Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wife thought she was a medic!


  • This topic is locked This topic is locked
2 replies to this topic

#1 RodSterling

RodSterling

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 26 December 2009 - 08:20 PM

about two weeks ago my system came down with antivirus live. my wife dl'ed maleware bytes to remove it. i think it conflicted with the avg free that was already installed. i also have superantispyware. now im lost at what to do. please help. ill posted a hijackthis, a otl log, and a otl etxra. Daniel

Logfile of Trend Micro HijackThis v2.0.2 number one
Scan saved at 17:20:49, on 12/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32ibmpmsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesThinkPadBluetooth Softwarebinbtwdins.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesIntelWiFibinS24EvMon.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32IPSSVC.EXE
C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesIntelWiFibinEvtEng.exe
C:Program FilesAVGAVG9avgnsx.exe
C:WINDOWSsystem32FsUsbExService.Exe
C:WINDOWSSystem32svchost.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32lxdccoms.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
C:WINDOWSsystem32TpKmpSVC.exe
C:Program FilesLenovoRescue and Recoveryrrpservice.exe
C:Program FilesLenovoRescue and Recoveryrrservice.exe
C:Program FilesCommon FilesLenovoSchedulertvtsched.exe
C:Program FilesLenovoRescue and RecoveryADMIUService.exe
C:Program FilesLenovoRescue and RecoveryUpdateMonitor.exe
c:WINDOWSsystem32ZuneBusEnum.exe
C:Program FilesThinkPadConnectUtilitiesAcSvc.exe
C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE
C:Program FilesThinkPadConnectUtilitiesSvcGuiHlpr.exe
C:Program FilesCommon FilesLenovoLoggerlogmon.exe
C:Program FilesLenovoRescue and Recoverylauncheg.exe
C:Program FilesCommon FilesLenovoInvAgentia.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32hkcmd.exe
C:PROGRA~1THINKV~1PrdCtrLPMGR.exe
C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe
C:WINDOWSsystem32igfxsrvc.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WINDOWSsystem32TpShocks.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:Program FilesLenovoClient Security Solutioncssauth.exe
C:Program FilesLenovoHOTKEYTPOSDSVC.exe
C:Program FilesLenovoAwayTaskAwaySch.EXE
C:Program FilesLENOVOMessage Center PlusMCPLaunch.exe
C:PROGRA~1AVGAVG9avgtray.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:WINDOWSvVX3000.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLenovoHOTKEYTPONSCR.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesLenovoZoomTpScrex.exe
C:Program FilesLenovoClient Security Solutiontvtpwm_tray.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Documents and SettingsdanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsdanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsdanMy DocumentsDownloadsOTL.exe
C:WINDOWSnotepad.exe
C:WINDOWSnotepad.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG9avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:Program FilesYahoo!CompanionInstallscpnYTSingleInstance.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:Program FilesPC-DoctorATLPcdToolbar544928.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [LPManager] C:PROGRA~1THINKV~1PrdCtrLPMGR.exe
O4 - HKLM..Run: [EZEJMNAP] C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
O4 - HKLM..Run: [TVT Scheduler Proxy] C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe
O4 - HKLM..Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [TP4EX] tp4ex.exe
O4 - HKLM..Run: [TpShocks] TpShocks.exe
O4 - HKLM..Run: [BLOG] rundll32 C:PROGRA~1ThinkPadUTILIT~1BatLogEx.DLL,StartBattLog
O4 - HKLM..Run: [PWRMGRTR] rundll32 C:PROGRA~1ThinkPadUTILIT~1PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM..Run: [TPKMAPHELPER] C:Program FilesThinkPadUtilitiesTpKmapAp.exe -helper
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [SoundMAX] C:Program FilesAnalog DevicesSoundMAXSmax4.exe /tray
O4 - HKLM..Run: [cssauth] "C:Program FilesLenovoClient Security Solutioncssauth.exe" silent
O4 - HKLM..Run: [TPHOTKEY] C:Program FilesLenovoHOTKEYTPOSDSVC.exe
O4 - HKLM..Run: [AwaySch] C:Program FilesLenovoAwayTaskAwaySch.EXE
O4 - HKLM..Run: [Message Center Plus] C:Program FilesLENOVOMessage Center PlusMCPLaunch.exe /start
O4 - HKLM..Run: [AVG9_TRAY] C:PROGRA~1AVGAVG9avgtray.exe
O4 - HKLM..Run: [VX3000] C:WINDOWSvVX3000.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKLM..PoliciesExplorerRun: [msoffice] C:DOCUME~1danLOCALS~1Tempscvhost.exe
O4 - HKUSS-1-5-18..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [DWQueuedReporting] "C:PROGRA~1COMMON~1MICROS~1DWdwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:Program FilesLenovoClient Security Solutiontvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:Program FilesLenovoClient Security Solutiontvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1182725347000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1191559918687
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} (VideoCaptureCtl Class) - http://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:Program FilesThinkPadConnectUtilitiesAcSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesThinkPadBluetooth Softwarebinbtwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:Program FilesIntelWiFibinEvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:WINDOWSsystem32FsUsbExService.Exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:WINDOWSsystem32ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:WINDOWSsystem32IPSSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:Program FilesCommon FilesLogitechBluetoothLBTServ.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:WINDOWSSystem32spoolDRIVERSW32X863lxdcserv.exe
O23 - Service: lxdc_device - - C:WINDOWSsystem32lxdccoms.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:Program FilesThinkPadUtilitiesPWMDBSVC.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:Program FilesIntelWiFibinS24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:Program FilesPC Connectivity SolutionServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:program fileslenovosystem updatesuservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:WINDOWSSystem32TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:WINDOWSsystem32TpKmpSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:Program FilesLenovoClient Security Solutiontvttcsd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:WINDOWSSystem32TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:WINDOWSSystem32TUProgSt.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:Program FilesLenovoRescue and Recoveryrrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:Program FilesLenovoRescue and Recoveryrrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:Program FilesCommon FilesLenovoSchedulertvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:Program FilesLenovoRescue and RecoveryADMIUService.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:Program FilesLenovoRescue and RecoveryUpdateMonitor.exe

