Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Windows Antivirus pop-up


  • This topic is locked This topic is locked
6 replies to this topic

#1 airik

airik

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 29 October 2008 - 09:51 PM

Hey, I need some help getting rid of this Windows Antivirus pop up. I get a message popping up in the bottom of my screen (like a windows update bubble) and also a pop-up in the middle of the screen.
The messages say this:

"Windows Antivirus

Windows has detected a spyware infection!
It is recommended to use special antispyware tools to prevent
data loss. windows will now download and install the most up-to-date
software for you.
Click here to protect your computer from spyware!"
(pops up in bottom right)

And the pop up window says this:

"Warning! Potential Spyware Operation!
Your computer is making unauthorized copies of your system and
Internet files. Run full scan now to prevent any unauthorized
access to your files! Click here to download spyware remover..."

They keep popping up, and if you click it it takes you to a website and attempts to force you to download some software of some kind.

Heres the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:56 PM, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvwaw.dll,startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

--
End of file - 15795 bytes

If anyone can help me out, it would be amazing.
Thanks

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:54 PM

Posted 30 October 2008 - 08:22 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

First let's get a more detailed log so we can determine the best plan of attack for you.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 airik

airik
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 30 October 2008 - 08:59 PM

Ok, thanks Sam, here they are:

OTViewIt logfile created on: 30/10/2008 9:53:22 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Eric\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.36 Mb Total Physical Memory | 485.37 Mb Available Physical Memory | 47.48% Memory free
2.40 Gb Paging File | 1.46 Gb Available in Paging File | 60.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.34 Gb Total Space | 3.76 Gb Free Space | 3.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99.72 Mb Total Space | 99.68 Mb Free Space | 99.96% Space Free | Partition Type: FAT

Computer Name: LENOVO-ERIC07
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/11/10 12:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
[2006/09/12 19:43:10 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/26 22:19:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/08/16 13:07:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
[2007/02/19 19:15:10 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
[2006/12/05 17:27:52 | 00,360,532 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/05/31 17:43:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
[2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[2008/10/27 00:10:51 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/09/22 22:24:59 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/01/03 20:38:58 | 01,922,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/08/07 12:12:38 | 01,073,544 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2006/11/17 04:07:00 | 00,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
[2006/07/14 20:24:52 | 00,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
[2006/12/29 02:53:14 | 00,480,784 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
[2006/12/29 02:53:06 | 00,943,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
[2005/06/20 15:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
[2005/06/07 00:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
[2006/07/14 20:42:22 | 00,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
[2006/07/14 21:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
[2006/07/14 21:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
[2006/07/14 18:52:48 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
[2007/02/19 19:15:14 | 00,172,032 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
[2006/07/14 20:36:00 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2006/09/12 19:43:10 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/12/29 02:53:14 | 00,214,544 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
[2007/02/19 19:15:58 | 00,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
[2006/07/14 21:13:14 | 02,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
[2006/05/18 19:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2004/08/04 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/07/14 21:20:38 | 00,817,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
[2006/02/14 01:17:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2006/02/14 01:16:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006/02/23 13:22:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
[2006/03/15 22:04:48 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
[2006/07/24 21:19:40 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
[2005/07/05 01:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
[2006/05/30 02:05:42 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
[2005/05/19 20:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2006/07/04 12:11:00 | 00,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
[2006/01/02 20:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/09/22 22:25:04 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/02/02 08:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
[2006/08/16 13:07:00 | 00,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
[2006/07/14 21:05:32 | 00,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[2007/02/19 19:02:32 | 00,110,592 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
[2006/03/13 19:38:56 | 00,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
[2004/07/14 18:36:54 | 00,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
[2005/03/17 14:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2003/11/06 18:51:32 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
[2006/03/28 15:48:54 | 00,622,592 | R--- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[2006/12/22 19:19:36 | 00,143,360 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
[2006/04/06 21:11:02 | 00,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
[2006/12/29 02:52:56 | 03,429,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/10/27 00:11:18 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/07/16 09:16:20 | 01,166,216 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2008/09/07 12:35:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2003/10/29 06:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2006/10/26 23:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[2008/10/28 05:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/27 00:11:18 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2006/01/02 20:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2006/12/29 02:53:10 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
[2008/10/28 05:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/30 21:52:25 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/26 22:19:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/02/19 19:15:10 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
[2006/12/05 17:27:52 | 00,360,532 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe -- (acs [Auto | Running])
[2007/02/19 19:15:14 | 00,172,032 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/09/12 19:43:10 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/05/31 17:43:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
[2008/10/27 00:11:18 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
[2008/10/27 00:10:51 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/11/10 12:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
[2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\Installshield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/08/16 13:07:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
[2008/09/22 22:24:59 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/01/03 20:38:58 | 01,922,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe -- (PcCtlCom [Auto | Running])
[2006/12/29 02:53:14 | 00,214,544 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe -- (PcScnSrv [On_Demand | Running])
[2006/11/16 19:14:14 | 00,023,552 | ---- | M] () -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv [On_Demand | Stopped])
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/08/07 12:12:38 | 01,073,544 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2006/04/14 13:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
[2006/11/17 04:07:00 | 00,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
[2006/07/14 20:24:52 | 00,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
[2006/12/29 02:53:14 | 00,480,784 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe -- (Tmntsrv [Auto | Running])
[2006/12/29 02:53:06 | 00,943,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe -- (TmPfw [Auto | Running])
[2006/12/29 02:53:10 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe -- (tmproxy [Auto | Running])
[2005/06/20 15:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])
[2005/06/07 00:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running])
