 15:19:47 0 d-------- C:\Program Files\WinSCP
2007-06-19 15:18:31 0 d-------- C:\Documents and Settings\tstevens\Application Data\WinRAR
2007-06-19 15:17:26 0 d-------- C:\Program Files\WinHTTrack
2007-06-19 15:09:16 0 d-------- C:\Program Files\Sysinternals
2007-06-19 14:41:44 0 d-------- C:\Program Files\TightVNC
2007-06-19 14:41:11 0 d-------- C:\Program Files\RealVNC
2007-06-19 14:37:21 40960 --a------ C:\WINDOWS\system32\Twscan32.dll
2007-06-19 14:37:21 221184 --a------ C:\WINDOWS\system32\Tiff32.dll <Not Verified; Black Ice Software, Inc.; Black Ice Software, Inc. Tiff32>
2007-06-19 14:37:21 90112 --a------ C:\WINDOWS\system32\Tga32.dll
2007-06-19 14:37:21 122880 --a------ C:\WINDOWS\system32\Png32.dll
2007-06-19 14:37:21 81920 --a------ C:\WINDOWS\system32\Pcx32.dll
2007-06-19 14:37:21 110592 --a------ C:\WINDOWS\system32\Jpeg32.dll
2007-06-19 14:37:21 241664 --a------ C:\WINDOWS\system32\Image32.dll
2007-06-19 14:37:21 118784 --a------ C:\WINDOWS\system32\Faxmng32.dll <Not Verified; Black Ice Software, Inc; Black Ice Software, Inc Faxmng32>
2007-06-19 14:37:21 954368 --a------ C:\WINDOWS\system32\Faxcpp32.dll <Not Verified; Black Ice Software, Inc.; Black Ice Software, Inc. Faxcpp CPP>
2007-06-19 14:37:20 131072 --a------ C:\WINDOWS\system32\mtrcom32.dll <Not Verified; LifeScan, Inc.; mtrcom32.dll>
2007-06-19 14:37:20 167936 --a------ C:\WINDOWS\system32\Cp.dll <Not Verified; Black Ice Software, Inc.; BlackIce Cover Page Editor>
2007-06-19 14:37:20 237568 --a------ C:\WINDOWS\system32\Bitmani.dll <Not Verified; Black Ice Software, Inc.; Black Ice Software, Inc. Bitmani>
2007-06-19 14:37:13 0 d-------- C:\Program Files\LifeScan
2007-06-19 14:34:28 248176 --a------ C:\WINDOWS\UNINST16.EXE <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-06-19 14:30:22 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-06-19 14:30:01 0 d-------- C:\Program Files\Microsoft IntelliType Pro 5.5
2007-06-19 14:26:20 0 d-------- C:\Program Files\Last.fm
2007-06-19 14:24:37 0 d-------- C:\Documents and Settings\tstevens\Application Data\Google
2007-06-19 14:18:32 0 d-------- C:\Program Files\Google
2007-06-19 14:16:39 0 d-------- C:\Program Files\GoldWave
2007-06-19 14:15:31 13584 --a------ C:\WINDOWS\system32\rpcltc1.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-06-19 14:15:31 0 d-------- C:\Program Files\FrameViewer
2007-06-19 14:11:26 0 d-------- C:\Program Files\CUE Splitter
2007-06-19 13:59:11 0 d-------- C:\Documents and Settings\tstevens\Application Data\Creative
2007-06-19 13:48:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Creative
2007-06-19 13:48:49 0 d--h----- C:\Program Files\Creative Installation Information
2007-06-19 13:44:34 0 d-------- C:\Program Files\Bulk Rename Utility
2007-06-19 13:44:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Tarma Installer
2007-06-19 13:42:53 0 d-------- C:\Program Files\BitTorrent
2007-06-19 13:40:10 0 d-------- C:\Perl
2007-06-19 13:32:03 0 d-------- C:\Documents and Settings\tstevens\Application Data\.purple
2007-06-19 13:31:29 0 d-------- C:\Program Files\Aspell
2007-06-19 13:30:45 0 d-------- C:\Program Files\Pidgin
2007-06-19 13:26:08 0 d-------- C:\Program Files\GIMP-2.0
2007-06-19 13:24:41 0 d-------- C:\Program Files\Common Files\GTK
2007-06-19 12:45:53 0 d-------- C:\Documents and Settings\tstevens\Application Data\Kensington
2007-06-19 12:38:23 176128 --a------ C:\WINDOWS\system32\kmw_show.exe
2007-06-19 12:38:23 106496 --a------ C:\WINDOWS\system32\kmw_run.exe <Not Verified; Kensington Technology Group; KMW>