--
End of file - 15446 bytes

OTL Extras logfile created on: 12/26/2009 5:04:43 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:Documents and SettingsdanMy DocumentsDownloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 55.89 Gb Total Space | 10.93 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.html [@ = htmlfile] -- C:Program FilesInternet ExplorerIEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERSS-1-5-21-1405602083-3247649472-3338307160-1009SOFTWAREClasses<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:Program FilesMicrosoft OfficeOffice12msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:Program FilesMicrosoft OfficeOffice12msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:Program FilesVideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- C:Program FilesFolder LockFolder Lock.exe %1 (NewSoftwares.net Inc.)
Directory [OneNote.Open] -- C:PROGRA~1MICROS~2Office12ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:Program FilesVideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Applicationsiexplore.exe [open] -- "C:Program FilesInternet ExplorerIEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:Program FilesInternet Exploreriexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileGloballyOpenPortsList]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10244:TCP" = 10244:TCP:LocalSubNet:Enabled:Zune Network Sharing Service
"10285:UDP" = 10285:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10286:UDP" = 10286:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10287:UDP" = 10287:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10288:UDP" = 10288:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"10289:UDP" = 10289:UDP:LocalSubNet:Enabled:Zune Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"4104:TCP" = 4104:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"2520:TCP" = 2520:TCP:*:Enabled:Akamai NetSession Interface
"1577:TCP" = 1577:TCP:*:Enabled:Akamai NetSession Interface
"1677:TCP" = 1677:TCP:*:Enabled:Akamai NetSession Interface
"1175:TCP" = 1175:TCP:*:Enabled:Akamai NetSession Interface
"2077:TCP" = 2077:TCP:*:Enabled:Akamai NetSession Interface
"1046:TCP" = 1046:TCP:*:Enabled:Akamai NetSession Interface
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
"C:Program FilesWindows LiveMessengerwlcsdk.exe" = C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
"C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE" = C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE" = C:Program FilesMicrosoft OfficeOffice12GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE" = C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:Documents and SettingsdanApplication DataMacromediaFlash Playerwww.macromedia.combinoctoshapeoctoshape.exe" = C:Documents and SettingsdanApplication DataMacromediaFlash Playerwww.macromedia.combinoctoshapeoctoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:Program FilesWindows LiveMessengerwlcsdk.exe" = C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:Program FilesVideoLANVLCvlc.exe" = C:Program FilesVideoLANVLCvlc.exe:*:Enabled:VLC media player -- ()
"C:Program FilesMicrosoft LifeCamLifeCam.exe" = C:Program FilesMicrosoft LifeCamLifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:Program FilesMicrosoft LifeCamLifeExp.exe" = C:Program FilesMicrosoft LifeCamLifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:Program FilesuTorrentuTorrent.exe" = C:Program FilesuTorrentuTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:Program FilesSamsungSamsung New PC Studionpsasvr.exe" = C:Program FilesSamsungSamsung New PC Studionpsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:Program FilesSamsungSamsung New PC Studionpsvsvr.exe" = C:Program FilesSamsungSamsung New PC Studionpsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:WINDOWSsystem32lxdccoms.exe" = C:WINDOWSsystem32lxdccoms.exe:*:Enabled:1300 Series Server -- ( )
"C:WINDOWSsystem32spooldriversw32x863lxdcpswx.exe" = C:WINDOWSsystem32spooldriversw32x863lxdcpswx.exe:*:Enabled: -- ()
"C:WINDOWSsystem32spooldriversw32x863lxdcjswx.exe" = C:WINDOWSsystem32spooldriversw32x863lxdcjswx.exe:*:Enabled: -- ()
"C:WINDOWSsystem32spooldriversw32x863lxdctime.exe" = C:WINDOWSsystem32spooldriversw32x863lxdctime.exe:*:Enabled: -- (Lexmark International, Inc.)
"C:Program FilesAVGAVG9avgupd.exe" = C:Program FilesAVGAVG9avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:Program FilesAVGAVG9avgnsx.exe" = C:Program FilesAVGAVG9avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}" = Lenovo Hard Drive Quick Test
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F98C9F8-9B49-411C-AFB9-AF633249FA7C}" = ThinkVantage Fingerprint Software 5.8
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A1ABB12D-047A-431C-AE12-024491E143F1}" = BurnAware Free Edition
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8D9CD8C-6349-4462-8340-BEEC1D3E7B0E}" = RepairSolutions
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = PRDCTR
"{CFE49BB1-B0FC-4EC3-B6A1-9A9FB5F43436}" = Specops Deploy Client Side Extension
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"4U Download YouTube Video_is1" = 4U Download YouTube Video (version 2.2.8)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AVG9Uninstall" = AVG Free 9.0
"AwayTask" = Maintenance Manager
"BurnAware Free Edition" = BurnAware Free Edition
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HandBrake" = HandBrake 0.9.3
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PeerGuardian_is1" = PeerGuardian 2.0
"Power Management Driver" = ThinkPad Power Management Driver
"PowerISO" = PowerISO
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"Remove Multimedia Center" = Remove Multimedia Center
"ResetDRM" = Windows Media DRM Reset
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TUGZip_is1" = TUGZip 3.4
"VLC media player" = VLC media player 1.0.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERSS-1-5-21-1405602083-3247649472-3338307160-1009SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"Folder Lock" = Folder Lock
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