[2006/07/14 20:42:22 | 00,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
[2006/07/14 21:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
[2006/07/14 21:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
[2006/07/14 18:52:48 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2001/08/17 08:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
[2006/01/30 22:19:34 | 00,176,128 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2006/04/26 17:42:40 | 00,093,824 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService [On_Demand | Running])
[2001/08/17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 02:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2005/11/08 12:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC [System | Running])
[2006/12/13 03:33:36 | 01,050,528 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416 [On_Demand | Running])
[2001/08/17 16:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 16:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/09/12 19:49:52 | 01,724,416 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/05/17 13:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running])
[2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2006/05/31 17:26:38 | 00,328,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
[2006/05/31 17:18:36 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Stopped])
[2006/05/31 17:22:26 | 00,851,434 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2006/05/31 17:15:42 | 00,148,996 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
[2006/05/31 17:13:28 | 00,045,683 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid [On_Demand | Stopped])
[2006/05/31 17:18:28 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
[2006/05/31 17:17:36 | 00,067,384 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2001/08/17 16:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 16:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/02/02 08:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/11/18 15:02:50 | 00,005,660 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/02/02 08:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2006/02/02 08:20:00 | 00,086,652 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/02/02 08:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/02/02 08:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/11/18 15:02:10 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2006/02/02 08:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/02/02 08:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2006/03/01 06:30:00 | 00,089,472 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/11/18 08:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2005/12/18 20:42:12 | 00,008,801 | ---- | M] () -- C:\Program Files\DScaler\DSDrv4.sys -- (DSDrv4 [On_Demand | Stopped])
[2001/08/17 08:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2006/04/20 02:06:50 | 00,181,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2008/10/26 14:19:11 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/12/05 22:21:32 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV [On_Demand | Running])
[2005/12/05 22:20:48 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL [On_Demand | Running])
[2005/10/11 20:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2005/11/10 12:33:00 | 00,010,112 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
[2006/01/13 03:33:22 | 00,006,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK [System | Running])
[2008/06/02 15:19:12 | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/06/02 15:19:16 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/06/10 21:22:52 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2005/10/05 02:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 16:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/04 02:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])
[2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2006/09/14 13:48:58 | 00,016,768 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse [On_Demand | Running])
[2006/10/14 12:56:46 | 00,014,592 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf [On_Demand | Running])
[2006/10/31 20:07:50 | 00,012,070 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\pelvendr.sys -- (pelvendr [On_Demand | Running])
[2007/07/12 17:51:47 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem [Auto | Running])
[2006/03/13 19:05:54 | 00,058,368 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk [Auto | Running])
[2006/08/16 13:07:00 | 00,005,120 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD [Auto | Running])
[2007/07/12 17:51:47 | 00,017,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/22 22:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 16:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 16:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 16:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2006/05/01 07:56:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31bus.sys -- (SE31bus [On_Demand | Stopped])
[2006/05/01 07:57:38 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mdfl.sys -- (SE31mdfl [On_Demand | Stopped])
[2006/05/01 07:57:42 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mdm.sys -- (SE31mdm [On_Demand | Stopped])
[2006/05/01 07:58:30 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mgmt.sys -- (SE31mgmt [On_Demand | Stopped])
[2006/05/01 07:56:16 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se31nd5.sys -- (se31nd5 [On_Demand | Stopped])
[2006/05/01 07:59:18 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31obex.sys -- (SE31obex [On_Demand | Stopped])
[2006/05/01 07:56:12 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se31unic.sys -- (se31unic [On_Demand | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/06/20 15:18:00 | 00,004,736 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr [System | Running])
[2006/03/15 20:08:00 | 00,088,576 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf [Boot | Running])
[2004/08/04 02:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2006/08/02 12:54:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [System | Running])
[2006/07/14 18:55:12 | 00,003,968 | ---- | M] (IBM Corp.) -- C:\Program Files\SMI2\smi2.sys -- (smi2 [Auto | Running])
[2006/04/25 22:00:00 | 00,003,456 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp [Auto | Running])
[2001/08/17 17:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/11/02 20:49:03 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2001/08/17 17:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 17:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 17:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 17:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/02/14 01:04:58 | 00,177,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2006/04/25 22:13:20 | 00,028,800 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2006/08/02 12:54:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
[2006/12/29 02:53:52 | 00,288,848 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2006/12/29 02:53:52 | 00,111,888 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tm_mbd_c.sys -- (tmmbd [Auto | Running])
[2008/07/18 19:08:32 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2006/12/29 02:53:52 | 00,075,088 | ---- | M] (Trend Micro Incorporated.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/07/18 19:08:38 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2005/07/05 01:57:06 | 00,017,699 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running])
[2006/05/25 12:13:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [System | Running])
[2006/07/20 13:54:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running])
[2006/07/14 20:27:22 | 00,012,544 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter [Auto | Running])
[2006/07/14 20:03:04 | 00,017,664 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter [On_Demand | Running])
[2001/08/17 16:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/09/05 22:16:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/07/18 18:51:32 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2005/12/05 22:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf [On_Demand | Running])
[2006/07/20 10:00:10 | 00,054,432 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD [On_Demand | Running])
[2006/06/01 15:15:20 | 00,509,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xnacc.sys -- (xnacc [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Secondary Start Pages"=
"Start Page"=http://lenovo.live.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Secondary Start Pages"=
"Start Page"=http://lenovo.live.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{F040E541-A427-4CF7-85D8-75E3E0F476C5} (HKLM) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN ()
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Limited)
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (Lenovo Group Limited)
"Mouse Suite 98 Daemon"=ICO.EXE (Primax Electronics Ltd.)
"MSDisp32"=rundll32.exe C:\WINDOWS\system32\drvwaw.dll,startup ()
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" (Trend Micro Inc.)
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" (Utimaco Safeware AG)
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"TP4EX"=tp4ex.exe (Lenovo Group Limited)
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
"TpShocks"=TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