2007-06-19 12:38:23 110592 --a------ C:\WINDOWS\system32\kmw_dll.dll <Not Verified; Kensington Technology Group; KMW>
2007-06-19 12:38:22 0 d-------- C:\Program Files\Kensington
2007-06-19 12:37:01 1156 --a------ C:\WINDOWS\mozver.dat
2007-06-19 12:36:14 0 d-------- C:\Program Files\WinPcap
2007-06-19 12:36:00 0 d-------- C:\Program Files\Wireshark
2007-06-19 12:33:49 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-06-19 10:51:50 0 d-------- C:\Program Files\Taskbar Commander
2007-06-19 10:40:10 0 d-------- C:\Program Files\Winamp
2007-06-19 10:40:10 0 d-------- C:\Documents and Settings\tstevens\Application Data\Winamp
2007-06-19 10:38:02 0 d-------- C:\Program Files\NetTime
2007-06-19 10:33:56 317952 -ra------ C:\WINDOWS\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2007-06-19 10:33:56 48640 -ra------ C:\WINDOWS\system32\INETWH32.DLL <Not Verified; Blue Sky Software; Blue Sky Software - INETWH32>
2007-06-19 10:33:56 0 d-------- C:\Program Files\Qualcomm
2007-06-19 10:32:00 0 d-------- C:\Program Files\Restore Desktop
2007-06-19 10:01:27 0 d-------- C:\Program Files\MSXML 6.0
2007-06-19 10:01:01 0 d-------- C:\Program Files\MSBuild
2007-06-19 09:58:49 0 d-------- C:\WINDOWS\system32\XPSViewer
2007-06-19 09:58:25 0 d-------- C:\Program Files\Reference Assemblies
2007-06-19 09:57:09 0 d-------- C:\Program Files\Windows Media Connect 2
2007-06-19 09:55:45 0 d-------- C:\WINDOWS\system32\LogFiles
2007-06-19 09:55:45 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-19 09:43:55 0 d---s---- C:\Documents and Settings\tstevens\UserData
2007-06-19 07:30:53 0 d--h----- C:\BJPrinter
2007-06-18 21:21:32 0 d-------- C:\Documents and Settings\tstevens\Application Data\TextPad
2007-06-18 21:18:12 0 d-------- C:\Program Files\TextPad 4
2007-06-18 21:17:01 0 d-------- C:\Program Files\teraterm
2007-06-18 20:50:17 0 d-------- C:\Documents and Settings\tstevens\Application Data\PGP Corporation
2007-06-18 20:50:17 0 d-------- C:\Documents and Settings\All Users\Application Data\PGP Corporation
2007-06-18 20:50:14 53248 --a------ C:\WINDOWS\system32\PGPtclP11.dll <Not Verified; PGP Corporation; PGPsdk>
2007-06-18 20:50:14 258048 --a------ C:\WINDOWS\system32\PGPsdkUI.dll <Not Verified; PGP Corporation; PGPsdk>
2007-06-18 20:50:14 335872 --a------ C:\WINDOWS\system32\PGPsdkNL.dll <Not Verified; PGP Corporation; PGPsdk>
2007-06-18 20:50:14 1323008 --a------ C:\WINDOWS\system32\PGPsdk.dll <Not Verified; PGP Corporation; PGPsdk>
2007-06-18 20:50:14 1019904 --a------ C:\WINDOWS\system32\PGPsc.dll <Not Verified; PGP Corporation; PGP>
2007-06-18 20:50:14 36864 --a------ C:\WINDOWS\system32\PGPhk.dll <Not Verified; PGP Corporation; PGP>
2007-06-18 20:50:14 1572864 --a------ C:\WINDOWS\system32\PGPclientLib.dll <Not Verified; PGP Corporation; PGP>
2007-06-18 20:50:14 169120 -----n--- C:\WINDOWS\system32\drivers\PGPdisk.sys <Not Verified; PGP Corporation; PGP>
2007-06-18 20:50:13 69632 --a------ C:\WINDOWS\system32\PGPServ.exe <Not Verified; PGP Corporation; PGPsdk>
2007-06-18 20:50:13 208896 --a------ C:\WINDOWS\system32\PGPoe.dll <Not Verified; PGP Corporation; PGP>
2007-06-18 20:50:13 90112 --a------ C:\WINDOWS\system32\PGPmn.dll <Not Verified; PGP Corporation; PGP>
2007-06-18 20:50:13 217088 --a------ C:\WINDOWS\system32\PGPexch.dll <Not Verified; PGP Corporation; PGP>
2007-06-18 20:50:13 26624 --a------ C:\WINDOWS\system32\drivers\PGPsdk.sys <Not Verified; PGP Corporation; PGPsdk>
2007-06-18 20:50:12 585728 --a------ C:\WINDOWS\system32\PGPdiskUI.dll <Not Verified; PGP Corporation; PGP>