OTL logfile created on: 12/26/2009 5:04:43 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:Documents and SettingsdanMy DocumentsDownloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 153.00 Mb Available Physical Memory | 15.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
Drive C: | 55.89 Gb Total Space | 10.93 Gb Free Space | 19.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAN
Current User Name: Dan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/26 17:03:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsdanMy DocumentsDownloadsOTL.exe
PRC - [2009/12/26 16:59:07 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:Program FilesTrend MicroHijackThisHijackThis.exe
PRC - [2009/12/11 13:03:15 | 02,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG9avgtray.exe
PRC - [2009/12/11 13:02:12 | 00,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG9avgrsx.exe
PRC - [2009/12/11 13:02:11 | 00,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG9avgnsx.exe
PRC - [2009/12/09 15:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:Documents and SettingsdanLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
PRC - [2009/12/03 16:14:00 | 01,394,000 | ---- | M] (Malwarebytes Corporation) -- C:Program FilesMalwarebytes' Anti-Malwarembam.exe
PRC - [2009/11/30 01:34:15 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSUPERAntiSpywareSUPERANTISPYWARE.EXE
PRC - [2009/11/04 06:26:59 | 01,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG9avgchsvx.exe
PRC - [2009/11/04 06:26:55 | 00,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG9avgcsrvx.exe
PRC - [2009/11/04 06:26:47 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG9avgwdsvc.exe
PRC - [2009/11/01 15:39:02 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:Program FilesJavajre6binjqs.exe
PRC - [2009/09/09 05:27:52 | 01,029,432 | ---- | M] (Lenovo Group Limited) -- C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe
PRC - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) -- c:Program FilesZuneZuneNss.exe
PRC - [2009/09/04 12:16:54 | 00,058,592 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32ZuneBusEnum.exe
PRC - [2009/05/27 21:09:36 | 00,049,976 | ---- | M] () -- C:Program FilesLenovoMessage Center PlusMCPLaunch.exe
PRC - [2009/03/05 08:12:00 | 00,185,632 | ---- | M] (Lenovo.) -- C:WINDOWSsystem32TpShocks.exe
PRC - [2009/02/19 08:34:32 | 00,233,472 | ---- | M] (Teruten) -- C:WINDOWSsystem32FsUsbExService.Exe
PRC - [2009/01/20 17:39:48 | 00,163,840 | ---- | M] (Lenovo ) -- C:Program FilesThinkPadConnectUtilitiesSvcGuiHlpr.exe
PRC - [2009/01/20 17:38:48 | 00,217,088 | ---- | M] (Lenovo ) -- C:Program FilesThinkPadConnectUtilitiesAcSvc.exe
PRC - [2009/01/20 17:38:36 | 00,098,304 | ---- | M] (Lenovo ) -- C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe
PRC - [2008/11/21 10:56:20 | 00,053,248 | ---- | M] () -- C:Program FilesThinkPadUtilitiesPWMDBSVC.exe
PRC - [2008/10/24 15:29:38 | 00,128,368 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoZOOMTpScrex.exe
PRC - [2008/10/09 17:05:16 | 00,360,448 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoRescue and RecoveryUpdateMonitor.exe
PRC - [2008/10/08 01:38:00 | 00,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:Program FilesThinkPadUtilitiesEZEJMNAP.EXE
PRC - [2008/10/06 10:14:18 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:Program FilesSynapticsSynTPSynTPLpr.exe
PRC - [2008/10/06 10:06:48 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:Program FilesSynapticsSynTPSynTPEnh.exe
PRC - [2008/09/30 16:37:28 | 00,068,976 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoHOTKEYTPOSDSVC.exe
PRC - [2008/09/29 10:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:WINDOWSsystem32ibmpmsvc.exe
PRC - [2008/08/20 15:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:Program FilesIntelWiFibinEvtEng.exe
PRC - [2008/08/20 15:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:Program FilesIntelWiFibinS24EvMon.exe
PRC - [2008/08/20 15:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
PRC - [2008/05/14 15:42:40 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe
PRC - [2008/05/14 15:42:30 | 01,155,072 | ---- | M] (Lenovo Group Limited) -- C:Program FilesCommon FilesLenovoSchedulertvtsched.exe
PRC - [2008/05/14 15:32:28 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoRescue and Recoveryrrservice.exe
PRC - [2008/05/14 15:25:12 | 00,520,192 | ---- | M] () -- C:Program FilesLenovoRescue and Recoveryrrpservice.exe
PRC - [2008/05/14 15:09:34 | 00,022,016 | ---- | M] () -- C:Program FilesCommon FilesLenovoLoggerlogmon.exe
PRC - [2008/05/14 15:07:04 | 00,057,344 | ---- | M] () -- C:Program FilesLenovoRescue and Recoverylauncheg.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe
PRC - [2008/03/24 14:41:22 | 00,067,432 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoHOTKEYTPONSCR.exe
PRC - [2007/08/15 14:07:44 | 00,252,440 | ---- | M] (Intel Corporation) -- C:WINDOWSsystem32igfxsrvc.exe
PRC - [2007/08/15 14:07:40 | 00,137,752 | ---- | M] (Intel Corporation) -- C:WINDOWSsystem32igfxpers.exe
PRC - [2007/08/15 14:07:32 | 00,162,328 | ---- | M] (Intel Corporation) -- C:WINDOWSsystem32hkcmd.exe
PRC - [2007/08/07 12:52:24 | 00,537,256 | ---- | M] ( ) -- C:WINDOWSsystem32lxdccoms.exe
PRC - [2007/08/03 15:42:08 | 00,927,032 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoClient Security Solutiontvtpwm_tray.exe
PRC - [2007/08/03 15:35:38 | 02,630,968 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoClient Security Solutioncssauth.exe
PRC - [2007/08/03 15:19:08 | 00,722,232 | ---- | M] (IBM) -- C:Program FilesLenovoClient Security Solutiontvttcsd.exe
PRC - [2007/07/11 19:14:16 | 00,032,768 | ---- | M] ( ) -- C:Program FilesCommon FilesLenovoInvAgentIA.exe
PRC - [2007/05/17 13:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft LifeCamMSCamS32.exe
PRC - [2007/04/27 02:10:00 | 00,120,368 | ---- | M] (Lenovo Group Limited) -- C:Program FilesThinkVantagePrdCtrLPMGR.EXE
PRC - [2007/04/10 13:46:48 | 00,709,992 | ---- | M] (Microsoft Corporation) -- C:WINDOWSvVX3000.exe
PRC - [2007/01/30 11:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:WINDOWSsystem32IPSSVC.EXE
PRC - [2007/01/07 19:09:26 | 00,045,056 | ---- | M] () -- C:Program FilesLenovoRescue and RecoveryADMIUService.exe
PRC - [2006/11/07 18:51:40 | 00,091,688 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoAwayTaskAwaySch.EXE
PRC - [2006/08/18 17:30:52 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:Program FilesThinkPadBluetooth Softwarebinbtwdins.exe
PRC - [2006/06/29 20:57:50 | 00,032,768 | ---- | M] () -- C:WINDOWSsystem32TpKmpSvc.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:Program FilesBonjourmDNSResponder.exe
PRC - [2005/05/20 08:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:Program FilesAnalog DevicesCoresmax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2009/12/26 17:03:53 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsdanMy DocumentsDownloadsOTL.exe
MOD - [2008/05/14 14:57:20 | 00,066,872 | ---- | M] (Lenovo Group Limited) -- C:Program FilesCommon FilesLenovotvt_think_res.dll
MOD - [2008/04/13 16:12:10 | 00,018,432 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32wtsapi32.dll
MOD - [2008/04/13 16:12:09 | 00,053,760 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32winsta.dll
MOD - [2008/04/13 09:37:57 | 00,208,384 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32rsaenh.dll
MOD - [2007/08/03 15:42:18 | 00,660,792 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoClient Security Solutiontvtpwm_windows_hook.dll
MOD - [2007/08/03 15:42:10 | 02,094,392 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoClient Security Solutiontvt_passwordmanager.dll
MOD - [2007/08/03 15:28:10 | 01,324,344 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoClient Security Solutioncss_dlgcustompolicy.dll
MOD - [2007/08/03 15:28:06 | 00,714,040 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoClient Security Solutioncss_banner.dll
MOD - [2007/08/03 15:28:04 | 05,211,448 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoClient Security Solutioncss_think_res.dll
MOD - [2007/08/03 15:27:46 | 01,910,072 | ---- | M] (Lenovo Group Limited) -- C:Program FilesLenovoClient Security Solutioncsswait.dll
MOD - [2007/08/03 15:27:42 | 00,800,056 | ---- | M] (Lenovo Group Limited) -- C:WINDOWSsystem32cssuserdatadispatcher.dll
MOD - [2007/08/03 15:19:10 | 00,664,888 | ---- | M] (Lenovo) -- C:WINDOWSsystem32tcsrpc.dll
MOD - [2007/08/03 15:19:06 | 00,386,360 | ---- | M] (Lenovo) -- C:WINDOWSsystem32tvttsp.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/04 06:26:47 | 00,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG9avgwdsvc.exe -- (avg9wd)
SRV - [2009/11/01 15:39:02 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:Program FilesJavajre6binjqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/10 23:49:09 | 00,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:WINDOWSsystem32TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/09/10 23:49:06 | 00,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:WINDOWSsystem32TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/09/09 05:27:52 | 01,029,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:Program FilesCommon FilesLenovotvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WINDOWSsystem32ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:Program FilesZuneZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 12:16:54 | 00,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:WINDOWSsystem32ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/07/15 10:48:20 | 00,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:WINDOWSsystem32uxtuneup.dll -- (UxTuneUp)
SRV - [2009/06/12 09:55:48 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- c:Program FilesLenovoSystem UpdateSUService.exe -- (SUService)
SRV - [2009/03/04 14:58:02 | 00,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:WINDOWSsystem32TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009/02/19 08:34:32 | 00,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:WINDOWSsystem32FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/01/20 17:38:48 | 00,217,088 | ---- | M] (Lenovo ) [Auto | Running] -- C:Program FilesThinkPadConnectUtilitiesAcSvc.exe -- (AcSvc)
SRV - [2009/01/20 17:38:36 | 00,098,304 | ---- | M] (Lenovo ) [Auto | Running] -- C:Program FilesThinkPadConnectUtilitiesAcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/11/21 10:56:20 | 00,053,248 | ---- | M] () [Auto | Running] -- C:Program FilesThinkPadUtilitiesPWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE -- (odserv)
SRV - [2008/10/25 10:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesMicrosoft OfficeOffice12GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/10/09 17:05:16 | 00,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:Program FilesLenovoRescue and RecoveryUpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/09/29 10:17:54 | 00,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:WINDOWSsystem32ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/08/20 15:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:Program FilesIntelWiFibinEvtEng.exe -- (EvtEng)
SRV - [2008/08/20 15:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:Program FilesIntelWiFibinS24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 15:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe -- (RegSrvc)
SRV - [2008/05/14 15:42:30 | 01,155,072 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:Program FilesCommon FilesLenovoSchedulertvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/14 15:32:28 | 00,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:Program FilesLenovoRescue and Recoveryrrservice.exe -- (TVT Backup Service)
SRV - [2008/05/14 15:25:12 | 00,520,192 | ---- | M] () [Auto | Running] -- C:Program FilesLenovoRescue and Recoveryrrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesLogitechBluetoothLBTServ.exe -- (LBTServ)
SRV - [2008/04/13 16:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:WINDOWSsystem32irmon.dll -- (Irmon)
SRV - [2008/04/07 08:17:30 | 00,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:Program FilesPC Connectivity SolutionServiceLayer.exe -- (ServiceLayer)
SRV - [2007/12/29 11:45:36 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/07 12:52:30 | 00,098,984 | ---- | M] () [Auto | Stopped] -- C:WINDOWSSystem32spoolDRIVERSW32X863lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV - [2007/08/07 12:52:24 | 00,537,256 | ---- | M] ( ) [Auto | Running] -- C:WINDOWSSystem32lxdccoms.exe -- (lxdc_device)
SRV - [2007/08/03 15:19:08 | 00,722,232 | ---- | M] (IBM) [Auto | Running] -- C:Program FilesLenovoClient Security Solutiontvttcsd.exe -- (TSSCoreService)
SRV - [2007/05/17 13:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft LifeCamMSCamS32.exe -- (MSCamSvc)
SRV - [2007/01/30 11:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:WINDOWSsystem32IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/07 19:09:26 | 00,045,056 | ---- | M] () [Auto | Running] -- C:Program FilesLenovoRescue and RecoveryADMIUService.exe -- (tvtnetwk)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE -- (ose)
SRV - [2006/08/18 17:30:52 | 00,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:Program FilesThinkPadBluetooth Softwarebinbtwdins.exe -- (btwdins)
SRV - [2006/06/29 20:57:50 | 00,032,768 | ---- | M] () [Auto | Running] -- C:WINDOWSsystem32TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:Program FilesBonjourmDNSResponder.exe -- (Bonjour Service)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU.DEFAULT.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKU.DEFAULT.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