========== (O4) Startup Folders ==========

[2003/10/29 06:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2006/10/26 23:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Eric\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
File not found -- C:\Documents and Settings\Eric\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 18:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 16:53:12 | 00,001,320 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 18:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 16:53:12 | 00,001,320 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{0045D4BC-5189-4b67-969C-83BB1906C421}: Menu: ThinkVantage Password Manager... -- %ProgramFiles%\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006/07/14 21:20:42 | 00,719,616 | ---- | M] (Lenovo Group Limited)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 23:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 23:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{7F9DB11C-E358-4ca6-A83D-ACC663939424}: Button: Bonjour -- %ProgramFiles%\Bonjour\ExplorerPlugin.dll [2007/07/24 16:17:08 | 00,516,096 | ---- | M] (Apple Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 23:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 11:58:44 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 11:58:44 | 00,110,592 | ---- | M] ()
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.11.30.dll [2007/12/04 23:40:02 | 00,464,184 | ---- | M] (BitComet)
{DA320635-F48C-4613-8325-D75A933C549E}: Button: System Update -- %ProgramFiles%\Lenovo\System Update\sulauncher.exe [2006/11/17 04:06:42 | 00,643,072 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{3304AA6F-80AB-4B24-B646-BCEF8F932FA4} (Servers: | Description: )
{7E733C68-067E-4DAE-9C92-9F2C8A291B36} (Servers: | Description: Sony Ericsson Device 049 USB Ethernet Emulation (NDIS 5))
{FA0345F4-9DE3-4198-82F9-5A549D342968} (Servers: | Description: 11a/b/g/n Wireless LAN Mini-PCI Express Adapter)
{FA1CB807-B019-4B35-8525-A1E052ACD4CD} (Servers: | Description: Intel® PRO/1000 PL Network Connection)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
>[2008/10/27 00:11:23 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"=vrlogon.dll
>[2006/04/25 22:21:28 | 00,513,536 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\vrlogon.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
ACNotify: "DllName" = ACNotify.dll -- C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll ()
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
AwayNotify: "DllName" = C:\Program Files\Lenovo\AwayTask\AwayNotify.dll -- C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
NavLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
psfus: "DllName" = psqlpwd.dll -- C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
tpfnf2: "DllName" = notifyf2.dll -- C:\WINDOWS\system32\notifyf2.dll ()
tphotkey: "DllName" = tphklock.dll -- C:\WINDOWS\system32\tphklock.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/04/30 03:13:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2008/10/30 21:52:24 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTViewIt.exe
[2008/10/29 23:08:50 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\2008-09_UWO_awards_document_list.doc
[2008/10/29 21:48:24 | 00,376,505 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\Brazil---1280x960.jpg
[2008/10/29 21:46:59 | 00,795,344 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\pc_Brazil2008_44.zip
[2008/10/28 16:43:01 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/28 16:42:52 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/27 20:33:33 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Eric\Desktop\spybotsd160.exe
[2008/10/27 20:21:42 | 04,921,676 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\setupxv.exe
[2008/10/27 20:02:41 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe
[2008/10/27 20:02:41 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/27 20:02:41 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/27 20:02:40 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2008/10/27 20:02:40 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008/10/27 20:02:40 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2008/10/27 20:02:40 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/10/27 20:02:40 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2008/10/27 20:02:40 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2008/10/27 20:02:40 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2008/10/27 20:02:40 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2008/10/27 20:02:40 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/10/27 20:02:40 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/10/27 20:02:40 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/10/27 00:13:37 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2008/10/27 00:13:37 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2008/10/27 00:13:37 | 00,042,376 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2008/10/27 00:13:37 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2008/10/27 00:13:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2008/10/27 00:13:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\PC Tools
[2008/10/27 00:13:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[2008/10/27 00:06:40 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\HijackThis.lnk
[2008/10/26 23:59:26 | 10,720,91136 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/26 23:21:58 | 00,006,168 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/26 23:20:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Desktop\SmitfraudFix
[2008/10/26 23:20:25 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Eric\Desktop\HJTInstall.exe
[2008/10/26 22:50:43 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\Send files to another computer.lnk
[2008/10/26 22:18:35 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/26 22:18:35 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/26 22:18:31 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/26 22:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/26 22:17:02 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\aaw2008.exe
[2008/10/25 19:27:16 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\drvwaw.dll
[2008/10/24 21:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\dvdcss
[2008/10/24 02:01:12 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/21 18:55:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Downloads
[2008/10/21 18:36:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Desktop\Incomplete
[2008/10/21 02:23:10 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\Live 6.0.3.lnk
[2008/10/21 02:22:54 | 00,000,000 | ---D | C] -- C:\Program Files\Ableton
[2008/10/21 02:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Ableton
[2008/10/20 23:08:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Torrents
[2008/10/20 23:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\My Programs
[2008/10/20 23:00:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Documents
[2008/10/17 23:45:30 | 00,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2008/10/17 23:45:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\Ableton
[2008/10/17 23:44:58 | 01,777,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2008/10/15 23:39:48 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2008/10/15 23:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\uTorrent
[2008/10/14 21:23:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\BitDownload
[2008/10/14 20:15:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\124909
[2008/10/13 23:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Quick StartUp
[2008/10/13 16:51:06 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/10/13 16:51:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2008/10/30 21:52:25 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTViewIt.exe
[2008/10/30 21:24:31 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin
[2008/10/30 21:24:29 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin
[2008/10/30 16:04:35 | 00,009,970 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2008/10/30 16:04:25 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2008/10/30 16:02:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/30 16:02:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/30 16:02:14 | 10,720,91136 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/29 23:08:50 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\2008-09_UWO_awards_document_list.doc
[2008/10/29 21:47:50 | 00,795,344 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\pc_Brazil2008_44.zip
[2008/10/29 03:07:42 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/28 17:43:42 | 00,188,416 | ---- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 20:33:52 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Eric\Desktop\spybotsd160.exe
[2008/10/27 20:21:53 | 04,921,676 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\setupxv.exe
[2008/10/27 00:15:45 | 00,409,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/27 00:15:45 | 00,064,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/27 00:15:44 | 00,481,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/27 00:06:40 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\HijackThis.lnk
[2008/10/26 23:55:14 | 00,006,168 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/26 23:55:11 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/26 23:36:55 | 10,485,7600 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\SecureDrive.vol
[2008/10/26 23:36:50 | 04,280,406 | -H-- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db
[2008/10/26 23:20:26 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Eric\Desktop\HJTInstall.exe
[2008/10/26 22:50:44 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\Send files to another computer.lnk
[2008/10/26 22:18:35 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/26 22:18:35 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/26 22:17:32 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\aaw2008.exe
[2008/10/25 19:27:16 | 00,019,456 | ---- | M] () -- C:\WINDOWS\System32\drvwaw.dll
[2008/10/24 02:14:19 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/21 02:23:33 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\Live 6.0.3.lnk
[2008/10/21 02:22:02 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/16 12:08:12 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 10:00:22 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 12:53:28 | 00,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 12:53:28 | 00,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/13 16:42:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/10 07:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/10 07:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/07 00:22:17 | 00,109,056 | -HS- | M] () -- C:\Documents and Settings\Eric\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Eric\Desktop\Thumbs.db:encryptable
[2008/10/06 15:44:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/10/06 15:44:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/01 14:51:40 | 00,087,552 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
< End of report >


OTViewIt Extras logfile created on: 30/10/2008 9:53:22 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Eric\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.36 Mb Total Physical Memory | 485.37 Mb Available Physical Memory | 47.48% Memory free
2.40 Gb Paging File | 1.46 Gb Available in Paging File | 60.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.34 Gb Total Space | 3.76 Gb Free Space | 3.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99.72 Mb Total Space | 99.68 Mb Free Space | 99.96% Space Free | Partition Type: FAT

Computer Name: LENOVO-ERIC07
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/27 18:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2007/12/03 17:44:37 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/12/18 17:18:54 | 01,716,224 | ---- | M] () -- C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++
File not found -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
File not found -- C:\Documents and Settings\Eric\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
File not found -- C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW
[2008/10/15 23:39:48 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP
[2004/11/19 01:43:44 | 01,830,912 | ---- | M] () -- C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP
File not found -- C:\Documents and Settings\Eric\Desktop\Unreal Tournament (1999 GOTY)\UnrealTournament\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament
File not found -- C:\Program Files\Red Storm Entertainment\Raven Shield Multiplayer Demo\system\RavenShield.exe:*:Enabled:RavenShield
File not found -- C:\Program Files\Red Storm Entertainment\Raven Shield Multiplayer Demo\system\UCC.exe:*:Enabled:UCC
[2004/12/07 02:13:54 | 01,904,640 | ---- | M] () -- C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe:*:Enabled:CoDUOMP
[2008/03/03 17:46:29 | 02,560,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DC++\Downloads\Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II
[2004/08/04 08:00:00 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2004/08/04 08:00:00 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winver.exe:*:Enabled:winver

