Malware Infection

Hello. I have what I think is a Malware infection on my computer. I went from having 23 GB free on my Vista machine to 313 MB in a few hours, doing nothing myself. Initially, Malwarebytes found Trojan.Agent and I got rid of it, however this is the only thing I have found of that sort. Malwarebytes and Symantec have since found nothing. The only reason I stopped is because I used Spybot - Search & Destroy to Immunize. This seemed to stop the files being created, for whatever reason. I'd be very grateful if someone could help. Below is the DDS.txt and attached is the Attach.txt file. I also decided to run Gmer, the log of which is below (after the DDS.txt).

EDIT: OK, after a few hours, I have the space back. I don't know what's up. Nothing seems to be wrong anymore, there are no negative effects, and nothing picked up by scanners, but I'd still like someone to go through the logs for me and see if anything looks suspicious.


DDS (Ver_09-03-16.01) - NTFSx86
Run by bizara at 14:10:03.51 on Sun 05/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.1.1033.18.3054.1456 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\lkcitdl.exe
C:\Windows\system32\lkads.exe
C:\Windows\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\rpcnet.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Users\bizara\Downloads\ds9oznf8.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\bizara\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://rpinfo.rpi.edu
uDefault_Page_URL = hxxp://rpinfo.rpi.edu
mDefault_Page_URL = hxxp://lenovo.live.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Steam] "e:\steam\Steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AMSG] c:\progra~1\thinkv~2\amsg\amsg.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-

4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AfsLogon - afslogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\
FF - prefs.js: browser.search.selectedEngine - Wikipedia
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
FF - component: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\{31513e58-f253-47ad-86db-d5f21e905429}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\{35b9face-cc9a-4c68-8754-9c22baeb6678}\components\speakit.dll
FF - component: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWR32V.SYS [2007-8-20 12080]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-10 1153368]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-8-14 10896]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-12-14 58736]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-12-5 520192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-9 101936]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-8-7 48192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2007-12-5 260672]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-6-12 29736]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2008-4-3 121744]

=============== Created Last 30 ================

2009-05-10 03:23 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-05-10 03:23 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-10 03:23 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-09 21:26 <DIR> --d----- c:\users\bizara\Fall Out Boy - Folie a Deux HQ Rip
2009-05-08 15:23 <DIR> --d----- c:\programdata\Apple Computer
2009-05-08 15:22 <DIR> --d----- c:\programdata\Apple
2009-05-06 03:26 <DIR> --d----- c:\program files\mp3DirectCut
2009-05-05 17:10 <DIR> --d----- c:\program files\Free M4a to MP3 Converter
2009-05-02 04:19 400,667,237 a------- c:\windows\MEMORY.DMP
2009-04-30 11:52 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-04-30 11:52 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-04-29 20:52 <DIR> --d----- c:\program files\filehippo.com
2009-04-27 08:55 <DIR> --d----- c:\users\bizara\appdata\roaming\RapidCRC
2009-04-26 15:20 <DIR> --d----- c:\program files\RapidCRC
2009-04-23 00:47 <DIR> --d----- c:\program files\Sigma Production Inc
2009-04-22 21:25 <DIR> --d----- c:\users\bizara\appdata\roaming\Ubisoft
2009-04-22 21:25 <DIR> --d----- c:\programdata\Ubisoft
2009-04-21 03:12 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-18 21:56 5,120 a------- c:\windows\system32\BReWErS.dll
2009-04-16 19:15 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-04-16 19:15 72,704 a------- c:\windows\system32\secur32.dll
2009-04-16 19:15 24,064 a------- c:\windows\system32\amxread.dll
2009-04-16 19:15 13,824 a------- c:\windows\system32\apilogen.dll
2009-04-16 16:19 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-04-16 15:17 <DIR> --d----- c:\program files\Bethesda Softworks
2009-04-16 15:15 <DIR> --d----- c:\windows\system32\xlive
2009-04-15 19:38 29,272 a----r-- c:\windows\system32\AdobePDF.dll
2009-04-14 14:57 <DIR> --d----- c:\users\bizara\appdata\roaming\Red Kawa
2009-04-14 11:20 <DIR> --d----- c:\programdata\Media Center Programs
2009-04-14 11:20 <DIR> --d----- c:\progra~2\Media Center Programs
2009-04-14 11:20 <DIR> --d----- c:\program files\common files\BioWare
2009-04-14 10:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-14 10:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 10:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-14 10:53 <DIR> --d----- c:\users\bizara\appdata\roaming\DAEMON Tools Pro
2009-04-14 10:52 <DIR> --d----- c:\programdata\DAEMON Tools Lite
2009-04-14 10:52 <DIR> --d----- c:\progra~2\DAEMON Tools Lite
2009-04-14 09:46 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-04-14 09:46 <DIR> --d----- c:\users\bizara\appdata\roaming\DAEMON Tools Lite
2009-04-14 09:12 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-14 08:54 <DIR> --d----- c:\users\bizara\appdata\roaming\Malwarebytes
2009-04-14 08:54 <DIR> --d----- c:\programdata\Malwarebytes
2009-04-14 08:54 <DIR> --d----- c:\progra~2\Malwarebytes
2009-04-13 03:03 0 a------- c:\windows\system32\AclanProfile.xml
2009-04-13 03:02 908 a------- c:\windows\system32\Local Area Connection 2.xml
2009-04-13 03:00 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-04-13 02:39 <DIR> --d----- c:\program files\VideoLAN
2009-04-13 02:32 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-04-13 01:06 <DIR> --d----- c:\users\bizara\appdata\roaming\Braid
2009-04-13 00:54 <DIR> --d----- c:\windows\system32\directx
2009-04-13 00:49 <DIR> --d----- c:\program files\Braid
2009-04-13 00:01 <DIR> --d----- c:\program files\uTorrent
2009-04-13 00:01 <DIR> --d----- c:\users\bizara\appdata\roaming\uTorrent
2009-04-12 23:51 <DIR> --d----- c:\program files\Call of Duty 4 - Modern Warfare
2009-04-12 23:45 <DIR> --d----- c:\users\bizara\.Scheduler
2009-04-12 23:41 <DIR> --d----- c:\program files\AviSynth 2.5
2009-04-12 23:41 <DIR> --d----- c:\program files\Red Kawa
2009-04-12 23:18 <DIR> --d----- c:\program files\common files\Steam
2009-04-12 21:27 <DIR> --d----- c:\users\bizara\appdata\roaming\Digsby
2009-04-12 21:27 <DIR> --d----- c:\program files\Digsby
2009-04-12 21:16 <DIR> --d----- c:\users\bizara\appdata\roaming\foobar2000
2009-04-12 21:16 <DIR> --d----- c:\program files\foobar2000
2009-04-12 21:14 2,048 a------- c:\windows\system32\tzres.dll
2009-04-12 21:12 <DIR> --d----- c:\program files\CONEXANT
2009-04-12 21:07 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-04-12 21:07 97,800 a------- c:\windows\system32\infocardapi.dll
2009-04-12 21:07 622,080 a------- c:\windows\system32\icardagt.exe
2009-04-12 21:07 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-04-12 21:07 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-04-12 21:07 11,264 a------- c:\windows\system32\icardres.dll
2009-04-12 21:07 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-04-12 21:07 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-04-12 21:03 96,760 a------- c:\windows\system32\dfshim.dll
2009-04-12 21:03 282,112 a------- c:\windows\system32\mscoree.dll
2009-04-12 21:03 41,984 a------- c:\windows\system32\netfxperf.dll
2009-04-12 21:03 158,720 a------- c:\windows\system32\mscorier.dll
2009-04-12 21:03 83,968 a------- c:\windows\system32\mscories.dll
2009-04-12 21:02 296,960 a------- c:\windows\system32\gdi32.dll
2009-04-12 21:02 147,456 a------- c:\windows\system32\Faultrep.dll
2009-04-12 21:02 125,952 a------- c:\windows\system32\wersvc.dll
2009-04-12 21:02 625,152 a------- c:\windows\system32\drivers\dxgkrnl.sys
2009-04-12 21:02 565,248 a------- c:\windows\system32\emdmgmt.dll
2009-04-12 21:02 148,480 a------- c:\windows\system32\drivers\nwifi.sys
2009-04-12 21:02 45,056 a------- c:\windows\system32\dataclen.dll
2009-04-12 21:02 36,864 a------- c:\windows\system32\cdd.dll
2009-04-12 21:00 268,288 a------- c:\windows\system32\schannel.dll
2009-04-12 20:59 738,304 a------- c:\windows\system32\inetcomm.dll
2009-04-12 20:59 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-04-12 20:59 1,645,568 a------- c:\windows\system32\connect.dll
2009-04-12 20:58 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-04-12 20:57 2,033,152 a------- c:\windows\system32\win32k.sys
2009-04-12 20:51 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-04-12 20:50 83,456 a------- c:\windows\system32\wudriver.dll
2009-04-12 20:50 162,064 a------- c:\windows\system32\wuwebv.dll
2009-04-12 20:50 31,232 a------- c:\windows\system32\wuapp.exe
2009-04-12 20:39 <DIR> --d----- c:\program files\EA Games
2009-04-12 19:53 28,095 a------- c:\users\bizara\appdata\roaming\nvModes.dat
2009-04-12 19:53 <DIR> --d-h--- c:\users\bizara\InstallAnywhere
2009-04-12 19:53 <DIR> --d----- c:\users\bizara\Bluetooth Software
2009-04-12 19:53 <DIR> --d----- c:\users\bizara\appdata\roaming\WinBatch
2009-04-12 19:53 <DIR> --d----- c:\users\bizara\appdata\roaming\MathWorks
2009-04-12 19:53 <DIR> --d----- c:\users\bizara\appdata\roaming\Maple
2009-04-12 19:53 <DIR> --d----- c:\users\bizara\appdata\roaming\MapInfo
2009-04-12 19:53 <DIR> --d----- c:\users\bizara\appdata\roaming\Lenovo
2009-04-12 19:53 <DIR> --d----- c:\users\bizara\appdata\roaming\Bentley
2009-04-12 19:53 <DIR> --d----- c:\users\bizara