IE - HKUS-1-5-18S-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKUS-1-5-18S-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local


IE - HKUS-1-5-20S-1-5-20SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKUS-1-5-21-1405602083-3247649472-3338307160-1009SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com/
IE - HKUS-1-5-21-1405602083-3247649472-3338307160-1009S-1-5-21-1405602083-3247649472-3338307160-1009SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0
IE - HKUS-1-5-21-1405602083-3247649472-3338307160-1009S-1-5-21-1405602083-3247649472-3338307160-1009SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = <local>
IE - HKUS-1-5-21-1405602083-3247649472-3338307160-1009S-1-5-21-1405602083-3247649472-3338307160-1009SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"


[2009/07/07 22:43:38 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataMozillaExtensions
[2008/10/06 02:08:57 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataMozillaFirefoxProfiles5ez5opsa.defaultextensions

O1 HOSTS File: (736 bytes) - C:WINDOWSsystem32driversetchosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG9avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:Program FilesYahoo!CompanionInstallscpnYTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM..Toolbar: (Lenovo ThinkVantage Toolbox) - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:Program FilesPC-DoctorATLPcdToolbar544928.dll (PC-Doctor, Inc.)
O3 - HKLM..Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM..Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll (Yahoo! Inc.)
O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKUS-1-5-21-1405602083-3247649472-3338307160-1009..ToolbarWebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKUS-1-5-21-1405602083-3247649472-3338307160-1009..ToolbarWebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKUS-1-5-21-1405602083-3247649472-3338307160-1009..ToolbarWebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..Run: [] File not found
O4 - HKLM..Run: [AVG9_TRAY] C:Program FilesAVGAVG9avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..Run: [AwaySch] C:Program FilesLenovoAwayTaskAwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..Run: [BLOG] C:Program FilesThinkPadUtilitiesBATLOGEX.DLL ()
O4 - HKLM..Run: [BluetoothAuthenticationAgent] C:WINDOWSSystem32bthprops.cpl (Microsoft Corporation)
O4 - HKLM..Run: [cssauth] C:Program FilesLenovoClient Security Solutioncssauth.exe (Lenovo Group Limited)
O4 - HKLM..Run: [EZEJMNAP] C:Program FilesThinkPadUtilitiesEZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe (Intel Corporation)
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe (Intel Corporation)
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] C:WINDOWSKHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..Run: [LPManager] C:Program FilesThinkVantagePrdCtrLPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..Run: [Message Center Plus] C:Program FilesLENOVOMessage Center PlusMCPLaunch.exe ()
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe (Intel Corporation)
O4 - HKLM..Run: [PWRMGRTR] C:Program FilesThinkPadUtilitiesPWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..Run: [SoundMAX] C:Program FilesAnalog DevicesSoundMAXSmax4.exe (Analog Devices, Inc.)
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..Run: [TP4EX] C:WINDOWSSystem32TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..Run: [TPHOTKEY] C:Program FilesLenovoHOTKEYTPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..Run: [TPKMAPHELPER] C:Program FilesThinkPadUtilitiesTpKmapAp.exe (Lenovo)
O4 - HKLM..Run: [TpShocks] C:WINDOWSSystem32TpShocks.exe (Lenovo.)
O4 - HKLM..Run: [TVT Scheduler Proxy] C:Program FilesCommon FilesLenovoSchedulerscheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..Run: [VX3000] C:WINDOWSvVX3000.exe (Microsoft Corporation)
O4 - HKU.DEFAULT..Run: [DWQueuedReporting] C:Program FilesCommon FilesMicrosoft SharedDWDWTRIG20.EXE (Microsoft Corporation)
O4 - HKUS-1-5-18..Run: [DWQueuedReporting] C:Program FilesCommon FilesMicrosoft SharedDWDWTRIG20.EXE (Microsoft Corporation)
O4 - HKUS-1-5-21-1405602083-3247649472-3338307160-1009..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoCDBurning = 0
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerrun: msoffice = C:DOCUME~1danLOCALS~1Tempscvhost.exe File not found
O7 - HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-21-1405602083-3247649472-3338307160-1009SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
O7 - HKUS-1-5-21-1405602083-3247649472-3338307160-1009SOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableProfileQuota = 1
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:Program FilesLenovoClient Security Solutiontvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:Program FilesMicrosoft OfficeOffice12ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:Program FilesMicrosoft OfficeOffice12REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:WINDOWSsystem32nwprovau.dll (Microsoft Corporation)
O15 - HKU.DEFAULT..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKUS-1-5-18..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKUS-1-5-21-1405602083-3247649472-3338307160-1009..Trusted Domains: 45 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1182725347000 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1191559918687 (MUWebControl Class)
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab (MJLauncherCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} http://videomessages.live.com/Portal/ClientBin/VCaptCtl.cab (VideoCaptureCtl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab (CBreakshotControl Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} http://messenger.zone.msn.com/binary/WoF.cab57176.cab (WheelofFortune Object)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.1
O18 - ProtocolHandlergrooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:Program FilesMicrosoft OfficeOffice12GrooveSystemServices.dll (Microsoft Corporation)
O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - ProtocolHandlerlivecall {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesWindows LiveMessengermsgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:Program FilesCommon FilesMicrosoft SharedHelphxds.dll (Microsoft Corporation)
O18 - ProtocolHandlermsnim {828030A1-22C1-4009-854F-8E305202313F} - C:Program FilesWindows LiveMessengermsgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - ProtocolHandlerwlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:Program FilesWindows LiveMailmailcomm.dll (Microsoft Corporation)
O18 - ProtocolFiltertext/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WINDOWSexplorer.exe (Microsoft Corporation)
O20 - WinlogonNotify!SASWinLogon: DllName - C:Program FilesSUPERAntiSpywareSASWINLO.DLL - C:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com)
O20 - WinlogonNotifyACNotify: DllName - ACNotify.dll - C:Program FilesThinkPadConnectUtilitiesACNotify.dll (Lenovo )
O20 - WinlogonNotifyavgrsstarter: DllName - avgrsstx.dll - C:WINDOWSSystem32avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - WinlogonNotifyigfxcui: DllName - igfxdev.dll - C:WINDOWSSystem32igfxdev.dll (Intel Corporation)