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 22:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 22:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 22:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 16:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/01 18:03:04 | 08,058,560 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/27 00:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}"=RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}"=ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{1297C681-92D7-40EF-93BF-03F66EC5105C}"=ThinkPad EasyEject Utility
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}"=ThinkPad Keyboard Customizer Utility
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HYDRAVISION
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}"=ThinkPad Bluetooth with Enhanced Data Rate Software
"{4526E521-18BC-4C01-8563-5CCE47AAC01C}"=ThinkVantage Fingerprint Software 5.5
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"=Client Security Solution
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{4F661F5D-A485-48CE-837C-6B55D1915827}"=Call of Duty™ Game of the Year Edition
"{50120000-1105-0000-0000-0000000FF1CE}"=Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}"=Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{71C97545-E547-4A8B-B0C8-61FF853270AC}"=PaperPort
"{72806716-7088-41B2-8FA6-717A2A164DAB}"=ThinkVantage Active Protection System
"{7689CA7A-1270-425A-9959-EB4CB25EA29A}"=Sony Ericsson PC Suite 1.20.224
"{7726CF62-7B45-4E6D-9266-615346816BCA}"=Rescue and Recovery
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}"=Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}"=ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}"=ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}"=System Update
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-00A1-0000-0000-0000000FF1CE}"=Microsoft Office OneNote 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}"=Help Center
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}"=Brother MFL-Pro Suite
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}"=System Migration Assistant
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}"=ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}"=ThinkPad Power Manager
"{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"{A939D341-5A04-4E0A-BB55-3E65B386432D}"=Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}"=Sonic Icons for Lenovo
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BB4B6355-D38A-492C-873B-A1B2CF6C3832}"=Trend Micro PC-cillin Internet Security 2007
"{C031CD16-1112-4133-B8C6-68F9582B3476}"=ATI Catalyst Control Center
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}"=Microsoft SQL Server VSS Writer
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}"=XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}"=Access Help
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}"=ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}"=Productivity Center Supplement for ThinkPad
"{DA320635-F48C-4613-8325-D75A933C549E}"=ThinkVantage System Update Toolbar Button for IE
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}"=Wallpapers
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}"=Message Center
"{EA664480-3844-11D5-8C25-444553540000}"=TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}"=ThinkPad Configuration
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone
"Ableton Live_is1"=Ableton Live v6.0.3
"AC3Filter"=AC3Filter (remove only)
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"AwayTask"=ThinkVantage Away Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588"=ThinkPad Modem
"DC++"=DC++ 0.699
"DScaler 4.1.15_is1"=DScaler 4.1.15
"Google Desktop"=Google Desktop
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{4F661F5D-A485-48CE-837C-6B55D1915827}"=Call of Duty™ Game of the Year Edition
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"LimeWire"=LimeWire PRO 4.14.12
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate"=LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mineralogy Tutorials 2.1"=Mineralogy Tutorials 2.1
"MouseSuite98"=Mouse Suite
"Mozilla Firefox (2.0.0.16)"=Mozilla Firefox (2.0.0.16)
"Mozilla Thunderbird (2.0.0.12)"=Mozilla Thunderbird (2.0.0.12)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"ONENOTER"=Microsoft Office OneNote 2007
"PartyPoker"=PartyPoker
"PC-Doctor 5 for Windows"=PC-Doctor 5 for Windows
"PCMCIAPW"=ThinkPad PC Card Power Policy
"Picasa2"=Picasa 2
"Power Management Driver"=ThinkPad Power Management Driver
"Presentation Director"=ThinkPad Presentation Director
"PROSet"=Intel® PRO Network Connections Drivers
"PSP Video 9"=PSP Video 9 2.25
"Quick StartUp_is1"=Quick StartUp 2.3
"Remove Multimedia Center"=Remove Multimedia Center
"Spyware Doctor"=Spyware Doctor 6.0
"SynTPDeinstKey"=ThinkPad UltraNav Driver
"SystemRequirementsLab"=System Requirements Lab
"ThinkPad FullScreen Magnifier"=ThinkPad FullScreen Magnifier
"TmPcc"=Trend Micro PC-cillin Internet Security 2007
"VLC media player"=VideoLAN VLC media player 0.8.6e
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver"=Xbox 360 Controller for Windows
"Xvid_is1"=Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/10/2008 7:56:28 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 19/10/2008 2:19:53 PM | Computer Name = LENOVO-ERIC07 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20/10/2008 11:30:27 AM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 21/10/2008 5:16:51 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 23/10/2008 12:23:48 AM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 24/10/2008 10:32:09 AM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 26/10/2008 2:19:12 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 27/10/2008 1:36:59 AM | Computer Name = LENOVO-ERIC07 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/10/2008 7:59:02 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 29/10/2008 9:25:36 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 15/01/2008 5:41:55 PM | Computer Name = LENOVO-ERIC07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 96
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 30/10/2008 2:25:02 AM | Computer Name = LENOVO-ERIC07 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 30/10/2008 2:33:36 AM | Computer Name = LENOVO-ERIC07 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/10/2008 2:33:36 AM | Computer Name = LENOVO-ERIC07 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 30/10/2008 10:10:28 AM | Computer Name = LENOVO-ERIC07 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.114 for the Network Card with network
address 00197EB223B3 has been denied by the DHCP server 129.100.74.79 (The DHCP
Server sent a DHCPNACK message).

Error - 30/10/2008 10:10:32 AM | Computer Name = LENOVO-ERIC07 | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 30/10/2008 10:55:50 AM | Computer Name = LENOVO-ERIC07 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 129.100.185.230
on the Network Card with network address 00197EB223B3.

Error - 30/10/2008 2:12:16 PM | Computer Name = LENOVO-ERIC07 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 129.100.179.173
on the Network Card with network address 00197EB223B3.

Error - 30/10/2008 4:02:47 PM | Computer Name = LENOVO-ERIC07 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/10/2008 4:02:47 PM | Computer Name = LENOVO-ERIC07 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 30/10/2008 9:24:09 PM | Computer Name = LENOVO-ERIC07 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.


< End of report >

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:54 PM

Posted 31 October 2008 - 07:19 AM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please click OTMoveIt3 and then click >> run. (Note: If you are running Vista, right-click on OTMoveIt3 and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\WINDOWS\System32\drvwaw.dll
    
    :Commands
    [EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If an item cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


==================


How are things now? Are you still having the same issues?
Please post a new log from OTViewIt.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 airik

airik
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 31 October 2008 - 12:44 PM

Hey, thanks a lot, there are no more windows and popups. Its running fine.

Heres the MoveIt log:

========== FILES ==========
DllUnregisterServer procedure not found in C:\WINDOWS\System32\drvwaw.dll
C:\WINDOWS\System32\drvwaw.dll NOT unregistered.
C:\WINDOWS\System32\drvwaw.dll moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Eric\LOCALS~1\Temp\etilqs_WsFnAjxg4Fopku0 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Eric\LOCALS~1\Temp\Perflib_Perfdata_10e0.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Eric\LOCALS~1\Temp\Perflib_Perfdata_794.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Eric\LOCALS~1\Temp\~DFBBAB.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_370.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10312008_131949

Files moved on Reboot...
File C:\DOCUME~1\Eric\LOCALS~1\Temp\etilqs_WsFnAjxg4Fopku0 not found!
File C:\DOCUME~1\Eric\LOCALS~1\Temp\Perflib_Perfdata_10e0.dat not found!
File C:\DOCUME~1\Eric\LOCALS~1\Temp\Perflib_Perfdata_794.dat not found!
C:\DOCUME~1\Eric\LOCALS~1\Temp\~DFBBAB.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_370.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_6b0.dat moved successfully.


And here's the two ViewIt logs:

OTViewIt logfile created on: 31/10/2008 1:37:48 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Eric\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.36 Mb Total Physical Memory | 252.80 Mb Available Physical Memory | 24.73% Memory free
2.40 Gb Paging File | 1.46 Gb Available in Paging File | 60.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.34 Gb Total Space | 3.95 Gb Free Space | 3.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99.72 Mb Total Space | 99.68 Mb Free Space | 99.96% Space Free | Partition Type: FAT