==================== Find3M ====================

2009-05-10 13:54 42,654 a------- c:\programdata\nvModes.dat
2009-05-10 13:54 42,654 a------- c:\progra~2\nvModes.dat
2009-05-10 13:32 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-05-10 13:32 47,104 a------- c:\windows\system32\rpcnet.dll
2009-05-09 23:08 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-04-14 11:30 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-14 11:30 86,016 a------- c:\windows\inf\infstor.dat
2009-04-14 11:30 51,200 a------- c:\windows\inf\infpub.dat
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 07:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 07:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 07:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2008-06-26 11:19 174 ---sh--- c:\program files\desktop.ini
2008-06-26 11:04 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:40 287,440 -------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 -------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 -------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 -------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 -------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 -------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 -------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 -------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:10:38.95 ===============







GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-10 14:17:33
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 91032C88 ZwAlertResumeThread
SSDT 91032D68 ZwAlertThread
SSDT 91036CC0 ZwAllocateVirtualMemory
SSDT 8A395800 ZwConnectPort
SSDT 910329D8 ZwCreateMutant
SSDT 91033330 ZwCreateThread
SSDT 91033CA0 ZwFreeVirtualMemory
SSDT 91032AC8 ZwImpersonateAnonymousToken
SSDT 91032BA8 ZwImpersonateThread
SSDT 91033BC0 ZwMapViewOfSection
SSDT 910328F8 ZwOpenEvent
SSDT 91036D90 ZwOpenProcessToken
SSDT 91033900 ZwOpenThreadToken
SSDT 8A3F8A28 ZwResumeThread
SSDT 91033820 ZwSetContextThread
SSDT 910339F0 ZwSetInformationProcess
SSDT 91033730 ZwSetInformationThread
SSDT 91032818 ZwSuspendProcess
SSDT 91032EB0 ZwSuspendThread
SSDT 91033410 ZwTerminateProcess
SSDT 91032F90 ZwTerminateThread
SSDT 91033AE0 ZwUnmapViewOfSection
SSDT 91033D70 ZwWriteVirtualMemory

INT 0x51 ? 85712BF8
INT 0x51 ? 87212BF8
INT 0x52 ? 87212BF8
INT 0x62 ? 87212BF8
INT 0x72 ? 87212BF8
INT 0x82 ? 87212BF8
INT 0xA2 ? 87212BF8
INT 0xA2 ? 87212BF8
INT 0xA3 ? 87212BF8
INT 0xB2 ? 8570EBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 820F1914 8 Bytes [88, 2C, 03, 91, 68, 2D, 03, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 364 820F1928 4 Bytes [C0, 6C, 03, 91]
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 820F19B8 4 Bytes [00, 58, 39, 8A]
.text ntkrnlpa.exe!KeSetTimerEx + 428 820F19EC 4 Bytes [D8, 29, 03, 91]
.text ntkrnlpa.exe!KeSetTimerEx + 454 820F1A18 4 Bytes [30, 33, 03, 91]
.text ...
? System32\Drivers\spno.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8A7ED46F 5 Bytes JMP 872121D8
.text agxerups.SYS 8FB70000 2 Bytes [26, D2]
.text agxerups.SYS 8FB70003 19 Bytes [82, 10, D1, 00, 82, 60, 9F, ...] {ADC BYTE [EAX], -0x2f; ADD [EDX-0x7dff60a0], AL; RCR BYTE [ESI-0x2ab37e00], 0x0; ADD BYTE [EAX], 0x0}
.text agxerups.SYS 8FB70017 145 Bytes [00, 32, 27, 7A, 80, 3D, 25, ...]
.text agxerups.SYS 8FB700A9 21 Bytes [C0, 08, 82, A0, B7, 08, 82, ...]
.text agxerups.SYS 8FB700BF 13 Bytes [82, 00, 00, 00, 00, 00, 00, ...] {ADD BYTE [EAX], 0x0; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806986D6] \SystemRoot\System32\Drivers\spno.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80698042] \SystemRoot\System32\Drivers\spno.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80698800] \SystemRoot\System32\Drivers\spno.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806980C0] \SystemRoot\System32\Drivers\spno.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069813E] \SystemRoot\System32\Drivers\spno.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A7E9C] \SystemRoot\System32\Drivers\spno.sys
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortWritePortUchar] 838FB95F
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8FB930
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\agxerups.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 857141F8