2007-06-18 20:50:12 323584 --a------ C:\WINDOWS\system32\PGPdiskEngine.dll <Not Verified; PGP Corporation; PGP>
2007-06-18 20:50:12 0 d-------- C:\Program Files\PGP Corporation
2007-06-18 16:07:10 0 d-------- C:\Documents and Settings\tstevens\Application Data\Sametime
2007-06-18 16:04:12 0 d-------- C:\Program Files\Common Files\Altiris
2007-06-18 16:02:28 143360 --a------ C:\WINDOWS\system32\wisenet.dll <Not Verified; ; WiseNet Dynamic Link Library>
2007-06-18 15:50:11 0 d-------- C:\SWSHARE
2007-06-18 15:18:54 0 d-------- C:\WINDOWS\system32\Client Security Solution
2007-06-18 15:14:10 0 d-------- C:\SWTOOLS
2007-06-18 15:04:01 0 d-------- C:\Documents and Settings\tstevens\Application Data\Intel
2007-06-18 14:58:28 0 d-------- C:\Drivers
2007-06-18 14:34:38 0 d-------- C:\Documents and Settings\All Users\Application Data\UIB
2007-06-18 14:27:14 0 d-------- C:\Documents and Settings\All Users\Application Data\PC-Doctor
2007-06-18 14:26:30 0 d-------- C:\Program Files\PCDR5
2007-06-18 14:24:55 188 --a------ C:\WINDOWS\x
2007-06-18 14:22:14 0 d-------- C:\Program Files\Digital Line Detect
2007-06-18 14:22:04 0 d-------- C:\Program Files\NetWaiting
2007-06-18 14:22:04 0 d-------- C:\Documents and Settings\tstevens\Application Data\InstallShield
2007-06-18 14:05:51 0 d-------- C:\WINDOWS\system32\(null)
2007-06-18 14:05:47 0 d-------- C:\Program Files\Common Files\Lenovo
2007-06-18 13:53:03 0 d-------- C:\Documents and Settings\tstevens\Application Data\Lenovo
2007-06-18 13:22:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-06-18 12:24:43 0 d-------- C:\WINDOWS\system32\PreInstall
2007-06-18 12:14:45 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-18 12:07:14 0 d-------- C:\Program Files\McAfee.com
2007-06-18 12:07:07 0 d-------- C:\Program Files\Common Files\McAfee
2007-06-18 12:07:01 0 d-------- C:\Program Files\McAfee
2007-06-18 12:04:30 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-06-18 11:42:27 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-06-18 11:42:23 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-06-18 11:35:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-18 11:35:48 0 d-------- C:\Documents and Settings\tstevens\Application Data\Mozilla
2007-06-18 11:25:45 0 d-------- C:\WINDOWS\system32\appmgmt
2007-06-18 11:23:43 10 -ra------ C:\Program Files\altiris
2007-06-18 11:20:30 0 d-------- C:\Documents and Settings\tstevens\Application Data\Funk Software
2007-06-18 11:19:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Funk Software
2007-06-18 11:02:47 0 d-------- C:\Program Files\Connected
2007-06-18 11:02:01 0 d-------- C:\Program Files\Secure Computing
2007-06-18 10:59:59 815162 --a------ C:\WINDOWS\system32\CredUtil.exe
2007-06-18 10:59:49 209408 --a------ C:\WINDOWS\system32\drivers\CmgShieldCEF.sys <Not Verified; Credant Technologies, Inc.; Mobile Guardian Shield>
2007-06-18 10:59:46 139776 --a------ C:\WINDOWS\system32\drivers\CMGShieldReg.sys <Not Verified; Credant Technologies, Inc.; Mobile Guardian Shield>
2007-06-18 10:59:01 0 d-------- C:\Default
2007-06-18 10:57:32 65536 -----n--- C:\WINDOWS\system32\ipgina.dll <Not Verified; iPass; iPass iPGina>
2007-06-18 10:57:24 15793 --a------ C:\WINDOWS\system32\drivers\mdc80211.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
2007-06-18 10:57:22 0 d-------- C:\Program Files\iPass
2007-06-18 10:57:03 147522 --a------ C:\WINDOWS\system32\odyGina.dll <Not Verified; Funk Software, Inc.; Odyssey>
2007-06-18 10:57:02 106496 --a------ C:\WINDOWS\system32\odyEvent.dll <Not Verified; Funk Software, Inc.; Odyssey>