Computer Name: LENOVO-ERIC07
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/11/10 12:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
[2006/09/12 19:43:10 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/10/26 22:19:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2006/08/16 13:07:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
[2007/02/19 19:15:10 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
[2006/12/05 17:27:52 | 00,360,532 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/05/31 17:43:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
[2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[2008/10/27 00:10:51 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2008/09/22 22:24:59 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/01/03 20:38:58 | 01,922,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
[2008/08/07 12:12:38 | 01,073,544 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
[2006/11/17 04:07:00 | 00,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
[2006/07/14 20:24:52 | 00,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
[2006/12/29 02:53:14 | 00,480,784 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe
[2006/12/29 02:53:06 | 00,943,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe
[2006/12/29 02:53:10 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe
[2005/06/20 15:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
[2005/06/07 00:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
[2006/07/14 20:42:22 | 00,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
[2006/07/14 21:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
[2006/07/14 21:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
[2006/07/14 18:52:48 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
[2007/02/19 19:15:14 | 00,172,032 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
[2006/07/14 20:36:00 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2006/09/12 19:43:10 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/12/29 02:53:14 | 00,214,544 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe
[2007/02/19 19:15:58 | 00,106,496 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
[2006/07/14 21:13:14 | 02,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
[2006/05/18 19:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[2004/08/04 08:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2004/08/04 08:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2006/02/14 01:17:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2006/02/14 01:16:28 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2006/02/23 13:22:00 | 00,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
[2006/07/14 21:20:38 | 00,817,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2006/03/15 22:04:48 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
[2006/07/24 21:19:40 | 00,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
[2005/07/05 01:57:12 | 00,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
[2006/05/30 02:05:42 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
[2005/05/19 20:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2006/07/04 12:11:00 | 00,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
[2006/01/02 20:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/09/22 22:25:04 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2006/02/02 08:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
[2004/07/27 19:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
[2006/08/16 13:07:00 | 00,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
[2006/07/14 21:05:32 | 00,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[2007/02/19 19:02:32 | 00,110,592 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
[2006/03/13 19:38:56 | 00,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
[2004/07/14 18:36:54 | 00,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ico.exe
[2005/03/17 14:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[2003/11/06 18:51:32 | 00,020,480 | ---- | M] () -- C:\WINDOWS\system32\FSRremoS.EXE
[2006/03/28 15:48:54 | 00,622,592 | R--- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
[2006/12/22 19:19:36 | 00,143,360 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\PELMICED.EXE
[2006/04/06 21:11:02 | 00,339,968 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
[2006/12/29 02:52:56 | 03,429,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
[2008/10/01 18:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/10/27 00:11:18 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2008/07/16 09:16:20 | 01,166,216 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
[2008/09/07 12:35:08 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[2003/10/29 06:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
[2006/10/26 23:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/10/27 00:11:18 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2004/08/04 08:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2006/01/02 20:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[2008/10/28 05:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 05:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 05:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2008/10/28 05:08:50 | 00,762,352 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
[2004/08/04 08:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/10/30 21:52:25 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/10/26 22:19:01 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/02/19 19:15:10 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
[2006/12/05 17:27:52 | 00,360,532 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe -- (acs [Auto | Running])
[2007/02/19 19:15:14 | 00,172,032 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2006/09/12 19:43:10 | 00,413,696 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2006/05/31 17:43:04 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/05/24 00:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
[2008/10/27 00:11:18 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
[2008/10/27 00:10:51 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2005/11/10 12:33:00 | 00,073,782 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
[2005/11/14 04:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\Installshield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/08/16 13:07:00 | 00,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
[2008/09/22 22:24:59 | 00,147,456 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2006/10/26 22:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/01/03 20:38:58 | 01,922,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\PcCtlCom.exe -- (PcCtlCom [Auto | Running])
[2006/12/29 02:53:14 | 00,214,544 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\PcScnSrv.exe -- (PcScnSrv [On_Demand | Running])
[2006/11/16 19:14:14 | 00,023,552 | ---- | M] () -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv [On_Demand | Stopped])
[2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
[2008/08/07 12:12:38 | 01,073,544 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
[2006/04/14 13:04:54 | 00,087,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
[2006/11/17 04:07:00 | 00,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
[2006/07/14 20:24:52 | 00,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
[2006/12/29 02:53:14 | 00,480,784 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe -- (Tmntsrv [Auto | Running])
[2006/12/29 02:53:06 | 00,943,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe -- (TmPfw [Auto | Running])
[2006/12/29 02:53:10 | 00,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe -- (tmproxy [Auto | Running])
[2005/06/20 15:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])
[2005/06/07 00:26:22 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC [Auto | Running])
[2006/07/14 20:42:22 | 00,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
[2006/07/14 21:01:00 | 01,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
[2006/07/14 21:05:24 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
[2006/07/14 18:52:48 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2001/08/17 08:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
[2006/01/30 22:19:34 | 00,176,128 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2006/04/26 17:42:40 | 00,093,824 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudioService [On_Demand | Running])
[2001/08/17 16:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2004/08/04 02:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2005/11/08 12:27:20 | 00,011,520 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC [System | Running])
[2006/12/13 03:33:36 | 01,050,528 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\ar5416.sys -- (AR5416 [On_Demand | Running])
[2001/08/17 16:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 16:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2006/09/12 19:49:52 | 01,724,416 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2005/05/17 13:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running])
[2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2006/05/31 17:26:38 | 00,328,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
[2006/05/31 17:18:36 | 00,030,427 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Stopped])
[2006/05/31 17:22:26 | 00,851,434 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2006/05/31 17:15:42 | 00,148,996 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Stopped])
[2006/05/31 17:13:28 | 00,045,683 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid [On_Demand | Stopped])
[2006/05/31 17:18:28 | 00,030,285 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem [On_Demand | Stopped])
[2006/05/31 17:17:36 | 00,067,384 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2001/08/17 16:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2001/08/17 16:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2006/02/02 08:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2005/11/18 15:02:50 | 00,005,660 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2006/02/02 08:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
[2006/02/02 08:20:00 | 00,086,652 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2006/02/02 08:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2006/02/02 08:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2005/11/18 15:02:10 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
[2006/02/02 08:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2006/02/02 08:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2006/03/01 06:30:00 | 00,089,472 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2005/11/18 08:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2005/12/18 20:42:12 | 00,008,801 | ---- | M] () -- C:\Program Files\DScaler\DSDrv4.sys -- (DSDrv4 [On_Demand | Stopped])
[2001/08/17 08:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Stopped])
[2006/04/20 02:06:50 | 00,181,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2008/10/26 14:19:11 | 00,005,427 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV [Auto | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2005/12/05 22:21:32 | 00,936,448 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV [On_Demand | Running])
[2005/12/05 22:20:48 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL [On_Demand | Running])
[2005/10/11 20:07:12 | 00,874,240 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2005/11/10 12:33:00 | 00,010,112 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
[2006/01/13 03:33:22 | 00,006,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK [System | Running])
[2008/06/02 15:19:12 | 00,042,376 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
[2008/06/02 15:19:16 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
[2008/06/10 21:22:52 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
[2004/08/03 22:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2005/10/05 02:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 16:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2004/08/04 02:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])
[2004/08/03 18:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2006/09/14 13:48:58 | 00,016,768 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS -- (pelmouse [On_Demand | Running])
[2006/10/14 12:56:46 | 00,014,592 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\PELUSBLF.SYS -- (pelusblf [On_Demand | Running])
[2006/10/31 20:07:50 | 00,012,070 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\drivers\pelvendr.sys -- (pelvendr [On_Demand | Running])
[2007/07/12 17:51:47 | 00,007,012 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem [Auto | Running])
[2006/03/13 19:05:54 | 00,058,368 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk [Auto | Running])
[2006/08/16 13:07:00 | 00,005,120 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD [Auto | Running])
[2007/07/12 17:51:47 | 00,017,536 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd [On_Demand | Stopped])
[2004/08/04 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/22 22:38:33 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 16:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 16:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 16:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2006/05/01 07:56:48 | 00,061,600 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31bus.sys -- (SE31bus [On_Demand | Stopped])
[2006/05/01 07:57:38 | 00,009,360 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mdfl.sys -- (SE31mdfl [On_Demand | Stopped])
[2006/05/01 07:57:42 | 00,097,184 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mdm.sys -- (SE31mdm [On_Demand | Stopped])
[2006/05/01 07:58:30 | 00,088,688 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31mgmt.sys -- (SE31mgmt [On_Demand | Stopped])
[2006/05/01 07:56:16 | 00,018,704 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se31nd5.sys -- (se31nd5 [On_Demand | Stopped])
[2006/05/01 07:59:18 | 00,086,560 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\SE31obex.sys -- (SE31obex [On_Demand | Stopped])
[2006/05/01 07:56:12 | 00,090,800 | R--- | M] (MCCI) -- C:\WINDOWS\system32\drivers\se31unic.sys -- (se31unic [On_Demand | Stopped])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/06/20 15:18:00 | 00,004,736 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr [System | Running])
[2006/03/15 20:08:00 | 00,088,576 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf [Boot | Running])
[2004/08/04 02:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2006/08/02 12:54:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint [System | Running])
[2006/07/14 18:55:12 | 00,003,968 | ---- | M] (IBM Corp.) -- C:\Program Files\SMI2\smi2.sys -- (smi2 [Auto | Running])
[2006/04/25 22:00:00 | 00,003,456 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp [Auto | Running])
[2001/08/17 17:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2007/11/02 20:49:03 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2001/08/17 17:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 17:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 17:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 17:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/02/14 01:04:58 | 00,177,664 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2006/04/25 22:13:20 | 00,028,800 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2006/08/02 12:54:00 | 00,009,343 | ---- | M] () -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI [System | Running])
[2006/12/29 02:53:52 | 00,288,848 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw [On_Demand | Running])
[2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2006/12/29 02:53:52 | 00,111,888 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tm_mbd_c.sys -- (tmmbd [Auto | Running])
[2008/08/16 03:00:46 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt [Auto | Running])
[2006/12/29 02:53:52 | 00,075,088 | ---- | M] (Trend Micro Incorporated.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/08/16 03:00:52 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt [Auto | Running])
[2005/07/05 01:57:06 | 00,017,699 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV [System | Running])
[2006/05/25 12:13:00 | 00,004,442 | ---- | M] () -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF [System | Running])
[2006/07/20 13:54:00 | 00,007,168 | ---- | M] () -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP [System | Running])
[2006/07/14 20:27:22 | 00,012,544 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter [Auto | Running])
[2006/07/14 20:03:04 | 00,017,664 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter [On_Demand | Running])
[2001/08/17 16:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/09/05 22:16:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
[2008/08/16 02:53:50 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint [Auto | Running])
[2005/12/05 22:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf [On_Demand | Running])
[2006/07/20 10:00:10 | 00,054,432 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD [On_Demand | Running])
[2006/06/01 15:15:20 | 00,509,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\xnacc.sys -- (xnacc [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Secondary Start Pages"=
"Start Page"=http://lenovo.live.com