AttachedDevice \FileSystem\Ntfs \Ntfs tvtfilter.sys (Rescue and Recovery filter driver/Lenovo)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 857101F8
Device \Driver\usbuhci \Device\USBPDO-0 870B41F8
Device \Driver\usbuhci \Device\USBPDO-1 870B41F8
Device \Driver\usbehci \Device\USBPDO-2 8720F1F8
Device \Driver\usbuhci \Device\USBPDO-3 870B41F8
Device \Driver\usbuhci \Device\USBPDO-4 870B41F8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 870B41F8
Device \Driver\usbehci \Device\USBPDO-6 8720F1F8
Device \Driver\volmgr \Device\HarddiskVolume1 857101F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\netbt \Device\NetBT_Tcpip_{B94BB083-2685-45AD-BF59-AD93506D020E} 8A381500
Device \Driver\cdrom \Device\CdRom0 872131F8
Device \Driver\cdrom \Device\CdRom1 872131F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 857131F8
Device \Driver\atapi \Device\Ide\IdePort0 857131F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8A381500
Device \Driver\Smb \Device\NetbiosSmb 8A3921F8
Device \Driver\sptd \Device\386758105 spno.sys
Device \Driver\iScsiPrt \Device\RaidPort0 84D8F1F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\netbt \Device\NetBT_Tcpip_{72AA1DD2-4A1C-4FA3-AF2E-3058B3C842E2} 8A381500
Device \Driver\PCI_PNP0087 \Device\0000005f spno.sys
Device \Driver\usbuhci \Device\USBFDO-0 870B41F8
Device \Driver\usbuhci \Device\USBFDO-1 870B41F8
Device \Driver\usbehci \Device\USBFDO-2 8720F1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{76714350-632D-4C39-88B3-6E7297C74280} 8A381500
Device \Driver\usbuhci \Device\USBFDO-3 870B41F8
Device \Driver\usbuhci \Device\USBFDO-4 870B41F8
Device \Driver\usbuhci \Device\USBFDO-5 870B41F8
Device \Driver\usbehci \Device\USBFDO-6 8720F1F8
Device \Driver\agxerups \Device\Scsi\agxerups1 84D8C1F8
Device \Driver\agxerups \Device\Scsi\agxerups1Port3Path0Target0Lun0 84D8C1F8
Device \FileSystem\cdfs \Cdfs 8527E500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ef2aca6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3aef74b8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f3aef8de4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1ecbefd
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3D 0xBD 0x5E 0xEB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF5 0x47 0xE7 0x64 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x87 0xA6 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9F 0x43 0x9B 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0xA5 0x23 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD1 0x2B 0x85 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ef2aca6
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f3aef74b8
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001f3aef8de4
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe1ecbefd
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3D 0xBD 0x5E 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF5 0x47 0xE7 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3C 0x87 0xA6 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9F 0x43 0x9B 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x46 0xA5 0x23 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD1 0x2B 0x85 0x5C ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA330100007706000000000030\Usage@AcrobatElements 984219783
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A136897B345EB2940936F1D438633D77\Usage@SAVUI 984220201

---- EOF - GMER 1.0.15 ----

Edited by Valkrys, 10 May 2009 - 05:25 PM.

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
  • DDS.pif
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom

OK, posting another DDS log below. Also, an update: The space was gradually taken up again since I edited the original post. I adjusted the shadow storage and got most of it back a few days ago, but I'm not really sure if that was what was causing it. Usually, when the computer starts up, a little space is taken, but then it's fine. About a week ago I received a few Symantec warnings about W32.Virut!html, but those files were quarantined and I haven't had any more since. Malwarebytes and Symantec still come up with nothing. Any help or advice would be appreciated.


DDS (Ver_09-03-16.01) - NTFSx86
Run by bizara at 14:48:57.43 on Tue 05/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3054.1570 [GMT -4:00]

AV: Symantec AntiVirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\AEADISRV.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\lkcitdl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Windows\system32\lkads.exe
C:\Windows\system32\lktsrv.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\rpcnet.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\bizara\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://rpinfo.rpi.edu
uDefault_Page_URL = hxxp://rpinfo.rpi.edu
mDefault_Page_URL = hxxp://lenovo.live.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Steam] "e:\steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TPFNF7] c:\progra~1\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AMSG] c:\progra~1\thinkv~2\amsg\amsg.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-

4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [LPMailChecker] c:\progra~1\thinkv~2\prdctr\LPMLCHK.exe
mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AfsLogon - afslogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\
FF - prefs.js: browser.search.selectedEngine - Wikipedia
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
FF - component: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\{31513e58-f253-47ad-86db-d5f21e905429}\components\mintray-9178506d-2005072516-trunk.dll
FF - component: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\{35b9face-cc9a-4c68-8754-9c22baeb6678}\components\speakit.dll
FF - component: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\bizara\appdata\roaming\mozilla\firefox\profiles\3r9tcwuz.alan profile\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-10-16 103472]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWR32V.SYS [2007-8-20 12080]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-10 1153368]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2007-8-14 10896]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-12-14 58736]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-12-5 520192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-9 101936]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-8-7 48192]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2007-12-5 260672]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2006-11-2 167936]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-6-12 29736]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2008-4-3 121744]

=============== Created Last 30 ================

2009-05-26 01:39 <DIR> --d----- c:\program files\trend micro
2009-05-25 01:00 <DIR> --d----- C:\VundoFix Backups
2009-05-23 01:51 <DIR> --d----- C:\_SMA
2009-05-21 21:54 <DIR> --d----- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-05-13 03:02 <DIR> --dsh--- c:\windows\system32\%APPDATA%
2009-05-10 03:23 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-05-10 03:23 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-10 03:23 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-05-09 21:26 <DIR> --d----- c:\users\bizara\Fall Out Boy - Folie a Deux HQ Rip
2009-05-08 15:23 <DIR> --d----- c:\programdata\Apple Computer
2009-05-08 15:22 <DIR> --d----- c:\programdata\Apple
2009-05-06 03:26 <DIR> --d----- c:\program files\mp3DirectCut
2009-05-05 17:10 <DIR> --d----- c:\program files\Free M4a to MP3 Converter
2009-05-02 04:19 400,667,237 a------- c:\windows\MEMORY.DMP
2009-04-30 11:52 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-04-30 11:52 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-04-29 20:52 <DIR> --d----- c:\program files\filehippo.com
2009-04-27 08:55 <DIR> --d----- c:\users\bizara\appdata\roaming\RapidCRC
2009-04-26 15:20 <DIR> --d----- c:\program files\RapidCRC

==================== Find3M ====================

2009-05-26 14:29 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-05-26 14:28 47,104 a------- c:\windows\system32\rpcnet.dll
2009-05-26 14:28 42,654 a------- c:\programdata\nvModes.dat
2009-05-26 14:28 42,654 a------- c:\progra~2\nvModes.dat
2009-05-09 23:08 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-04-29 17:23 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-04-22 00:20 14,311,680 a------- c:\windows\system32\xlive.dll
2009-04-22 00:20 13,642,496 a------- c:\windows\system32\xlivefnt.dll
2009-04-21 03:12 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-18 21:56 5,120 a------- c:\windows\system32\BReWErS.dll
2009-04-14 11:30 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-14 11:30 86,016 a------- c:\windows\inf\infstor.dat
2009-04-14 11:30 51,200 a------- c:\windows\inf\infpub.dat
2009-04-14 09:12 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-13 03:00 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-25 18:55 33,280 a------- c:\windows\system32\identprv.dll
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-16 14:18 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-03-16 14:18 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-03-16 14:18 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-03-16 14:18 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-09 15:27 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-03-09 15:27 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-03-09 15:27 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-03-08 07:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 07:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 07:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 07:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 07:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 07:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 07:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 07:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 07:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 07:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 07:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 07:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 07:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 07:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 07:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 07:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 07:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 07:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2008-07-22 11:19 28,095 a------- c:\users\bizara\appdata\roaming\nvModes.dat
2008-06-26 11:19 174 ---sh--- c:\program files\desktop.ini
2008-06-26 11:04 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 08:40 287,440 -------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:40 287,440 -------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:40 30,674 -------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:40 30,674 -------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 -------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 -------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 -------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 -------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 14:49:38.51 ===============

Hi Valkrys,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

Please give me a little time to go through your log and I will get back to you with your first instructions. Don't worry I won't abandon you.

• Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  
• Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  
• Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

Thanks

Hey Valkrys,

There doesn't appear to be anything in the log but let's double check.

Let's run Gmer again

We need to scan for Rootkits with GMER

• Please download GMER from one of the following locations, and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zip Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
• Close any and all open programs, as this process may crash your computer.
• Double click or on your desktop.
• Allow the gmer.sys driver to load if asked.
• You may see this window. If you do, click No.
  
• Click on and wait for the scan to finish.
• If you see a rootkit warning window, click OK.
• Push and save the logfile to your desktop.
• Copy and Paste the contents of that file in your next post.

Then

Download and Run OTViewit

• Please download OTViewIt by OldTimer.
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the button.
• Two reports will open, copy and paste them in a reply here:
• OTViewIt.txt <-- Will be opened
• Extra.txt <-- Will be minimized

Thanks

Thanks for the help. It's a relief to hear that the logs look clean, but I'd glad we're taking the extra precautions. The gmer log is linked below, it was too long and large for this board, but I can't run OTviewit. I get this error message: "Access violation at address 77975973 in module 'ntdll.dll'. Read of adress 00000016." This happens slightly into the scan, although a log is produced, which will be after the gmer log link.

http://www.filedropper.com/gmer

OTViewIt logfile created on: 5/26/2009 8:26:00 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\bizara\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.30% Memory free
2.90 Gb Paging File | 1.21 Gb Available in Paging File | 41.67% Paging File free
Paging file location(s): c:\pagefile.sys 16 4579;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 26.87 Gb Free Space | 18.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STUDENT-QSRDC7X
Current User Name: bizara
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/01/19 03:33:37 | 00,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
[2008/01/19 03:33:14 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
[2007/11/02 15:51:02 | 00,036,136 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
[2008/06/09 07:23:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2007/01/04 23:40:56 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
[2008/01/19 03:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
[2006/11/02 05:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[2007/08/14 15:55:20 | 00,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
[2008/03/27 10:45:12 | 00,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
[2008/01/19 03:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/01/30 12:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE
[2008/03/17 13:37:04 | 00,111,904 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
[2007/09/11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
[2007/12/07 10:13:04 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
[2008/03/17 10:32:08 | 00,518,696 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
[2008/04/03 12:33:06 | 00,031,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
[2006/11/15 19:20:46 | 00,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[2008/01/19 03:33:08 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
[2008/01/19 03:33:32 | 00,169,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
[2007/11/19 15:00:38 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2008/01/19 03:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
[2008/03/26 03:06:00 | 00,059,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
[2007/11/21 18:08:56 | 00,820,520 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008/03/24 10:15:04 | 00,068,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
[2007/11/22 15:09:26 | 00,181,536 | ---- | M] (Lenovo.) -- C:\Windows\System32\TpShocks.exe
[2006/11/15 19:21:56 | 00,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[2007/04/27 02:33:00 | 00,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
[2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2007/11/27 15:38:04 | 00,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe
[2006/11/02 05:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2008/03/04 10:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[2008/01/11 02:21:00 | 00,144,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
[2006/12/21 05:50:37 | 00,468,528 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
[2007/11/27 13:56:48 | 00,040,488 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe
[2007/11/27 13:57:20 | 00,050,736 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe
[2006/11/07 06:51:40 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
[2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
[2008/03/24 14:41:22 | 00,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
[2008/03/17 13:37:08 | 00,431,392 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
[2008/03/17 13:37:12 | 00,128,288 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
[2008/02/01 01:25:38 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[2008/04/03 12:33:34 | 00,136,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
[2008/04/25 16:38:34 | 00,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
[2008/10/14 21:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2008/01/11 02:21:00 | 00,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
[2006/11/02 05:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rundll32.exe
[2009/04/14 09:12:19 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2009/04/23 09:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
[2006/09/29 12:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
[2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/03/17 10:32:10 | 00,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[2007/08/03 13:59:24 | 00,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe
[2007/11/27 13:57:52 | 00,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
[2007/07/19 16:38:16 | 00,048,704 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe
[2007/12/06 15:15:44 | 00,609,384 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
[2007/11/19 14:35:46 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2008/06/12 13:09:31 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
[2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
[2008/04/03 12:33:18 | 01,956,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
[2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
[2007/10/16 18:33:00 | 00,037,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe
[2007/12/05 17:32:36 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
[2007/12/05 17:37:38 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
[2007/11/21 17:55:28 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
[2008/05/27 01:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
[2006/11/27 17:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
[2008/03/17 13:37:06 | 00,210,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
[2009/03/24 17:04:32 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
[2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
[2008/03/17 13:37:20 | 00,136,480 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
[2008/07/15 07:33:14 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/01/19 03:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2006/09/29 12:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2009/04/30 03:06:35 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/03/02 22:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
[2008/01/19 03:33:18 | 00,151,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\notepad.exe
[2009/05/26 20:23:43 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\bizara\Desktop\OTViewIt.exe
[2008/05/27 01:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchProtocolHost.exe
[2008/05/27 01:17:55 | 00,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFilterHost.exe