O20 - WinlogonNotifyLBTWlgn: DllName - c:program filescommon fileslogitechbluetoothLBTWlgn.dll - c:Program FilesCommon FilesLogitechBluetoothLBTWLgn.dll (Logitech, Inc.)
O20 - WinlogonNotifypsfus: DllName - C:Program FilesThinkVantage Fingerprint Softwarepsqlpwd.dll - C:Program FilesThinkVantage Fingerprint Softwarepsqlpwd.dll (UPEK Inc.)
O20 - WinlogonNotifytpfnf2: DllName - C:Program FilesLenovoHOTKEYnotifyf2.dll - C:Program FilesLenovoHOTKEYnotifyf2.dll ()
O20 - WinlogonNotifytphotkey: DllName - C:Program FilesLenovoHOTKEYtphklock.dll - C:Program FilesLenovoHOTKEYtphklock.dll (Lenovo Group Limited)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:Program FilesMicrosoft OfficeOffice12GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/21 15:22:24 | 00,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2{b05f30ad-fcbc-11dd-83f0-0015587d50e9}ShellAutoRuncommand - "" = .Encryption ToolMaxtorEncryption.exe
O33 - MountPoints2{fab8a1f2-bf73-11dd-83c9-0019d205235c}Shell - "" = AutoRun
O33 - MountPoints2{fab8a1f2-bf73-11dd-83c9-0019d205235c}ShellAutoRun - "" = Auto&Play
O33 - MountPoints2{fab8a1f2-bf73-11dd-83c9-0019d205235c}ShellAutoRuncommand - "" = F:LaunchU3.exe -- File not found
O33 - MountPoints2{fab8a1f5-bf73-11dd-83c9-0019d205235c}Shell - "" = AutoRun
O33 - MountPoints2{fab8a1f5-bf73-11dd-83c9-0019d205235c}ShellAutoRun - "" = Auto&Play
O33 - MountPoints2{fab8a1f5-bf73-11dd-83c9-0019d205235c}ShellAutoRuncommand - "" = E:LaunchU3.exe -- File not found
O33 - MountPoints2EShell - "" = AutoRun
O33 - MountPoints2EShellAutoRun - "" = Auto&Play
O33 - MountPoints2EShellAutoRuncommand - "" = E:MonopolyPBInstall.exe -- File not found
O33 - MountPoints2ZShell - "" = AutoRun
O33 - MountPoints2ZShellAutoRun - "" = Auto&Play
O33 - MountPoints2ZShellAutoRuncommand - "" = Z:SETUP.EXE -- File not found
O33 - MountPoints2ZShellconfigurecommand - "" = Z:SETUP.EXE -- File not found
O33 - MountPoints2ZShellinstallcommand - "" = Z:SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:WINDOWSsystem32ias [2008/03/10 02:14:24 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:WINDOWSsystem32irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:WINDOWSsystem32uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (51513369596788736)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/26 16:59:07 | 00,000,000 | ---D | C] -- C:Program FilesTrend Micro
[2009/12/24 06:23:14 | 00,000,000 | RH-D | C] -- C:Documents and SettingsdanRecent
[2009/12/23 21:50:48 | 00,000,000 | ---D | C] -- C:Documents and SettingsdanApplication DataAVG9
[2009/11/10 12:45:44 | 00,000,000 | ---D | M] -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataMicrosoft
[2009/11/10 12:45:43 | 00,000,000 | ---D | M] -- C:Documents and SettingsLocalServiceApplication DataOffice Genuine Advantage
[2009/11/10 12:45:41 | 00,000,000 | --SD | M] -- C:Documents and SettingsLocalServiceApplication DataMicrosoft
[2009/10/18 08:56:24 | 00,000,000 | ---D | M] -- C:Documents and SettingsNetworkServiceLocal SettingsApplication DataMicrosoft
[2009/08/11 06:17:17 | 00,000,000 | --SD | M] -- C:Documents and SettingsNetworkServiceApplication DataMicrosoft
[2009/04/09 20:30:10 | 00,000,000 | ---D | M] -- C:Documents and SettingsLocalServiceApplication DataAdobe
[2009/03/27 20:34:18 | 00,000,000 | ---D | M] -- C:Documents and SettingsLocalServiceApplication DataIntel
[2009/03/27 20:34:17 | 00,000,000 | ---D | M] -- C:Documents and SettingsNetworkServiceApplication DataIntel
[2009/02/13 10:57:45 | 00,000,000 | ---D | M] -- C:Documents and SettingsNetworkServiceApplication DataAvaya
[2008/10/03 13:39:47 | 00,413,696 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyinpa(6).dll
[2008/10/03 13:39:47 | 00,413,696 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyinpa(5).dll
[2008/10/03 13:39:47 | 00,413,696 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyinpa(4).dll
[2008/10/03 13:39:47 | 00,413,696 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyinpa(3).dll
[2008/10/03 13:39:47 | 00,413,696 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyinpa(2).dll
[2008/10/03 13:39:47 | 00,397,312 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyiesc(6).dll
[2008/10/03 13:39:47 | 00,397,312 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyiesc(5).dll
[2008/10/03 13:39:47 | 00,397,312 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyiesc(4).dll
[2008/10/03 13:39:47 | 00,397,312 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyiesc(3).dll
[2008/10/03 13:39:47 | 00,397,312 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyiesc(2).dll
[2008/10/03 13:39:46 | 00,995,328 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyusb1(6).dll
[2008/10/03 13:39:46 | 00,995,328 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyusb1(5).dll
[2008/10/03 13:39:46 | 00,995,328 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyusb1(4).dll
[2008/10/03 13:39:46 | 00,995,328 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyusb1(3).dll
[2008/10/03 13:39:46 | 00,995,328 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyusb1(2).dll
[2008/10/03 13:39:45 | 01,224,704 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyserv(6).dll
[2008/10/03 13:39:45 | 01,224,704 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyserv(5).dll
[2008/10/03 13:39:45 | 01,224,704 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyserv(4).dll
[2008/10/03 13:39:45 | 01,224,704 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyserv(3).dll
[2008/10/03 13:39:45 | 01,224,704 | ---- | C] ( ) -- C:WINDOWSSystem32lxcyserv(2).dll
[2008/10/03 13:39:43 | 00,585,728 | ---- | C] ( ) -- C:WINDOWSSystem32lxcylmpm(6).dll
[2008/10/03 13:39:43 | 00,585,728 | ---- | C] ( ) -- C:WINDOWSSystem32lxcylmpm(5).dll
[2008/10/03 13:39:43 | 00,585,728 | ---- | C] ( ) -- C:WINDOWSSystem32lxcylmpm(4).dll
[2008/10/03 13:39:43 | 00,585,728 | ---- | C] ( ) -- C:WINDOWSSystem32lxcylmpm(3).dll
[2008/10/03 13:39:43 | 00,585,728 | ---- | C] ( ) -- C:WINDOWSSystem32lxcylmpm(2).dll
[2008/09/26 15:00:13 | 00,000,000 | ---D | M] -- C:Documents and SettingsNetworkServiceLocal SettingsApplication DataPCHealth
[2007/12/29 14:17:24 | 00,000,000 | ---D | M] -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataAdobe
[2007/05/17 13:19:58 | 00,643,072 | ---- | C] ( ) -- C:WINDOWSSystem32lxdcpmui.dll
[2007/05/17 13:17:22 | 01,232,896 | ---- | C] ( ) -- C:WINDOWSSystem32lxdcserv.dll
[2007/05/17 13:11:48 | 00,425,984 | ---- | C] ( ) -- C:WINDOWSSystem32lxdccomm.dll
[2007/05/17 13:10:16 | 00,585,728 | ---- | C] ( ) -- C:WINDOWSSystem32lxdclmpm.dll
[2007/05/17 13:08:44 | 00,397,312 | ---- | C] ( ) -- C:WINDOWSSystem32lxdciesc.dll
[2007/05/17 13:07:52 | 00,094,208 | ---- | C] ( ) -- C:WINDOWSSystem32lxdcpplc.dll
[2007/05/17 13:07:02 | 00,684,032 | ---- | C] ( ) -- C:WINDOWSSystem32lxdccomc.dll
[2007/05/17 13:06:32 | 00,163,840 | ---- | C] ( ) -- C:WINDOWSSystem32lxdcprox.dll
[2007/05/17 12:59:50 | 00,413,696 | ---- | C] ( ) -- C:WINDOWSSystem32lxdcinpa.dll
[2007/05/17 12:58:46 | 00,999,424 | ---- | C] ( ) -- C:WINDOWSSystem32lxdcusb1.dll
[2007/05/17 12:53:20 | 00,700,416 | ---- | C] ( ) -- C:WINDOWSSystem32lxdchbn3.dll