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Secondary Start Pages"=
"Start Page"=http://lenovo.live.com

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (HKLM) -- C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
{F040E541-A427-4CF7-85D8-75E3E0F476C5} (HKLM) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe ()
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" ()
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog ()
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN ()
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
"cssauth"="C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent (Lenovo Group Limited)
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Limited)
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (Lenovo Group Limited)
"Mouse Suite 98 Daemon"=ICO.EXE (Primax Electronics Ltd.)
"MSDisp32"=rundll32.exe C:\WINDOWS\system32\drvwaw.dll,startup File not found
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" (Trend Micro Inc.)
"PDService.exe"="C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" (Utimaco Safeware AG)
"PWRMGRTR"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SetDefPrt"=C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe (Brother Industories, Ltd.)
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"TP4EX"=tp4ex.exe (Lenovo Group Limited)
"TPHOTKEY"=C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
"TpShocks"=TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)

========== (O4) Startup Folders ==========

[2003/10/29 06:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[2006/10/26 23:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Eric\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
File not found -- C:\Documents and Settings\Eric\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 18:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 16:53:12 | 00,001,320 | ---- | M] ()

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 18:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2003/05/29 16:53:12 | 00,001,320 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{0045D4BC-5189-4b67-969C-83BB1906C421}: Menu: ThinkVantage Password Manager... -- %ProgramFiles%\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2006/07/14 21:20:42 | 00,719,616 | ---- | M] (Lenovo Group Limited)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 23:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 23:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{7F9DB11C-E358-4ca6-A83D-ACC663939424}: Button: Bonjour -- %ProgramFiles%\Bonjour\ExplorerPlugin.dll [2007/07/24 16:17:08 | 00,516,096 | ---- | M] (Apple Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 23:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Button: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 11:58:44 | 00,110,592 | ---- | M] ()
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}: Menu: PartyPoker.com -- %ProgramFiles%\PartyGaming\PartyPoker\RunApp.exe [2006/11/07 11:58:44 | 00,110,592 | ---- | M] ()
{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: Button: BitComet -- %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.11.30.dll [2007/12/04 23:40:02 | 00,464,184 | ---- | M] (BitComet)
{DA320635-F48C-4613-8325-D75A933C549E}: Button: System Update -- %ProgramFiles%\Lenovo\System Update\sulauncher.exe [2006/11/17 04:06:42 | 00,643,072 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{33564D57-0000-0010-8000-00AA00389B71}: http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10

========== (O17) DNS Name Servers ==========

{3304AA6F-80AB-4B24-B646-BCEF8F932FA4} (Servers: | Description: )
{7E733C68-067E-4DAE-9C92-9F2C8A291B36} (Servers: | Description: Sony Ericsson Device 049 USB Ethernet Emulation (NDIS 5))
{FA0345F4-9DE3-4198-82F9-5A549D342968} (Servers: | Description: 11a/b/g/n Wireless LAN Mini-PCI Express Adapter)
{FA1CB807-B019-4B35-8525-A1E052ACD4CD} (Servers: | Description: Intel® PRO/1000 PL Network Connection)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
>[2008/10/27 00:11:23 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"=vrlogon.dll
>[2006/04/25 22:21:28 | 00,513,536 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\system32\vrlogon.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
ACNotify: "DllName" = ACNotify.dll -- C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll ()
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
AwayNotify: "DllName" = C:\Program Files\Lenovo\AwayTask\AwayNotify.dll -- C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
NavLogon: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
psfus: "DllName" = psqlpwd.dll -- C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
tpfnf2: "DllName" = notifyf2.dll -- C:\WINDOWS\system32\notifyf2.dll ()
tphotkey: "DllName" = tphklock.dll -- C:\WINDOWS\system32\tphklock.dll ()