========== (O23) Win32 Services ==========

[2008/03/17 13:37:04 | 00,111,904 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
[2008/03/17 13:37:06 | 00,210,208 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
[2007/09/11 00:45:04 | 00,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0 [Auto | Running])
[2007/12/07 10:13:04 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters [Auto | Running])
[2008/07/27 14:03:11 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/01/04 23:40:56 | 00,557,056 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
[2008/03/17 10:32:08 | 00,518,696 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
[2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
[2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService [Auto | Stopped])
[2008/03/18 06:28:46 | 00,068,096 | ---- | M] () -- C:\cygwin\bin\cygrunsrv.exe -- (cygserver [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2008/04/03 12:33:06 | 00,031,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
[2008/01/19 03:33:06 | 02,091,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dfsr.exe -- (DFSR [On_Demand | Stopped])
[2006/11/15 19:20:46 | 00,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
[2008/01/19 03:34:06 | 00,134,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dps.dll -- (DPS [Unknown | Running])
[2008/01/19 03:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2006/11/02 08:34:14 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2007/11/19 15:00:38 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2008/07/15 07:33:14 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2008/06/19 21:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2006/12/04 00:53:55 | 00,135,608 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2007/11/02 15:51:02 | 00,036,136 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
[2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/01/30 12:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC [Auto | Running])
[2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2007/08/11 20:05:27 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate [On_Demand | Stopped])
[2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex [Auto | Running])
[2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Stopped])
[2007/11/27 15:38:04 | 00,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer [Auto | Running])
[2007/11/27 13:56:48 | 00,040,488 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lkads.exe -- (lkClassAds [Auto | Running])
[2007/11/27 13:57:20 | 00,050,736 | ---- | M] (National Instruments Corporation) -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync [Auto | Running])
[2006/10/26 13:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2006/11/02 09:02:42 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
[2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
[2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])
[2007/08/03 13:59:24 | 00,012,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\MAX\nimxs.exe -- (mxssvr [Auto | Running])
[2008/06/19 21:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/11/27 13:57:52 | 00,213,552 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService [Auto | Running])
[2007/10/31 08:20:36 | 01,007,616 | ---- | M] (Macrovision Corporation) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager [Disabled | Stopped])
[2007/07/19 16:38:16 | 00,048,704 | ---- | M] (National Instruments Corp.) -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc [Auto | Running])
[2007/12/06 15:15:44 | 00,609,384 | ---- | M] (National Instruments Corporation) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe -- (NITaggerService [Auto | Running])
[2008/06/09 07:23:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
[2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2007/05/09 15:34:34 | 00,098,304 | ---- | M] (OPC Foundation) -- C:\Windows\System32\Opcenum.exe -- (OpcEnum [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/11/19 14:35:46 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/01/12 05:33:14 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/01/12 05:32:48 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/04/22 17:01:18 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2008/06/12 13:09:31 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe -- (rpcnet [Auto | Running])
[2008/04/03 12:33:24 | 00,121,744 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
[2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
[2008/01/19 03:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008/01/19 03:33:22 | 02,623,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe -- (slsvc [Auto | Running])
[2006/11/02 05:45:46 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped])
[2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
[2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2009/05/21 22:03:13 | 00,322,032 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
[2007/05/30 08:26:26 | 00,073,728 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2009/03/24 17:04:32 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
[2008/04/03 12:33:18 | 01,956,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
[2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
[2007/10/16 18:33:00 | 00,037,424 | ---- | M] (Lenovo.) -- C:\Windows\System32\TPHDEXLG.exe -- (TPHDEXLGSVC [Auto | Running])
[2008/03/27 10:45:12 | 00,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC [Auto | Running])
[2008/06/23 00:36:58 | 00,509,952 | ---- | M] (OpenAFS Project) -- C:\Program Files\OpenAFS\Client\Program\afsd_service.exe -- (TransarcAFSDaemon [On_Demand | Stopped])
[2007/12/05 17:32:36 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
[2007/12/05 17:37:38 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
[2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
[2008/07/11 10:47:00 | 00,260,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor [Auto | Stopped])
[2008/01/19 03:33:33 | 00,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UI0Detect.exe -- (UI0Detect [On_Demand | Stopped])
[2008/01/19 03:33:33 | 00,382,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vds.exe -- (vds [On_Demand | Stopped])
[2008/01/19 03:33:35 | 00,917,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbengine.exe -- (wbengine [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/19 03:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/27 01:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
[2006/11/27 17:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService [Auto | Running])

