Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    New Technique Recycles Exploit Chain to Keep Antivirus Silent

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Re-Infected w/Trojan.Dropper and Trojan.FakeAlert.N

Started by lost2pc , Apr 20 2010 05:40 PM

  • This topic is locked This topic is locked
82 replies to this topic

#1 lost2pc

lost2pc

  • Members
  • 117 posts
  • OFFLINE
    •  
  • Local time:07:46 AM

Posted 20 April 2010 - 05:40 PM

Hi,

I had a previous Max++ infection and worked with Random Random to get resolved [see embedded link:
http://www.bleepingcomputer.com/forums/topic253441-60.html ]

Then on January 2010 I had a similar re-occurrence on 1-22. Luckily mbam.exe was able to remove 4 Trojans in safe mode, however all my icons for all Word files/and documents, as well the Adobe icons have been stripped from all my documents and I have not been able to get them back.

Now my Java Auto Updater will not update . Last successful update was 1/17/2010. When the update tries to update i get "Error 1714 Older version of Java 6 update 20 cannot be removed contact tech support.
- when I go to the Add/Remove programs in Control panel and try to remove Jave 6 update 18 - error message is "file is corrupt". Then I try to remove Java 5 update 6 and I receive a message "please Uninstall thru Add/Remove program Utility 5.0 Update 6 Add/Remove Fatal Error"
- I then ran 'regedit' and removed ‘jre1.6.0_11-c.msi’ tried to re-install Java but no luck.

Please help me - since apparently the last rootkit infection came thru backdoor left open from outdated Java security.

Thanks

EDIT: Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP

Title was: GMER & DDS Logs will not Upload Trojan.Dropper and Trojan.FakeAlert.N, Trojan possible re-infection from Rootkit affecting Java Updater, Do Not Know How to Remove - Upload failed. The file was larger than t ~ OB

Hi, GMER & DDS Logs will not upload - keep getting error: Error Upload failed. Manage Current Attachments (0) The file was larger than the available space [] But files are only 103K and 13K each??? See copy and paste of logs

I had a previous Max++ infection and worked with Random Random to get resolved [see embedded link:
http://www.bleepingcomputer.com/forums/topic253441-60.html ]

Then on January 2010 I had a similar re-occurrence on 1-22. Luckily mbam.exe was able to remove 4 Trojans in safe mode, however all my icons for all Word files/and documents, as well the Adobe icons have been stripped from all my documents and I have not been able to get them back.

Now my Java Auto Updater will not update . Last successful update was 1/17/2010. When the update tries to update i get "Error 1714 Older version of Java 6 update 20 cannot be removed contact tech support.
- when I go to the Add/Remove programs in Control panel and try to remove Jave 6 update 18 - error message is "file is corrupt". Then I try to remove Java 5 update 6 and I receive a message "please Uninstall thru Add/Remove program Utility 5.0 Update 6 Add/Remove Fatal Error"
- I then ran 'regedit' and removed ‘jre1.6.0_11-c.msi’ tried to re-install Java but no luck.

Please help me - since apparently the last rootkit infection came thru backdoor left open from outdated Java security.

Thanks so much for your help.
+++++++++++++++++++++++++++++++++++++


DDS (Ver_10-03-17.01) - NTFSx86
Run by Michelle Ledgister at 18:45:27.85 on Tue 04/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.229 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100419-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\WINDOWS\system32\tp4serv.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\PROGRA~1\THINKV~1\AMSG\amsg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Michelle Ledgister\My Documents\Downloads\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.onlineregister.com/lenovo/?PAGE=thx&LANG=EN&CTRY=United%20States&MODL=76508DU&PRNM=Lenovo&SRNM=L3G5291
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [HijackThis startup scan] c:\documents and settings\michelle ledgister\desktop\HijackThis.exe /startupscan
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TrackPointSrv] tp4serv.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [AMSG] c:\progra~1\thinkv~1\amsg\amsg.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234980431625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michel~1\applic~1\mozilla\firefox\profiles\o9t859ov.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\michelle ledgister\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-8-22 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [2009-8-22 27656]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-3 114768]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 214024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-3 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-3 138680]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-3 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-3 352920]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-5-10 22832]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S2 CSIScanner;CSIScanner;"c:\program files\prevx\prevx.exe" /service --> c:\program files\prevx\prevx.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-2 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-2 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-2 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-2 40552]