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/04/30 03:13:35 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2008/10/31 13:19:49 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/10/31 13:17:31 | 00,334,848 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTMoveIt3.exe
[2008/10/30 21:52:24 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTViewIt.exe
[2008/10/29 23:08:50 | 00,069,632 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\2008-09_UWO_awards_document_list.doc
[2008/10/29 21:48:24 | 00,376,505 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\Brazil---1280x960.jpg
[2008/10/29 21:46:59 | 00,795,344 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\pc_Brazil2008_44.zip
[2008/10/28 16:43:01 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/10/28 16:42:52 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2008/10/27 20:33:33 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Eric\Desktop\spybotsd160.exe
[2008/10/27 20:21:42 | 04,921,676 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\setupxv.exe
[2008/10/27 20:02:41 | 00,088,576 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\AntiXPVSTFix.exe
[2008/10/27 20:02:41 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/27 20:02:41 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/27 20:02:40 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2008/10/27 20:02:40 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2008/10/27 20:02:40 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2008/10/27 20:02:40 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2008/10/27 20:02:40 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2008/10/27 20:02:40 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2008/10/27 20:02:40 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2008/10/27 20:02:40 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2008/10/27 20:02:40 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2008/10/27 20:02:40 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2008/10/27 20:02:40 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2008/10/27 00:13:37 | 00,081,288 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksyssec.sys
[2008/10/27 00:13:37 | 00,066,952 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\iksysflt.sys
[2008/10/27 00:13:37 | 00,042,376 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\ikfilesec.sys
[2008/10/27 00:13:37 | 00,029,576 | ---- | C] (PCTools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\kcom.sys
[2008/10/27 00:13:28 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2008/10/27 00:13:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\PC Tools
[2008/10/27 00:13:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
[2008/10/27 00:06:40 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\HijackThis.lnk
[2008/10/26 23:59:26 | 10,720,91136 | -HS- | C] () -- C:\hiberfil.sys
[2008/10/26 23:21:58 | 00,006,168 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/26 23:20:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Desktop\SmitfraudFix
[2008/10/26 23:20:25 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Eric\Desktop\HJTInstall.exe
[2008/10/26 22:50:43 | 00,000,652 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\Send files to another computer.lnk
[2008/10/26 22:18:35 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/26 22:18:35 | 00,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/26 22:18:31 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/10/26 22:18:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/10/26 22:17:02 | 19,153,264 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\aaw2008.exe
[2008/10/24 21:37:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\dvdcss
[2008/10/24 02:01:12 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/21 18:55:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Downloads
[2008/10/21 18:36:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Desktop\Incomplete
[2008/10/21 02:23:10 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\Eric\Desktop\Live 6.0.3.lnk
[2008/10/21 02:22:54 | 00,000,000 | ---D | C] -- C:\Program Files\Ableton
[2008/10/21 02:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Ableton
[2008/10/20 23:08:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Torrents
[2008/10/20 23:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\My Programs
[2008/10/20 23:00:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\Documents
[2008/10/17 23:45:30 | 00,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\rewire.dll
[2008/10/17 23:45:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\Ableton
[2008/10/17 23:44:58 | 01,777,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2008/10/15 23:39:48 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2008/10/15 23:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\Application Data\uTorrent
[2008/10/14 21:23:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Eric\My Documents\BitDownload
[2008/10/14 20:15:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\124909
[2008/10/13 23:18:27 | 00,000,000 | ---D | C] -- C:\Program Files\Quick StartUp
[2008/10/13 16:51:06 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/10/13 16:51:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2008/10/31 13:37:21 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfud.bin
[2008/10/31 13:34:04 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\tmvsthfss.bin
[2008/10/31 13:31:57 | 00,009,970 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2008/10/31 13:31:49 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2008/10/31 13:29:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/31 13:28:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/31 13:28:53 | 10,720,91136 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/31 13:17:32 | 00,334,848 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTMoveIt3.exe
[2008/10/30 21:52:25 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric\Desktop\OTViewIt.exe
[2008/10/29 23:08:50 | 00,069,632 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\2008-09_UWO_awards_document_list.doc
[2008/10/29 21:47:50 | 00,795,344 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\pc_Brazil2008_44.zip
[2008/10/29 03:07:42 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/28 17:43:42 | 00,188,416 | ---- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 20:33:52 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Eric\Desktop\spybotsd160.exe
[2008/10/27 20:21:53 | 04,921,676 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\setupxv.exe
[2008/10/27 00:15:45 | 00,409,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/10/27 00:15:45 | 00,064,774 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/10/27 00:15:44 | 00,481,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/10/27 00:06:40 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\HijackThis.lnk
[2008/10/26 23:55:14 | 00,006,168 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/10/26 23:55:11 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/10/26 23:36:55 | 10,485,7600 | ---- | M] () -- C:\Documents and Settings\Eric\My Documents\SecureDrive.vol
[2008/10/26 23:36:50 | 04,280,406 | -H-- | M] () -- C:\Documents and Settings\Eric\Local Settings\Application Data\IconCache.db
[2008/10/26 23:20:26 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Eric\Desktop\HJTInstall.exe
[2008/10/26 22:50:44 | 00,000,652 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\Send files to another computer.lnk
[2008/10/26 22:18:35 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/10/26 22:18:35 | 00,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/10/26 22:17:32 | 19,153,264 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\aaw2008.exe
[2008/10/24 02:14:19 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/10/21 02:23:33 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\Eric\Desktop\Live 6.0.3.lnk
[2008/10/21 02:22:02 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/16 12:08:12 | 00,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 10:00:22 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/15 12:53:28 | 00,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/10/15 12:53:28 | 00,339,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/10/13 16:42:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/10/10 07:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2008/10/10 07:58:08 | 00,082,944 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2008/10/07 00:22:17 | 00,109,056 | -HS- | M] () -- C:\Documents and Settings\Eric\Desktop\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\Documents and Settings\Eric\Desktop\Thumbs.db:encryptable
[2008/10/06 15:44:42 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/10/06 15:44:42 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 13:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/01 14:51:40 | 00,087,552 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
< End of report >


OTViewIt Extras logfile created on: 31/10/2008 1:37:48 PM - Run 2
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Eric\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1022.36 Mb Total Physical Memory | 252.80 Mb Available Physical Memory | 24.73% Memory free
2.40 Gb Paging File | 1.46 Gb Available in Paging File | 60.76% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 106.34 Gb Total Space | 3.95 Gb Free Space | 3.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99.72 Mb Total Space | 99.68 Mb Free Space | 99.96% Space Free | Partition Type: FAT

Computer Name: LENOVO-ERIC07
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 08:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/27 18:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2007/12/03 17:44:37 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2004/10/13 12:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/12/18 17:18:54 | 01,716,224 | ---- | M] () -- C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++
File not found -- C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application
File not found -- C:\Documents and Settings\Eric\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver
File not found -- C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW
[2008/10/15 23:39:48 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
File not found -- C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP
[2004/11/19 01:43:44 | 01,830,912 | ---- | M] () -- C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP
File not found -- C:\Documents and Settings\Eric\Desktop\Unreal Tournament (1999 GOTY)\UnrealTournament\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament
File not found -- C:\Program Files\Red Storm Entertainment\Raven Shield Multiplayer Demo\system\RavenShield.exe:*:Enabled:RavenShield
File not found -- C:\Program Files\Red Storm Entertainment\Raven Shield Multiplayer Demo\system\UCC.exe:*:Enabled:UCC
[2004/12/07 02:13:54 | 01,904,640 | ---- | M] () -- C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe:*:Enabled:CoDUOMP
[2008/03/03 17:46:29 | 02,560,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DC++\Downloads\Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II
[2004/08/04 08:00:00 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
File not found -- C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2004/08/04 08:00:00 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winver.exe:*:Enabled:winver