========== Driver Services ==========

[2007/12/07 10:13:04 | 00,348,160 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2006/11/02 05:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2006/11/02 05:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2006/11/02 05:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2006/11/02 05:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
[2007/08/20 13:16:55 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\System32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
[2006/11/02 05:49:59 | 00,054,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp [On_Demand | Stopped])
[2007/08/20 13:16:55 | 00,018,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdide.sys -- (amdide [Disabled | Stopped])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7 [Disabled | Stopped])
[2006/11/02 04:30:18 | 00,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8 [Disabled | Stopped])
[2006/11/02 05:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arc.sys -- (arc [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
[2006/12/19 21:12:38 | 00,686,080 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr [On_Demand | Stopped])
[2005/05/17 10:20:06 | 00,015,872 | ---- | M] (Atmel, Inc.) -- C:\Windows\System32\drivers\atmeltpm.sys -- (atmeltpm [On_Demand | Running])
[2006/11/02 03:30:53 | 00,167,936 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x [On_Demand | Stopped])
[2008/01/19 01:28:26 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bowser.sys -- (bowser [On_Demand | Running])
[2006/11/02 04:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/11/02 04:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2006/11/02 04:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm [Disabled | Stopped])
[2006/11/02 04:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm [Disabled | Stopped])
[2006/11/02 04:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer [On_Demand | Stopped])
[2008/06/12 17:01:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum [On_Demand | Stopped])
[2006/11/02 04:55:23 | 00,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM [Disabled | Stopped])
[2008/01/19 01:53:44 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan [On_Demand | Stopped])
[2008/06/12 17:01:00 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT [On_Demand | Stopped])
[2008/06/12 17:01:00 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB [On_Demand | Stopped])
[2008/03/17 08:42:22 | 00,081,960 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio [On_Demand | Stopped])
[2008/03/17 08:42:20 | 00,100,392 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt [On_Demand | Stopped])
[2008/01/29 10:46:58 | 00,029,736 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap [On_Demand | Stopped])
[2008/03/17 08:42:16 | 00,017,320 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid [On_Demand | Stopped])
[2006/11/02 04:55:08 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\circlass.sys -- (circlass [Disabled | Stopped])
[2008/01/19 03:42:58 | 00,247,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clfs.sys -- (CLFS [Unknown | Running])
[2007/08/20 13:16:55 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
[2006/11/02 05:49:43 | 00,022,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk [Boot | Running])
[2006/11/02 04:30:18 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe [Disabled | Stopped])
[2008/01/19 01:28:57 | 00,350,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\csc.sys -- (CSC [System | Running])
[2007/10/23 10:00:00 | 00,004,096 | ---- | M] () -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv [Auto | Running])
[2008/01/19 01:28:20 | 00,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC [System | Running])
[2007/03/13 16:13:32 | 00,035,064 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2007/03/13 16:13:26 | 00,032,472 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2007/02/08 20:05:30 | 00,012,856 | ---- | M] (Roxio) -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
[2007/03/13 16:13:54 | 00,009,400 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
[2007/03/13 16:13:24 | 00,104,824 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2007/03/13 16:13:28 | 00,026,744 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2007/03/13 16:13:26 | 00,014,520 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2007/02/08 20:05:30 | 00,028,120 | ---- | M] (Roxio) -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2007/03/13 16:13:30 | 00,094,648 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2007/03/13 16:13:30 | 00,098,104 | ---- | M] (Roxio) -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2007/03/12 01:25:28 | 00,099,848 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2007/02/09 12:34:16 | 00,051,768 | ---- | M] (Roxio) -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2008/08/01 21:01:23 | 00,625,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl [On_Demand | Running])
[2008/03/05 18:43:32 | 00,223,360 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express [On_Demand | Running])
[2006/11/02 03:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 03:42:11 | 00,143,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ecache.sys -- (Ecache [Boot | Running])
[2009/03/16 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
[2006/11/02 05:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
[2009/03/16 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
[2008/01/19 01:28:01 | 00,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\exfat.sys -- (exfat [On_Demand | Stopped])
[2008/01/19 03:42:31 | 00,058,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo [Boot | Running])
[2008/01/19 01:30:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace [On_Demand | Stopped])
[2008/01/19 03:42:12 | 00,145,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fvevol.sys -- (fvevol [Boot | Running])
[2006/11/02 05:50:04 | 00,058,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx [On_Demand | Stopped])
[2006/11/02 03:36:49 | 00,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
[2008/01/19 00:30:49 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/11/02 04:55:22 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth [Disabled | Stopped])
[2006/11/02 04:55:01 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidir.sys -- (HidIr [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2006/11/02 03:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
[2006/12/21 12:50:24 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2006/12/21 12:49:04 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
[2006/10/18 22:10:57 | 01,380,864 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm [On_Demand | Stopped])
[2007/09/29 23:03:12 | 00,308,248 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2006/11/02 05:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2007/11/02 15:50:30 | 00,021,808 | ---- | M] (Lenovo.) -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV [On_Demand | Running])
[2006/11/02 05:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
[2006/11/02 04:42:03 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV [Disabled | Stopped])
[2008/01/19 03:42:35 | 00,181,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt [On_Demand | Running])
[2006/11/02 05:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
[2006/11/02 05:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
[2006/11/02 04:51:12 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid [Disabled | Stopped])
[2008/05/12 18:04:04 | 00,013,480 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi [System | Running])
[2008/01/19 01:55:03 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio [Auto | Running])
[2006/11/02 05:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2006/11/02 05:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2006/11/02 05:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/19 01:30:36 | 00,084,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\luafv.sys -- (luafv [Auto | Running])
[2006/06/18 15:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2006/11/02 05:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
[2006/11/02 04:54:05 | 00,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\monitor.sys -- (monitor [On_Demand | Running])
[2006/11/02 05:50:16 | 00,078,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpio.sys -- (mpio [Disabled | Stopped])
[2008/01/19 01:54:46 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv [On_Demand | Running])
[2006/11/02 05:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x [Disabled | Stopped])
[2008/08/26 21:05:41 | 00,212,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10 [On_Demand | Running])
[2008/01/19 01:28:37 | 00,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20 [On_Demand | Running])
[2007/08/20 13:16:55 | 00,025,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys -- (msahci [Disabled | Stopped])
[2006/11/02 05:50:17 | 00,080,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm [Disabled | Stopped])
[2008/01/19 03:41:14 | 00,016,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv [Boot | Running])
[2008/01/19 01:55:32 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\loop.sys -- (msloop [On_Demand | Running])
[2008/01/19 03:42:29 | 00,163,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC [On_Demand | Stopped])
[2008/05/19 22:07:31 | 00,148,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP [On_Demand | Running])
[2009/03/16 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090526.004\NAVENG.SYS -- (NAVENG [On_Demand | Running])
[2009/03/16 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20090526.004\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
[2007/11/26 23:47:30 | 02,252,800 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
[2006/11/02 05:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
[2008/01/19 01:55:24 | 00,030,720 | ---- | M] (National Semiconductor Corporation) -- C:\Windows\System32\drivers\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])
[2008/01/19 01:55:50 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy [System | Running])
[2006/11/02 03:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
[2008/06/09 07:23:00 | 07,522,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2006/11/02 05:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
[2006/11/02 05:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
[2006/11/02 05:50:40 | 00,106,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp [On_Demand | Stopped])
[2006/11/02 05:04:35 | 00,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH [Auto | Running])
[2006/11/06 17:24:56 | 00,012,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD [Auto | Running])
[2008/06/26 09:37:36 | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) -- C:\Windows\System32\drivers\psadd.sys -- (psadd [On_Demand | Running])
[2008/04/04 21:21:42 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pacer.sys -- (PSched [System | Running])
[2007/02/02 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/02 05:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
[2008/01/19 01:56:07 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv [On_Demand | Stopped])
[2007/01/04 23:50:56 | 02,306,048 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\atikmdag.sys -- (R300 [On_Demand | Stopped])
[2008/01/19 01:56:43 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp [On_Demand | Running])
[2008/01/19 02:01:09 | 00,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD [System | Running])
[2008/01/19 01:53:39 | 00,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM [On_Demand | Stopped])
[2007/02/24 14:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/01/23 16:40:20 | 00,042,496 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])
[2007/03/21 22:02:04 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])
[2008/01/19 01:55:03 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr [Auto | Running])
[2006/11/02 05:50:16 | 00,076,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port [Disabled | Stopped])
[2008/01/19 01:32:56 | 00,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2006/11/02 02:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/19 01:49:16 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse [Disabled | Stopped])
[2006/11/02 04:51:38 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk [Disabled | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc [On_Demand | Stopped])
[2006/11/02 04:51:40 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2007/10/16 18:33:00 | 00,103,472 | ---- | M] (Lenovo.) -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf [Boot | Running])
[2006/11/02 05:49:51 | 00,053,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp [On_Demand | Stopped])
[2006/11/02 05:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
[2006/11/02 05:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/01/19 01:55:27 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\smb.sys -- (Smb [System | Running])
[2007/08/14 15:46:36 | 00,010,896 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp2 [Auto | Running])
[2008/01/17 18:24:44 | 00,420,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
[2008/01/19 03:41:30 | 00,021,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\spldr.sys -- (spldr [Boot | Running])
[2009/04/29 17:23:33 | 00,721,904 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/02/04 12:26:34 | 00,279,088 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP [System | Running])
[2008/02/04 12:26:34 | 00,317,616 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL [On_Demand | Stopped])
[2008/02/04 12:26:34 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX [System | Running])
[2008/01/19 01:29:15 | 00,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys -- (srv2 [On_Demand | Running])
[2008/01/19 01:29:12 | 00,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet [On_Demand | Running])
[2006/11/02 05:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
[2008/06/25 15:50:34 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
[2007/01/09 16:46:26 | 00,027,576 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV [On_Demand | Running])
[2007/01/09 16:46:26 | 00,191,544 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI [System | Running])
[2006/11/02 05:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
[2006/11/02 05:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
[2007/11/21 18:08:58 | 00,181,168 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/01/19 01:56:07 | 00,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg [Auto | Running])
[2007/08/14 15:25:52 | 00,047,376 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\drivers\tcusb.sys -- (TcUsb [On_Demand | Running])
[2008/01/19 01:55:58 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tdx.sys -- (tdx [System | Running])
[2007/10/16 18:32:00 | 00,019,504 | ---- | M] (Lenovo.) -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN [Boot | Running])
[2008/01/19 03:42:12 | 00,045,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tpm.sys -- (TPM [On_Demand | Running])
[2008/01/11 02:20:00 | 00,012,080 | ---- | M] () -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF [System | Running])
[2008/01/19 02:01:15 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv [On_Demand | Stopped])
[2008/01/19 01:55:41 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp [On_Demand | Running])
[2008/01/19 01:55:50 | 00,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel [On_Demand | Running])
[2008/07/29 22:09:00 | 00,033,536 | ---- | M] (Lenovo) -- C:\Windows\System32\drivers\tvtfilter.sys -- (tvtfilter [Auto | Running])
[2007/05/22 14:59:38 | 00,030,336 | ---- | M] (Lenovo (United States) Inc.) -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C [On_Demand | Running])
[2008/07/11 10:47:00 | 00,048,192 | ---- | M] (Lenovo) -- C:\Windows\System32\drivers\tvtumon.sys -- (tvtumon [System | Stopped])
[2006/11/02 05:49:59 | 00,056,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35 [On_Demand | Stopped])
[2006/11/02 05:50:04 | 00,058,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx [On_Demand | Stopped])
[2006/11/02 05:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 05:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
[2006/11/02 05:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/19 01:53:40 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\umbus.sys -- (umbus [On_Demand | Running])
[2006/11/02 04:55:09 | 00,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir [Disabled | Stopped])
[2008/01/19 01:52:06 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\vgapnp.sys -- (vga [On_Demand | Stopped])
[2006/11/02 04:30:19 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7 [Disabled | Stopped])
[2007/08/20 13:16:55 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\System32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 03:42:18 | 00,052,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr [Boot | Running])
[2008/01/19 03:43:03 | 00,294,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx [Boot | Running])
[2006/11/02 05:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
[2006/11/02 04:52:52 | 00,020,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen [Disabled | Stopped])
[2006/11/02 05:49:38 | 00,019,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wd.sys -- (Wd [Disabled | Stopped])
[2008/01/19 03:43:27 | 00,503,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000 [Boot | Running])
[2006/12/21 12:48:54 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
[2008/01/19 01:32:47 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi [On_Demand | Running])
[2008/01/19 01:56:49 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl [Disabled | Stopped])
[2006/11/27 17:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio [Auto | Running])
[2008/01/19 01:49:39 | 00,521,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc [On_Demand | Stopped])
[2007/08/28 17:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://lenovo.live.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://rpinfo.rpi.edu
"Default_Secondary_Page_URL"=
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Start Page"=http://rpinfo.rpi.edu
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://rpinfo.rpi.edu
"Default_Secondary_Page_URL"=
"Local Page"=C:\Windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Start Page"=http://rpinfo.rpi.edu
"StartPageCache"=