========== Files - Modified Within 14 Days ==========

[2009/12/26 17:10:00 | 00,000,418 | -H-- | M] () -- C:WINDOWStasksUser_Feed_Synchronization-{D73879FA-A5A8-482C-BE32-9C6A73B2B56A}.job
[2009/12/26 17:00:08 | 00,000,482 | ---- | M] () -- C:WINDOWStasks1-Click Maintenance.job
[2009/12/26 16:59:08 | 00,001,734 | ---- | M] () -- C:Documents and SettingsdanDesktopHijackThis.lnk
[2009/12/26 16:42:01 | 00,000,970 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-1405602083-3247649472-3338307160-1009UA.job
[2009/12/26 15:16:28 | 47,100,714 | ---- | M] () -- C:WINDOWSSystem32driversAvgincavi.avm
[2009/12/26 15:13:21 | 00,000,236 | ---- | M] () -- C:WINDOWStasksOGALogon.job
[2009/12/26 15:13:17 | 00,002,206 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl
[2009/12/26 15:03:02 | 00,000,026 | ---- | M] () -- C:WINDOWSSystem32PROCDB.INI
[2009/12/26 15:02:17 | 00,000,380 | ---- | M] () -- C:WINDOWSSystem32IPSCtrl.INI
[2009/12/26 15:02:05 | 00,000,006 | -H-- | M] () -- C:WINDOWStasksSA.DAT
[2009/12/26 15:01:58 | 00,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat
[2009/12/26 08:32:23 | 00,127,917 | ---- | M] () -- C:WINDOWSSystem32driversAvgmicroavi.avg
[2009/12/26 08:06:11 | 00,000,178 | -HS- | M] () -- C:Documents and Settingsdanntuser.ini
[2009/12/25 18:15:25 | 00,000,340 | ---- | M] () -- C:WINDOWStasksSystemToolsDailyTest.job
[2009/12/25 05:27:46 | 06,381,806 | -H-- | M] () -- C:Documents and SettingsdanLocal SettingsApplication DataIconCache.db
[2009/12/24 13:42:26 | 00,000,918 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-1405602083-3247649472-3338307160-1009Core.job
[2009/12/24 06:08:17 | 00,001,548 | ---- | M] () -- C:Documents and SettingsdanDesktopCCleaner.lnk
[2009/12/23 22:04:35 | 00,000,296 | ---- | M] () -- C:WINDOWStasksPMTask.job
[2009/12/23 21:59:18 | 12,582,912 | ---- | M] () -- C:Documents and Settingsdanntuser.dat
[2009/12/20 10:00:02 | 00,000,528 | ---- | M] () -- C:WINDOWStasksPCDoctorBackgroundMonitorTask.job
[2009/12/19 05:03:59 | 00,001,005 | ---- | M] () -- C:Documents and SettingsdanDesktopShortcut to SUPERANTISPYWARE.lnk
[2009/12/16 07:32:47 | 00,002,268 | ---- | M] () -- C:Documents and SettingsdanDesktopGoogle Chrome.lnk