2007-06-18 10:57:02 647246 --a------ C:\WINDOWS\system32\odGinaLibrary.dll <Not Verified; Funk Software, Inc.; Odyssey>
2007-06-18 10:55:55 0 d--h----- C:\Documents and Settings\tstevens\Local Settings
2007-06-18 10:55:54 0 d--h----- C:\Documents and Settings\tstevens\Templates
2007-06-18 10:55:54 0 dr------- C:\Documents and Settings\tstevens\Start Menu
2007-06-18 10:55:54 0 dr-h----- C:\Documents and Settings\tstevens\SendTo
2007-06-18 10:55:54 0 dr-h----- C:\Documents and Settings\tstevens\Recent
2007-06-18 10:55:54 0 d--h----- C:\Documents and Settings\tstevens\PrintHood
2007-06-18 10:55:54 5505024 --ah----- C:\Documents and Settings\tstevens\ntuser.dat
2007-06-18 10:55:54 0 d--h----- C:\Documents and Settings\tstevens\NetHood
2007-06-18 10:55:54 0 dr------- C:\Documents and Settings\tstevens\My Documents
2007-06-18 10:55:54 0 d-------- C:\Documents and Settings\tstevens\Favorites
2007-06-18 10:55:54 0 d-------- C:\Documents and Settings\tstevens\Desktop
2007-06-18 10:55:54 0 d---s---- C:\Documents and Settings\tstevens\Cookies
2007-06-18 10:55:54 0 dr-h----- C:\Documents and Settings\tstevens\Application Data
2007-06-18 10:55:54 0 d-------- C:\Documents and Settings\tstevens\Application Data\Sun
2007-06-18 10:55:54 0 d-------- C:\Documents and Settings\tstevens\Application Data\Sonic
2007-06-18 10:55:54 0 d-------- C:\Documents and Settings\tstevens\Application Data\Macromedia
2007-06-18 10:55:54 0 d-------- C:\Documents and Settings\tstevens\Application Data\Identities
2007-06-18 10:55:54 0 d-------- C:\Documents and Settings\tstevens\Application Data\ATI
2007-06-18 10:55:33 0 d--hs---- C:\WINDOWS\CSC
2007-06-18 10:51:43 0 d-------- C:\WINDOWS\SchCache
2007-06-18 10:50:41 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-18 10:50:40 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-18 10:50:40 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-18 10:50:40 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-18 10:50:40 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-06-18 10:50:40 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-18 10:50:40 1310720 --ah----- C:\Documents and Settings\Administrator\ntuser.dat
2007-06-18 10:50:40 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-18 10:50:40 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-06-18 10:50:40 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-06-18 10:50:40 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-18 10:50:40 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-06-18 10:50:40 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-18 10:50:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-06-18 10:50:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-06-18 10:50:40 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-18 10:50:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-06-18 10:50:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-06-18 10:50:40 0 d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2007-06-18 10:46:49 1048576 --ah----- C:\Documents and Settings\Default User\ntuser.dat
2007-06-18 10:46:48 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-06-18 10:46:48 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-06-18 10:46:48 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-06-18 10:46:48 0 dr-h----- C:\Documents and Settings\Default User\Recent
2007-06-18 10:46:48 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-06-18 10:46:48 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-06-18 10:46:48 0 dr------- C:\Documents and Settings\Default User\My Documents