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\System32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (306031 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
10.254.254.253 AFS
127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
10538 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/07/18 14:38:51 | 00,000,000 | ---D | M]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/07/18 14:38:51 | 00,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- c:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)
"AMSG"=C:\PROGRA~1\THINKV~2\AMSG\amsg.exe (LENOVO)
"AwaySch"=C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
"BLOG"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog ()
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"LenovoOobeOffers"=c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe /filePath="c:\swshare\firstrun.txt" (Lenovo)
"LPMailChecker"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe (Lenovo Group Limited)
"LPManager"=C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (Lenovo Group Limited)
"NvCplDaemon"=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"PWMTRV"=rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"TPFNF7"=C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r (Lenovo Group Limited)
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper (Lenovo)
"TpShocks"=TpShocks.exe (Lenovo.)
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
"Steam"="e:\steam\steam.exe" -silent File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
"Steam"="e:\steam\steam.exe" -silent File not found

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: c:\Program Files\Windows Live Toolbar\msntb.dll [2007/02/12 15:56:04 | 00,546,672 | ---- | M] (Microsoft Corporation)
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/04/03 18:11:10 | 18,330,984 | ---- | M] (Microsoft Corporation)
Send image to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2008/02/13 12:29:12 | 00,001,225 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2008/02/13 12:29:10 | 00,002,784 | ---- | M] ()

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\Software\Microsoft\Internet Explorer\MenuExt\]
&Windows Live Search: c:\Program Files\Windows Live Toolbar\msntb.dll [2007/02/12 15:56:04 | 00,546,672 | ---- | M] (Microsoft Corporation)
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2009/04/03 18:11:10 | 18,330,984 | ---- | M] (Microsoft Corporation)
Send image to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2008/02/13 12:29:12 | 00,001,225 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2008/02/13 12:29:10 | 00,002,784 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2008/10/25 07:52:00 | 00,604,056 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\ThinkPad\Bluetooth Software\btsendto_ie.htm [2008/02/13 12:29:10 | 00,002,784 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\ThinkPad\Bluetooth Software\btsendto_ie.htm [2008/02/13 12:29:10 | 00,002,784 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found

========== (O12) Internet Explorer Plugins ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
Extension\.csm: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.csml: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.cub: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.cube: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.dx: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.emb: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.embl: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.gau: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.jdx: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.mol: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.mop: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.pdb: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.rxn: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.scr: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.skc: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.spt: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.tgf: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))
Extension\.xyz: MDL Chime 2.6 SP7 -- C:\Program Files\Internet Explorer\Plugins\npchime.dll [2007/07/26 16:00:36 | 01,687,552 | ---- | M] (MDL Information Systems, Inc (Elsevier MDL))

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3937927212-2329758887-2733604271-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{15B782AF-55D8-11D1-B477-006097098764}: http://fpdownload.macromedia.com/get/shock...are/awswaxd.cab -- Macromedia Authorware Web Player Control
{166B1BCA-3F9C-11CF-8075-444553540000}: http://download.macromedia.com/pub/shockwa...director/sw.cab -- Shockwave ActiveX Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_13

========== (O17) DNS Name Servers ==========

{72AA1DD2-4A1C-4FA3-AF2E-3058B3C842E2} (Servers: | Description: Intel® Wireless WiFi Link 4965AGN)
{76714350-632D-4C39-88B3-6E7297C74280} (Servers: | Description: Microsoft Loopback Adapter)
{B94BB083-2685-45AD-BF59-AD93506D020E} (Servers: | Description: Intel® 82566MM Gigabit Network Connection)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"=vrlogon.dll
>[2007/08/14 15:56:16 | 00,615,936 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\vrlogon.dll


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AfsLogon: "DllName" = afslogon.dll -- C:\Program Files\OpenAFS\Client\Program\afslogon.dll (OpenAFS Project)
psfus: "DllName" = C:\Windows\system32\psqlpwd.dll -- C:\Windows\System32\psqlpwd.dll (UPEK Inc.)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}" (HKLM) = Windows DreamScene -- C:\Windows\System32\DreamScene.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 03:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 03:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autoexec.bat [REM Dummy file for NTVDM | ]
[2006/09/18 17:43:36 | 00,000,024 | ---- | M] () -- C:\autoexec.bat -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/26 20:23:41 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\bizara\Desktop\OTViewIt.exe
[2009/05/26 20:12:54 | 00,286,208 | ---- | C] () -- C:\Users\bizara\Desktop\gy9ko8cp.exe
[2009/05/26 01:39:29 | 00,000,000 | ---D | C] -- C:\rsit
[2009/05/26 01:39:29 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/05/25 01:00:11 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/23 01:51:51 | 00,000,000 | ---D | C] -- C:\_SMA
[2009/05/21 21:54:30 | 00,000,000 | ---D | C] -- C:\Windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
[2009/05/15 04:13:00 | 00,000,583 | ---- | C] () -- C:\Users\bizara\Desktop\Half-Life 2.lnk
[2009/05/15 04:12:54 | 00,000,573 | ---- | C] () -- C:\Users\bizara\Desktop\Portal.lnk
[2009/05/15 04:12:48 | 00,000,583 | ---- | C] () -- C:\Users\bizara\Desktop\Left 4 Dead.lnk
[2009/05/15 04:12:39 | 00,000,591 | ---- | C] () -- C:\Users\bizara\Desktop\Team Fortress 2.lnk
[2009/05/13 03:02:18 | 00,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2009/05/12 16:21:53 | 00,000,000 | ---D | C] -- C:\Users\bizara\Documents\VLC Snapshots
[2009/05/12 16:20:01 | 00,000,000 | ---D | C] -- C:\Users\bizara\AppData\Roaming\dvdcss
[2009/05/10 03:23:51 | 00,001,065 | ---- | C] () -- C:\Users\bizara\Desktop\Spybot - Search & Destroy.lnk
[2009/05/10 03:23:47 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/05/09 22:34:23 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/05/09 22:34:23 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/05/09 22:34:23 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/05/09 22:34:23 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/05/09 22:34:23 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/05/09 22:34:23 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/05/09 22:34:23 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/05/09 22:34:22 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/05/09 22:34:22 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/05/09 22:34:22 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/05/09 22:34:22 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/05/09 22:34:22 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/05/09 22:34:22 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/05/09 22:34:22 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/05/09 22:34:22 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/05/09 22:34:22 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/05/09 22:34:22 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/05/09 22:34:22 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/05/09 22:34:22 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/05/09 22:34:22 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/05/09 22:34:22 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/05/09 22:34:21 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/05/09 22:34:21 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/05/09 22:34:21 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/05/09 22:34:21 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/05/09 22:34:21 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/05/09 22:34:21 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/05/09 22:34:21 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/05/09 22:34:21 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/05/09 22:34:21 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/05/09 22:34:21 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/05/09 22:34:21 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/05/09 22:34:20 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/05/09 22:34:20 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/05/09 22:34:20 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/05/09 22:34:20 | 00,391,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/05/09 22:34:20 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/05/09 22:34:20 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/05/09 22:34:19 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/05/09 22:34:19 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/05/09 22:34:19 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/05/09 22:34:19 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/05/09 22:34:18 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/05/09 22:34:18 | 01,206,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/05/09 22:34:18 | 00,914,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/05/09 22:34:18 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/05/09 22:34:18 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/05/09 22:34:18 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/05/09 22:34:18 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/05/09 22:34:18 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/05/09 22:34:18 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/05/09 22:34:18 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/05/09 22:34:17 | 11,063,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/05/09 22:34:17 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/05/09 22:34:16 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/05/09 22:09:08 | 00,000,000 | ---D | C] -- C:\Users\bizara\AppData\Roaming\Download Manager
[2009/05/08 15:23:59 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/05/08 15:22:12 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/05/06 03:26:47 | 00,000,862 | ---- | C] () -- C:\Users\bizara\Desktop\mp3DirectCut.lnk
[2009/05/06 03:26:47 | 00,000,000 | ---D | C] -- C:\Program Files\mp3DirectCut
[2009/05/06 00:33:36 | 00,000,000 | ---D | C] -- C:\Users\bizara\AppData\Roaming\ImgBurn
[2009/05/06 00:33:23 | 00,001,660 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/05/06 00:31:20 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/05/05 17:10:30 | 00,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2009/05/02 04:20:40 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/05/02 04:19:06 | 40,066,7237 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/04/30 11:52:40 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/04/30 11:52:37 | 00,001,745 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/04/30 11:52:34 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/04/29 20:52:02 | 00,000,000 | ---D | C] -- C:\Program Files\filehippo.com
[2009/04/27 08:55:55 | 00,000,000 | ---D | C] -- C:\Users\bizara\AppData\Roaming\RapidCRC