========== Files Created - No Company Name ==========

[2009/12/26 16:59:08 | 00,001,734 | ---- | C] () -- C:Documents and SettingsdanDesktopHijackThis.lnk
[2009/12/19 05:03:59 | 00,001,005 | ---- | C] () -- C:Documents and SettingsdanDesktopShortcut to SUPERANTISPYWARE.lnk
[2009/11/10 12:25:38 | 00,045,056 | ---- | C] () -- C:WINDOWSSystem32LXPRMON.DLL
[2009/11/10 12:25:38 | 00,032,768 | ---- | C] () -- C:WINDOWSSystem32LXPMONUI.DLL
[2009/08/30 19:31:03 | 00,071,680 | ---- | C] () -- C:WINDOWSSystem32driversiuxorpvnspesmnbv.sys
[2009/08/26 00:01:09 | 00,110,592 | ---- | C] () -- C:WINDOWSSystem32FsUsbExDevice.Dll
[2009/08/26 00:01:08 | 00,036,608 | ---- | C] () -- C:WINDOWSSystem32FsUsbExDisk.Sys
[2009/08/12 23:57:23 | 00,035,363 | ---- | C] () -- C:WINDOWSSystem32windrvNT.sys
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:WINDOWSSystem32OGACheckControl.dll
[2009/04/25 08:19:48 | 00,015,498 | ---- | C] () -- C:WINDOWSVX3000.ini
[2009/04/22 14:42:08 | 00,000,008 | ---- | C] () -- C:WINDOWSusrwiz.ini
[2009/04/17 18:00:13 | 00,000,022 | ---- | C] () -- C:WINDOWSmsnmsgr.exe.ini
[2009/03/11 12:01:18 | 00,000,062 | ---- | C] () -- C:WINDOWSMyProg.ini
[2009/02/16 20:37:39 | 00,848,712 | ---- | C] () -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat
[2009/02/13 10:37:32 | 00,004,224 | ---- | C] () -- C:WINDOWSSystem32driversIBMBLDID.sys
[2008/12/06 18:06:34 | 00,000,336 | ---- | C] () -- C:WINDOWSqawin32.INI
[2008/10/03 13:43:09 | 00,344,064 | ---- | C] () -- C:WINDOWSSystem32lxcycoin(6).dll
[2008/10/03 13:43:09 | 00,344,064 | ---- | C] () -- C:WINDOWSSystem32lxcycoin(5).dll
[2008/10/03 13:43:09 | 00,344,064 | ---- | C] () -- C:WINDOWSSystem32lxcycoin(4).dll
[2008/10/03 13:43:09 | 00,344,064 | ---- | C] () -- C:WINDOWSSystem32lxcycoin(3).dll
[2008/10/03 13:43:09 | 00,344,064 | ---- | C] () -- C:WINDOWSSystem32lxcycoin(2).dll
[2008/10/03 13:42:41 | 00,692,224 | ---- | C] () -- C:WINDOWSSystem32lxcydrs(5).dll
[2008/10/03 13:42:41 | 00,692,224 | ---- | C] () -- C:WINDOWSSystem32lxcydrs(4).dll
[2008/10/03 13:42:41 | 00,692,224 | ---- | C] () -- C:WINDOWSSystem32lxcydrs(3).dll
[2008/10/03 13:42:41 | 00,692,224 | ---- | C] () -- C:WINDOWSSystem32lxcydrs(2).dll
[2008/10/03 13:42:41 | 00,065,536 | ---- | C] () -- C:WINDOWSSystem32lxcycaps(5).dll
[2008/10/03 13:42:41 | 00,065,536 | ---- | C] () -- C:WINDOWSSystem32lxcycaps(4).dll
[2008/10/03 13:42:41 | 00,065,536 | ---- | C] () -- C:WINDOWSSystem32lxcycaps(3).dll
[2008/10/03 13:42:41 | 00,065,536 | ---- | C] () -- C:WINDOWSSystem32lxcycaps(2).dll
[2008/10/03 13:42:41 | 00,061,440 | ---- | C] () -- C:WINDOWSSystem32lxcycnv4(5).dll
[2008/10/03 13:42:41 | 00,061,440 | ---- | C] () -- C:WINDOWSSystem32lxcycnv4(4).dll
[2008/10/03 13:42:41 | 00,061,440 | ---- | C] () -- C:WINDOWSSystem32lxcycnv4(3).dll
[2008/10/03 13:42:41 | 00,061,440 | ---- | C] () -- C:WINDOWSSystem32lxcycnv4(2).dll
[2008/06/14 17:09:43 | 00,000,040 | -HS- | C] () -- C:Documents and SettingsAll UsersApplication Data.zreglib
[2008/06/07 06:13:32 | 00,009,728 | ---- | C] () -- C:WINDOWSSystem32BASSMOD.dll
[2008/06/02 23:32:01 | 00,039,936 | ---- | C] () -- C:WINDOWSSystem32rshx32.dll
[2008/06/02 23:31:53 | 00,015,744 | ---- | C] () -- C:WINDOWSSystem32driversserenum.sys
[2008/06/02 23:19:50 | 00,030,208 | ---- | C] () -- C:WINDOWSSystem32napipsec.dll
[2008/06/02 23:18:18 | 00,036,480 | ---- | C] () -- C:WINDOWSSystem32driversbthprint.sys
[2008/06/02 23:18:15 | 00,013,824 | ---- | C] () -- C:WINDOWSSystem32driversatinttxx.sys
[2008/06/01 23:28:17 | 00,000,000 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataN360BUOptions.ini
[2008/02/01 02:14:50 | 00,000,013 | ---- | C] () -- C:WINDOWSSystem32Urncb.dll
[2008/01/18 14:18:38 | 00,002,528 | ---- | C] () -- C:Documents and SettingsdanApplication Data$_hpcst$.hpc
[2008/01/09 14:01:48 | 00,000,453 | ---- | C] () -- C:WINDOWSbdoscandellang.ini
[2008/01/08 12:48:56 | 00,000,150 | ---- | C] () -- C:Documents and SettingsdanApplication Databurnaware.ini
[2007/12/29 16:39:42 | 00,110,592 | ---- | C] () -- C:WINDOWSSystem32suppdll.dll
[2007/12/01 12:57:47 | 02,115,816 | ---- | C] () -- C:WINDOWSSystem32NPSWF32.dll
[2007/12/01 12:41:12 | 00,000,126 | ---- | C] () -- C:Documents and SettingsdanLocal SettingsApplication Datafusioncache.dat
[2007/11/09 21:08:35 | 00,000,069 | ---- | C] () -- C:WINDOWSNeroDigital.ini
[2007/10/25 16:26:10 | 00,005,632 | ---- | C] () -- C:WINDOWSSystem32driversStarOpen.sys
[2007/10/11 13:09:20 | 00,001,751 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataQTSBandwidthCache
[2007/10/11 12:52:31 | 00,160,256 | ---- | C] () -- C:Documents and SettingsdanLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/05 04:17:00 | 00,009,343 | ---- | C] () -- C:WINDOWSSystem32driversTDSMAPI.SYS
[2007/10/04 06:27:15 | 00,204,800 | ---- | C] () -- C:WINDOWSSystem32igfxCoIn_v4860.dll
[2007/10/02 00:49:55 | 00,156,160 | ---- | C] () -- C:WINDOWSSystem32unrar3.dll
[2007/10/02 00:49:55 | 00,075,264 | ---- | C] () -- C:WINDOWSSystem32unacev2.dll
[2007/08/05 22:43:58 | 00,208,896 | ---- | C] () -- C:WINDOWSSystem32lxdcgrd.dll
[2007/06/25 14:03:22 | 00,007,817 | ---- | C] () -- C:WINDOWScfgall.ini
[2007/06/25 10:14:27 | 00,000,061 | ---- | C] () -- C:WINDOWSsmscfg.ini
[2007/06/25 08:29:19 | 00,000,376 | ---- | C] () -- C:WINDOWSODBC.INI
[2007/06/22 06:12:18 | 00,000,257 | ---- | C] () -- C:WINDOWSwininit.ini
[2007/06/22 05:40:40 | 00,045,056 | ---- | C] () -- C:WINDOWSSystem32FPCALL.dll
[2007/06/22 05:22:26 | 00,004,442 | ---- | C] () -- C:WINDOWSSystem32driversTPPWRIF.SYS
[2007/06/22 05:11:15 | 00,200,704 | ---- | C] () -- C:WINDOWSSystem32igfxCoIn_v4701.dll
[2007/06/22 05:00:12 | 00,028,672 | ---- | C] () -- C:WINDOWSSystem32notifyf2.dll
[2007/06/22 05:00:12 | 00,024,576 | ---- | C] () -- C:WINDOWSSystem32tphklock.dll
[2007/06/19 13:13:40 | 00,000,380 | ---- | C] () -- C:WINDOWSSystem32IPSCtrl.INI
[2007/03/28 13:16:44 | 00,344,064 | ---- | C] () -- C:WINDOWSSystem32lxdccoin.dll
[2007/02/26 19:34:34 | 00,204,800 | ---- | C] () -- C:WINDOWSSystem32igfxCoIn_v4785.dll
[2007/01/29 10:36:32 | 00,000,026 | ---- | C] () -- C:WINDOWSSystem32PROCDB.INI
[2006/09/05 13:20:36 | 00,079,400 | ---- | C] () -- C:WINDOWSSystem32DEVMAN.DLL
[2006/08/18 17:24:52 | 00,090,112 | ---- | C] () -- C:WINDOWSSystem32btprn2k.dll
[2006/06/14 08:27:20 | 00,000,000 | ---- | C] () -- C:WINDOWSSystem32px.ini
[2006/05/18 01:47:12 | 00,040,960 | ---- | C] () -- C:WINDOWSSystem32lxdcvs.dll
[2006/04/22 15:00:10 | 00,053,299 | ---- | C] () -- C:WINDOWSSystem32pthreadVC.dll
[2006/03/18 05:16:04 | 00,540,178 | ---- | C] () -- C:WINDOWSSystem32x264vfw.dll
[2006/02/28 04:00:00 | 00,101,888 | ---- | C] () -- C:WINDOWSSystem32actxprxy(2).dll
[2006/02/28 04:00:00 | 00,073,802 | ---- | C] () -- C:WINDOWSSystem32msrclr40.dll
[2006/02/28 04:00:00 | 00,071,680 | ---- | C] () -- C:WINDOWSSystem32iesetup.dll
[2006/02/28 04:00:00 | 00,063,232 | ---- | C] () -- C:WINDOWSSystem32driversnwlnknb.sys
[2006/02/28 04:00:00 | 00,029,696 | ---- | C] () -- C:WINDOWSSystem32mspatcha(3).dll
[2006/02/28 04:00:00 | 00,016,896 | ---- | C] () -- C:WINDOWSSystem32cfgmgr32(3).dll
[2006/02/28 04:00:00 | 00,007,680 | ---- | C] () -- C:WINDOWSSystem32mciole32.dll
[2006/02/28 04:00:00 | 00,006,144 | ---- | C] () -- C:WINDOWSSystem32kbdusl.dll
[2006/02/28 04:00:00 | 00,005,632 | ---- | C] () -- C:WINDOWSSystem32security(3).dll
[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:WINDOWSSystem32BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:WINDOWSSystem32btcss.dll.manifest
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:WINDOWSSystem32lcppn21.dll
[1997/06/13 17:56:08 | 00,056,832 | ---- | C] () -- C:WINDOWSSystem32iyvu9_32.dll
[1996/04/03 11:33:26 | 00,005,248 | ---- | C] () -- C:WINDOWSSystem32giveio.sys