2007-06-18 10:46:48 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-06-18 10:46:48 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-06-18 10:46:48 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-06-18 10:46:48 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-06-18 10:46:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun
2007-06-18 10:46:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Sonic
2007-06-18 10:46:48 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-06-18 10:46:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Macromedia
2007-06-18 10:46:48 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2007-06-18 10:46:48 0 d-------- C:\Documents and Settings\Default User\Application Data\ATI
2007-06-18 10:46:02 72781 --a------ C:\WINDOWS\system32\CEPSProvidor.dll
2007-06-13 22:13:04 0 d-------- C:\Program Files\Common Files\PostureAgent
2007-06-13 22:12:50 0 d-------- C:\WINDOWS\system32\bin
2007-06-13 22:08:17 0 d-------- C:\Program Files\Common Files\Cisco Systems
2007-06-13 22:07:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Network Associates
2007-06-13 22:07:55 0 d-------- C:\Program Files\Network Associates
2007-06-13 2233 0 d-------- C:\WINDOWS\Internet Logs
2007-06-13 22:03:36 113596 --a------ C:\WINDOWS\system32\dneinobj.dll <Not Verified; Deterministic Networks, Inc.; >
2007-06-13 22:03:34 0 d-------- C:\Program Files\Common Files\Deterministic Networks
2007-06-13 22:02:51 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-13 22:02:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-06-13 22:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Credant
2007-06-13 22:01:36 0 d-------- C:\Program Files\Credant
2007-06-13 22:01:32 0 d-------- C:\Program Files\UPHClean
2007-06-13 21:54:34 0 d-------- C:\Program Files\Java
2007-06-13 21:54:34 0 d-------- C:\Program Files\Common Files\Java
2007-06-13 21:53:55 59 --a------ C:\WINDOWS\system32\drivers\IBM_
2007-06-13 21:53:45 0 d-------- C:\Documents and Settings\LocalService\Application Data\Lenovo
2007-06-13 21:48:42 32768 --a------ C:\WINDOWS\system32\TpKmpSvc.exe
2007-06-13 21:48:38 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft(R) MSXML 4.0 SP1>
2007-06-13 21:48:26 0 d-------- C:\Program Files\ThinkVantage
2007-06-13 21:48:26 0 d-------- C:\Icons
2007-06-13 21:48:24 40960 --a------ C:\WINDOWS\system32\TP4HOOK.dll <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>
2007-06-13 21:48:24 65536 --a------ C:\WINDOWS\system32\TP4EX.exe <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>
2007-06-13 21:48:24 40960 --a------ C:\WINDOWS\system32\tp4cross.exe <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>
2007-06-13 21:48:24 45056 --a------ C:\WINDOWS\system32\FPCALL.dll
2007-06-13 21:48:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Lenovo
2007-06-13 21:47:51 0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-06-13 21:47:35 0 d-------- C:\Program Files\Common Files\Sonic
2007-06-13 21:47:05 0 d-------- C:\Program Files\Sonic
2007-06-13 21:47:05 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-06-13 21:46:41 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2007-06-13 21:46:41 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2007-06-13 21:46:41 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2007-06-13 21:46:41 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2007-06-13 21:46:41 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2007-06-13 21:46:41 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2007-06-13 21:46:37 0 d-------- C:\Program Files\InterVideo