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/05/26 20:23:43 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\bizara\Desktop\OTViewIt.exe
[2009/05/26 20:14:43 | 00,816,954 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/26 20:14:43 | 00,683,700 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/26 20:14:43 | 00,135,730 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/26 20:12:58 | 00,286,208 | ---- | M] () -- C:\Users\bizara\Desktop\gy9ko8cp.exe
[2009/05/26 19:43:00 | 00,000,256 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2009/05/26 18:29:10 | 00,003,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/26 18:29:10 | 00,003,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/26 14:45:48 | 00,103,461 | ---- | M] () -- C:\Users\Public\Documents\AcVistaWlAutoconfig.html
[2009/05/26 14:31:10 | 00,025,341 | ---- | M] () -- C:\Windows\System32\PROCDB.INI
[2009/05/26 14:29:01 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2009/05/26 14:28:57 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2009/05/26 14:27:54 | 00,463,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/26 14:27:54 | 00,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI
[2009/05/26 14:27:42 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/26 14:27:31 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/26 14:27:19 | 32,026,62400 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/26 04:30:34 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/05/26 04:29:33 | 04,700,604 | -H-- | M] () -- C:\Users\bizara\AppData\Local\IconCache.db
[2009/05/23 04:12:01 | 00,080,384 | ---- | M] () -- C:\Users\bizara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/21 22:24:29 | 00,002,049 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2009/05/15 04:13:00 | 00,000,583 | ---- | M] () -- C:\Users\bizara\Desktop\Half-Life 2.lnk
[2009/05/15 04:12:54 | 00,000,573 | ---- | M] () -- C:\Users\bizara\Desktop\Portal.lnk
[2009/05/15 04:12:48 | 00,000,583 | ---- | M] () -- C:\Users\bizara\Desktop\Left 4 Dead.lnk
[2009/05/15 04:12:39 | 00,000,591 | ---- | M] () -- C:\Users\bizara\Desktop\Team Fortress 2.lnk
[2009/05/13 17:15:27 | 00,306,031 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/05/12 19:15:43 | 00,000,720 | ---- | M] () -- C:\Users\bizara\Desktop\Dawn of War II.lnk
[2009/05/12 14:14:07 | 00,306,031 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090513-171527.backup
[2009/05/11 15:01:17 | 00,306,031 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090512-141407.backup
[2009/05/11 03:06:10 | 00,306,031 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090511-150117.backup
[2009/05/10 03:28:23 | 00,306,031 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20090511-030610.backup
[2009/05/10 03:23:51 | 00,001,065 | ---- | M] () -- C:\Users\bizara\Desktop\Spybot - Search & Destroy.lnk
[2009/05/09 23:11:08 | 00,136,088 | ---- | M] () -- C:\Users\bizara\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/05/09 23:08:15 | 00,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2009/05/09 22:37:22 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/05/07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/06 03:26:47 | 00,000,862 | ---- | M] () -- C:\Users\bizara\Desktop\mp3DirectCut.lnk
[2009/05/06 00:33:23 | 00,001,660 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2009/05/04 11:05:35 | 00,000,000 | ---- | M] () -- C:\Windows\System32\AclanProfile.xml
[2009/05/02 04:20:40 | 40,066,7237 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/04/30 11:52:37 | 00,001,745 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/04/29 17:23:33 | 00,721,904 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/04/28 00:57:34 | 00,000,603 | ---- | M] () -- C:\Users\bizara\Desktop\DMC 4 Trainer.lnk
[2009/04/28 00:57:30 | 00,000,570 | ---- | M] () -- C:\Users\bizara\Desktop\Devil May Cry 4.lnk
< End of report >

The problem happened again. I lost about 1GB but then got it back. I managed to grab a DDS log as it was happening, I'll attach both as I'm not sure if they will be helpful.

Hey Valkrys,

Can you attach the Gmer log because the link doesn't work.

I can't attach, it's 2 MB... Try the link again, I reuploaded. If it still doesn't work, I'll try somewhere else.

Okay got it now

It's clean, Valkrys!

Let's do some housekeeping

Please download OTCleanIt and save it to Desktop.

Make sure you have internet connection.

• Double-click OTCleanIt.exe
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes

Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Then go to Start > Run and type: Cleanmgr
• Click "OK".
• Click the "More Options" Tab.
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.

Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Tutorials on using these programs can be found below:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


That's it Valkrys, happy surfing!

Cheers,

m0le

Thanks, it's a load off my mind that this is nothing serious. I'll be sure to run that stuff. Any idea about the space thing, though? Is it just Vista doing crazy crap, do you think? If it is, that'll be one less thing to worry about. Thanks again for all your help!

You're welcome for the help, Valkrys.

As for the actual problem I can't think what might be happening. Vista certainly has problems with memory space from what I've read . it may be an idea to post a query on the Vista forum here. There's some very experienced members over there.

Since this issue appears to be resolved ... this topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.