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 22:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 22:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 22:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 16:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/11/01 18:03:04 | 08,058,560 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/27 00:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}"=RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}"=ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}"=Windows Installer Clean Up
"{1297C681-92D7-40EF-93BF-03F66EC5105C}"=ThinkPad EasyEject Utility
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}"=ThinkPad Keyboard Customizer Utility
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HYDRAVISION
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}"=ThinkPad Bluetooth with Enhanced Data Rate Software
"{4526E521-18BC-4C01-8563-5CCE47AAC01C}"=ThinkVantage Fingerprint Software 5.5
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}"=Client Security Solution
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}"=Adobe® Photoshop® Album Starter Edition 3.0
"{4F661F5D-A485-48CE-837C-6B55D1915827}"=Call of Duty™ Game of the Year Edition
"{50120000-1105-0000-0000-0000000FF1CE}"=Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}"=Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}"=Microsoft SQL Server Setup Support Files (English)
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{71C97545-E547-4A8B-B0C8-61FF853270AC}"=PaperPort
"{72806716-7088-41B2-8FA6-717A2A164DAB}"=ThinkVantage Active Protection System
"{7689CA7A-1270-425A-9959-EB4CB25EA29A}"=Sony Ericsson PC Suite 1.20.224
"{7726CF62-7B45-4E6D-9266-615346816BCA}"=Rescue and Recovery
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}"=Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}"=ThinkVantage Access Connections
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}"=ThinkPad UltraNav Wizard
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}"=System Update
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}"=Microsoft Office Home and Student 2007
"{91120000-00A1-0000-0000-0000000FF1CE}"=Microsoft Office OneNote 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{9559F7CA-5E34-4237-A2D9-D856464AD727}"=Project64 1.6
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}"=Help Center
"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}"=Brother MFL-Pro Suite
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}"=System Migration Assistant
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}"=ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}"=ThinkPad Power Manager
"{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"{A939D341-5A04-4E0A-BB55-3E65B386432D}"=Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}"=RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81000000003}"=Adobe Reader 8.1.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}"=RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}"=Sonic Icons for Lenovo
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{BB4B6355-D38A-492C-873B-A1B2CF6C3832}"=Trend Micro PC-cillin Internet Security 2007
"{C031CD16-1112-4133-B8C6-68F9582B3476}"=ATI Catalyst Control Center
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}"=Microsoft SQL Server VSS Writer
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}"=XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}"=Access Help
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}"=Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}"=ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}"=Productivity Center Supplement for ThinkPad
"{DA320635-F48C-4613-8325-D75A933C549E}"=ThinkVantage System Update Toolbar Button for IE
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}"=Wallpapers
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}"=Message Center
"{EA664480-3844-11D5-8C25-444553540000}"=TrackPoint Accessibility Features
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}"=ThinkPad Configuration
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}"=Disc2Phone
"Ableton Live_is1"=Ableton Live v6.0.3
"AC3Filter"=AC3Filter (remove only)
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"AwayTask"=ThinkVantage Away Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588"=ThinkPad Modem
"DC++"=DC++ 0.699
"DScaler 4.1.15_is1"=DScaler 4.1.15
"Google Desktop"=Google Desktop
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"HOMESTUDENTR"=Microsoft Office Home and Student 2007
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{4F661F5D-A485-48CE-837C-6B55D1915827}"=Call of Duty™ Game of the Year Edition
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}"=Call of Duty - United Offensive
"LimeWire"=LimeWire PRO 4.14.12
"LiveReg"=LiveReg (Symantec Corporation)
"LiveUpdate"=LiveUpdate 2.6 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mineralogy Tutorials 2.1"=Mineralogy Tutorials 2.1
"MouseSuite98"=Mouse Suite
"Mozilla Firefox (2.0.0.16)"=Mozilla Firefox (2.0.0.16)
"Mozilla Thunderbird (2.0.0.12)"=Mozilla Thunderbird (2.0.0.12)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey"=Nero 6 Ultra Edition
"NeroVision!UninstallKey"=Nero Digital
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"ONENOTER"=Microsoft Office OneNote 2007
"PartyPoker"=PartyPoker
"PC-Doctor 5 for Windows"=PC-Doctor 5 for Windows
"PCMCIAPW"=ThinkPad PC Card Power Policy
"Picasa2"=Picasa 2
"Power Management Driver"=ThinkPad Power Management Driver
"Presentation Director"=ThinkPad Presentation Director
"PROSet"=Intel® PRO Network Connections Drivers
"PSP Video 9"=PSP Video 9 2.25
"Quick StartUp_is1"=Quick StartUp 2.3
"Remove Multimedia Center"=Remove Multimedia Center
"Spyware Doctor"=Spyware Doctor 6.0
"SynTPDeinstKey"=ThinkPad UltraNav Driver
"SystemRequirementsLab"=System Requirements Lab
"ThinkPad FullScreen Magnifier"=ThinkPad FullScreen Magnifier
"TmPcc"=Trend Micro PC-cillin Internet Security 2007
"VLC media player"=VideoLAN VLC media player 0.8.6e
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver"=Xbox 360 Controller for Windows
"Xvid_is1"=Xvid 1.1.3 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1906788788-4216867443-1495922077-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome"=Google Chrome
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/10/2008 7:56:28 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 19/10/2008 2:19:53 PM | Computer Name = LENOVO-ERIC07 | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 20/10/2008 11:30:27 AM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 21/10/2008 5:16:51 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 23/10/2008 12:23:48 AM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 24/10/2008 10:32:09 AM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 26/10/2008 2:19:12 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 27/10/2008 1:36:59 AM | Computer Name = LENOVO-ERIC07 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16735, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/10/2008 7:59:02 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

Error - 29/10/2008 9:25:36 PM | Computer Name = LENOVO-ERIC07 | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 15/01/2008 5:41:55 PM | Computer Name = LENOVO-ERIC07 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 96
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 30/10/2008 2:25:02 AM | Computer Name = LENOVO-ERIC07 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 30/10/2008 2:33:36 AM | Computer Name = LENOVO-ERIC07 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/10/2008 2:33:36 AM | Computer Name = LENOVO-ERIC07 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 30/10/2008 10:10:28 AM | Computer Name = LENOVO-ERIC07 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.114 for the Network Card with network
address 00197EB223B3 has been denied by the DHCP server 129.100.74.79 (The DHCP
Server sent a DHCPNACK message).

Error - 30/10/2008 10:10:32 AM | Computer Name = LENOVO-ERIC07 | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® PRO/1000 PL Network Connection' (PCI\VEN_8086&DEV_109A&SUBSYS_200117AA&REV_00\4&192ac53f&0&00E0)
disappeared from the system without first being prepared for removal.

Error - 30/10/2008 10:55:50 AM | Computer Name = LENOVO-ERIC07 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 129.100.185.230
on the Network Card with network address 00197EB223B3.

Error - 30/10/2008 2:12:16 PM | Computer Name = LENOVO-ERIC07 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 129.100.179.173
on the Network Card with network address 00197EB223B3.

Error - 30/10/2008 4:02:47 PM | Computer Name = LENOVO-ERIC07 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 30/10/2008 4:02:47 PM | Computer Name = LENOVO-ERIC07 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 30/10/2008 9:24:09 PM | Computer Name = LENOVO-ERIC07 | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.


< End of report >

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:54 PM

Posted 31 October 2008 - 02:40 PM

Excellent! :thumbsup:
We're just about done.

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvwaw.dll,startup



Older versions of Java can be a security risk if they are left installed. Please uninstall this older version.

J2SE Runtime Environment 5.0 Update 6



Reboot your computer and post a new hijackthis log.
Let me know of any issues that you are still having.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:54 PM

Posted 16 November 2008 - 06:44 PM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users