2007-06-13 21:46:16 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-06-13 21:46:01 9343 -----n--- C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2007-06-13 21:46:01 14848 -----n--- C:\WINDOWS\system32\drivers\SMAPINT.SYS <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-06-13 21:45:56 106496 --a------ C:\WINDOWS\system32\TpShocks.exe <Not Verified; Lenovo, Ltd. and IBM Corporation.; n/a TpShocks>
2007-06-13 21:45:56 479232 --a------ C:\WINDOWS\system32\TpShCPL.dll <Not Verified; IBM Corp.; n/a TpShCPL>
2007-06-13 21:45:56 24576 --a------ C:\WINDOWS\system32\TpPenMon.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System - Pen Activity Monitor>
2007-06-13 21:45:56 24576 --a------ C:\WINDOWS\system32\TpPenMon.dll <Not Verified; Lenovo.; ThinkVantage Active Protection System - Pen Monitor Module>
2007-06-13 21:45:56 77824 --a------ C:\WINDOWS\system32\TPHDEXLG.exe <Not Verified; Lenovo.; ThinkVantage Active Protection System>
2007-06-13 21:45:56 61440 --a------ C:\WINDOWS\system32\Sensor.dll <Not Verified; Lenovo.; ThinkVantage Active Protection System>
2007-06-13 21:45:56 85760 --a------ C:\WINDOWS\system32\drivers\shockprf.sys <Not Verified; Lenovo; ThinkVantage Active Protection System>
2007-06-13 21:45:56 4736 --a------ C:\WINDOWS\system32\drivers\ShockMgr.sys <Not Verified; Lenovo.; ThinkVantage Active Protection System>
2007-06-13 21:45:37 0 d-------- C:\Program Files\Lenovo
2007-06-13 21:45:23 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2007-06-13 21:43:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2007-06-13 21:43:27 0 d-------- C:\Program Files\Synaptics
2007-06-13 21:43:22 0 d-------- C:\Program Files\ThinkPad
2007-06-13 21:43:20 0 d-------- C:\Program Files\CONEXANT
2007-06-13 21:43:06 21425 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
2007-06-13 21:43:06 319488 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2007-06-13 21:42:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2007-06-13 21:42:43 0 d------c- C:\WINDOWS\system32\DRVSTORE
2007-06-13 21:42:11 53248 -----n--- C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2007-06-13 21:42:11 1285632 -----n--- C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2007-06-13 21:42:11 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2007-06-13 21:42:11 45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2007-06-13 21:38:27 0 d-------- C:\Program Files\ATI Technologies
2007-06-13 21:38:25 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-06-13 21:36:47 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-06-13 21:36:46 0 d-------- C:\Program Files\Intel
2007-06-13 21:32:48 0 -rahs---- C:\MSDOS.SYS
2007-06-13 21:32:48 0 -rahs---- C:\IO.SYS
2007-06-13 21:32:38 0 d-------- C:\Program Files\Analog Devices
2007-06-13 20:30:05 56648 --a------ C:\WINDOWS\system32\drivers\btwusb.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2900>
2007-06-13 20:30:05 77824 --a------ C:\WINDOWS\system32\btw_ci.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.2900>
2007-06-13 20:27:10 86016 --a------ C:\WINDOWS\system32\PROCHLP.DLL <Not Verified; Lenovo Group Limited; Away Manager>
2007-06-13 20:27:10 73728 --a------ C:\WINDOWS\system32\IPSSVC.EXE <Not Verified; Lenovo Group Limited; Away Manager>
2007-06-13 20:27:10 5120 --a------ C:\WINDOWS\system32\drivers\PROCDD.SYS <Not Verified; Lenovo Group Limited; Away Manager>
2007-06-13 20:26:39 40960 --a------ C:\WINDOWS\system32\TpScrLk.exe