========== LOP Check ==========

[2009/08/05 22:32:09 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data@AvgDatadir
[2008/12/08 02:17:59 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAlawar Stargaze
[2009/12/26 15:08:28 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Dataavg9
[2009/02/27 19:22:19 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataDivoGames
[2009/07/02 23:59:53 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataDownloaded Installations
[2009/11/11 09:31:36 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataeFax Messenger 4.4 Output
[2008/12/06 17:42:59 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataGeek Squad
[2008/03/25 13:13:42 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataGrisoft
[2008/11/17 03:12:00 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataHipSoft
[2009/03/19 15:24:48 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataInnova Electronics Corp
[2009/06/15 12:05:37 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataLenovo
[2008/03/17 03:09:36 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataMaxtor
[2009/11/03 09:20:59 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataMerscom
[2009/04/17 18:00:08 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataMumboJumbo
[2008/05/16 23:49:08 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataMythPeople
[2009/08/26 00:02:54 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPC Suite
[2009/11/24 05:45:27 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCDr
[2009/03/28 20:34:27 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DatapixelStorm
[2009/03/14 17:14:23 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPlayPond
[2008/05/16 23:52:19 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datarionix
[2008/12/20 23:20:41 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSandlot Games
[2008/09/16 02:51:01 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSlapdash Games
[2008/07/12 13:10:43 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSlySoft
[2009/07/17 11:16:05 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataSpinTop Games
[2009/02/05 08:18:14 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP
[2009/09/10 23:48:32 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTuneUp Software
[2007/10/05 04:24:24 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUIB
[2008/01/11 21:39:08 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataViewpoint
[2008/01/08 12:44:11 | 00,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{299A4764-43F6-4187-8CA5-672EB6C4D431}
[2009/09/10 23:47:46 | 00,000,000 | -HSD | M] -- C:Documents and SettingsAll UsersApplication Data{55A29068-F2CE-456C-9148-C869879E2357}
[2009/11/03 09:25:14 | 00,000,000 | -HSD | M] -- C:Documents and SettingsdanApplication Data.#
[2008/02/16 19:39:37 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication Data.BitTornado
[2008/07/25 20:33:21 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataAltrixSoft
[2009/04/04 08:17:36 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataAvaya
[2009/12/23 21:50:49 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataAVG9
[2009/07/07 22:43:33 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataBlackbird
[2008/08/29 22:44:15 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataBWMeterPro
[2007/12/27 22:57:03 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataCoreCodec
[2008/06/07 06:17:21 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataDesktop Mechanic
[2009/06/15 12:05:23 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataDownloaded Installations
[2009/03/13 14:47:55 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataFairyTale
[2007/10/23 00:23:46 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataForgottenRiddles
[2008/12/12 01:56:25 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataGameHouse
[2007/10/27 22:32:30 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataGamelab
[2008/10/06 02:09:12 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataHoyle
[2008/10/06 02:09:12 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataHoyle FaceCreator
[2007/10/09 01:49:51 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataInterVideo
[2009/11/11 09:26:46 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication Dataj2 Global
[2009/07/18 12:07:40 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataJumping Bytes
[2007/10/26 04:55:26 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataLeadertech
[2007/10/05 06:43:38 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataLenovo
[2009/08/26 00:02:51 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataPC Suite
[2009/07/17 11:08:56 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataPopCapv1002
[2009/07/17 10:29:14 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataPopCapv1005eni
[2009/08/26 00:00:16 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataSamsung
[2009/08/20 12:17:41 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataSMSServant
[2009/09/10 23:49:01 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataTuneUp Software
[2008/12/31 04:46:10 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataURSoft
[2009/12/16 13:44:28 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DatauTorrent
[2008/09/09 12:21:49 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataValuSoft
[2008/01/11 21:39:30 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataViewpoint
[2008/08/29 22:23:57 | 00,000,000 | ---D | M] -- C:Documents and SettingsdanApplication DataWindows Search
[2007/10/01 11:48:04 | 00,000,000 | ---D | M] -- C:Documents and SettingsdomanApplication Data.BitTornado
[2007/10/03 08:05:26 | 00,000,000 | ---D | M] -- C:Documents and SettingsdomanApplication DataGrisoft
[2007/10/04 11:57:30 | 00,000,000 | ---D | M] -- C:Documents and SettingsdomanApplication DataInterVideo
[2007/10/05 06:48:08 | 00,000,000 | ---D | M] -- C:Documents and SettingsdomanApplication DataLenovo
[2007/06/25 09:33:18 | 00,000,000 | ---D | M] -- C:Documents and SettingsdomanApplication DataOfficeUpdate12
[2009/02/13 10:57:45 | 00,000,000 | ---D | M] -- C:Documents and SettingsNetworkServiceApplication DataAvaya
[2009/12/26 17:00:08 | 00,000,482 | ---- | M] () -- C:WINDOWSTasks1-Click Maintenance.job
[2009/12/26 15:13:21 | 00,000,236 | ---- | M] () -- C:WINDOWSTasksOGALogon.job
[2009/12/20 10:00:02 | 00,000,528 | ---- | M] () -- C:WINDOWSTasksPCDoctorBackgroundMonitorTask.job
[2009/12/23 22:04:35 | 00,000,296 | ---- | M] () -- C:WINDOWSTasksPMTask.job
[2009/12/25 18:15:25 | 00,000,340 | ---- | M] () -- C:WINDOWSTasksSystemToolsDailyTest.job
[2009/12/26 17:10:00 | 00,000,418 | -H-- | M] () -- C:WINDOWSTasksUser_Feed_Synchronization-{D73879FA-A5A8-482C-BE32-9C6A73B2B56A}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:WINDOWSServicePackFilesi386agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:WINDOWSsystem32driversagp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSServicePackFilesi386atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:WINDOWSsystem32driversatapi.sys
[2006/02/28 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:WINDOWSsystem32ReinstallBackups0007DriverFilesi386atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:WINDOWSServicePackFilesi386eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:WINDOWSsystem32eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/11/03 17:56:40 | 00,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:Program FilesLenovoSystem Updatesession7zim57wwIaStor.sys
[2009/12/16 21:01:35 | 00,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:WINDOWSsystem32driversiaStor.sys
[2006/09/07 12:53:22 | 00,874,624 | ---- | M] (Intel Corporation) MD5=865FEC2D85069FD180EA75049829A7A2 -- C:WINDOWSOemDiriaStor.sys
[2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:Program FilesLenovoSystem Updatesession7kim06wwiastor.sys
[2007/02/12 12:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:WINDOWSsystem32ReinstallBackups0025DriverFilesiaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:WINDOWSServicePackFilesi386netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:WINDOWSsystem32netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:WINDOWSServicePackFilesi386scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:WINDOWSsystem32scecli.dll

< %systemroot%*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:D1B5B4F1
@Alternate Data Stream - 145 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:DFC5A2B2
@Alternate Data Stream - 137 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:B3D74A13
@Alternate Data Stream - 126 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:DE1CB356
@Alternate Data Stream - 123 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:0D786AE3
< End of report >

Merged 3 posts. ~ OB

Edited by Orange Blossom, 26 December 2009 - 08:37 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:31 PM

Posted 06 January 2010 - 04:05 PM

Hello ,
And :( to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log
Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.


Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:31 PM

Posted 14 January 2010 - 01:05 PM

Due to lack of activity this topic is now closed.

If you are the original topic starter and you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users