2007-06-13 20:26:25 24576 --a------ C:\WINDOWS\system32\tphklock.dll
2007-06-13 20:26:25 28672 --a------ C:\WINDOWS\system32\notifyf2.dll
2007-06-13 20:26:25 17699 --a------ C:\WINDOWS\system32\drivers\TPHKDRV.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
2007-06-13 20:25:49 0 d-------- C:\WINDOWS\Appsrc
2007-06-13 20:25:38 0 d-------- C:\WINDOWS\Cisco_IT
2007-06-04 15:18:48 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys <Not Verified; Lavasoft AB; Ad-Watch Connections>
2007-06-04 15:17:02 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys <Not Verified; Lavasoft AB; Ad-Watch Registry Protection>
2007-06-04 15:14:56 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys <Not Verified; Lavasoft AB; Ad-Watch Beta>


-- Find3M Report ---------------------------------------------------------------

2007-06-18 16:07:10 0 d-------- C:\Program Files\IBM
2007-06-18 11:27:22 0 d-------- C:\Program Files\Cisco Systems
2007-06-13 22:07:09 0 d-------- C:\Program Files\Windows Media Connect
2007-06-13 22:03:19 0 d-------- C:\Program Files\Netscape
2007-06-13 21:42:05 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-13 15:19:52 7680 --a------ C:\WINDOWS\system32\lsdelete.exe


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll
{930D35D2-094D-41B9-8E89-D1B76F2C6E97} C:\WINDOWS\system32\ljjjhgh.dll [x]
{93160B03-7D13-48B7-824C-D520D952FC61} C:\WINDOWS\system32\awvtr.dll [x]
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
{F040E541-A427-4CF7-85D8-75E3E0F476C5} C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CoolSwitch"="C:\\WINDOWS\\system32\\taskswitch.exe"
"PtiuPbmd"="Rundll32.exe ptipbm.dll,SetWriteBack"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"TPHOTKEY"="C:\\PROGRA~1\\Lenovo\\PkgMgr\\HOTKEY\\TPHKMGR.exe"
"TpShocks"="TpShocks.exe"
"TPKBDLED"="C:\\WINDOWS\\system32\\TpScrLk.exe"
"TP4EX"="tp4ex.exe"
"TPKMAPHELPER"="C:\\Program Files\\ThinkPad\\Utilities\\TpKmapAp.exe -helper"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"iPCCheck"="\"C:\\Program Files\\iPass\\iPassConnect\\downloader\\ipccheck.exe\" /startup"
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe /tray"
"TPFNF7"="C:\\Program Files\\Lenovo\\NPDIRECT\\TPFNF7SP.exe /r"
"NetTime"="C:\\Program Files\\NetTime\\NetTime.exe"
"kmw_run.exe"="kmw_run.exe"
"MSWheel"=""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"GameDrive"="\"C:\\Program Files\\FarStone\\GameDrive\\GDTask.exe\" /AutoRestore"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
@=""
"OdTray.exe"="\"C:\\Program Files\\Funk Software\\Odyssey Client\\OdTray.exe\""
"TVT Scheduler Proxy"="C:\\Program Files\\Common Files\\Lenovo\\Scheduler\\scheduler_proxy.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TPKMAPMN"="C:\\Program Files\\ThinkPad\\Utilities\\TpKmapMn.exe"
"Restore Desktop"="\"C:\\Program Files\\Restore Desktop\\Restore Desktop.exe\""
"RestoreDesktop"="C:\\Program Files\\Restore Desktop\\RestoreDesktop.exe"
"Pidgin"="C:\\Program Files\\Pidgin\\pidgin.exe"
"NPDTRAY"="C:\\PROGRA~1\\Lenovo\\NPDIRECT\\NPDTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogoff"="1"
"NoSMConfigurePrograms"=dword:00000001
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=hex:01,00,00,00
"NoSMMyPictures"=hex:01,00,00,00
"NoNetworkConnections"=hex:01,00,00,00
"NoSharedDocuments"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{930D35D2-094D-41B9-8E89-D1B76F2C6E97}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winopn32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-07-03 at 21:31:40 ---------
tstevens is offline