=============== Created Last 30 ================


==================== Find3M ====================

2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 12:31:30 454016 ------w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 12:31:30 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 15:57:54 2063744 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 17:37:57 2186880 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 17:35:40 2143744 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 17:35:40 2143744 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 16:57:54 2021888 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 16:57:54 2021888 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:36:09 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:36:09 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 11:08:25 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2009-08-23 16:07:22 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2007-11-15 07:36:28 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2007-12-12 12:58:49 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007121220071213\index.dat

============= FINISH: 18:46:19.39 ===============


DDS Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/12/2007 8:07:47 AM
System Uptime: 4/20/2010 3:17:03 PM (3 hours ago)

Motherboard: LENOVO | | 76508DU
Processor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz | None | 1496/167mhz
Processor: Intel® Core™2 Duo CPU T5250 @ 1.50GHz | None | 1496/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 69 GiB total, 44.508 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP299: 3/19/2010 12:48:58 PM - Software Distribution Service 3.0
RP300: 3/19/2010 8:00:22 PM - Software Distribution Service 3.0
RP301: 3/20/2010 8:00:18 PM - Software Distribution Service 3.0
RP302: 3/21/2010 8:00:27 PM - Software Distribution Service 3.0
RP303: 3/22/2010 3:25:22 AM - Software Distribution Service 3.0
RP304: 3/22/2010 8:00:18 PM - Software Distribution Service 3.0
RP305: 3/23/2010 8:00:20 PM - Software Distribution Service 3.0
RP306: 3/24/2010 2:16:06 AM - Software Distribution Service 3.0
RP307: 3/24/2010 8:00:19 PM - Software Distribution Service 3.0
RP308: 3/25/2010 2:55:15 AM - Software Distribution Service 3.0
RP309: 3/25/2010 8:00:34 PM - Software Distribution Service 3.0
RP310: 3/26/2010 8:00:21 PM - Software Distribution Service 3.0
RP311: 3/27/2010 8:38:44 PM - Software Distribution Service 3.0
RP312: 3/28/2010 8:00:23 PM - Software Distribution Service 3.0
RP313: 3/29/2010 2:51:39 AM - Software Distribution Service 3.0
RP314: 3/29/2010 8:00:22 PM - Software Distribution Service 3.0
RP315: 3/30/2010 3:01:45 AM - Software Distribution Service 3.0
RP316: 3/30/2010 10:16:30 PM - Software Distribution Service 3.0
RP317: 3/31/2010 3:36:27 AM - Software Distribution Service 3.0
RP318: 3/31/2010 8:00:27 PM - Software Distribution Service 3.0
RP319: 4/1/2010 5:26:08 AM - Software Distribution Service 3.0
RP320: 4/1/2010 8:00:23 PM - Software Distribution Service 3.0
RP321: 4/2/2010 8:00:22 PM - Software Distribution Service 3.0
RP322: 4/3/2010 8:00:20 PM - Software Distribution Service 3.0
RP323: 4/4/2010 3:30:30 AM - Software Distribution Service 3.0
RP324: 4/4/2010 8:00:19 PM - Software Distribution Service 3.0
RP325: 4/5/2010 3:57:55 AM - Software Distribution Service 3.0
RP326: 4/5/2010 8:00:23 PM - Software Distribution Service 3.0
RP327: 4/6/2010 1:59:27 AM - Software Distribution Service 3.0
RP328: 4/6/2010 8:00:23 PM - Software Distribution Service 3.0
RP329: 4/7/2010 4:15:23 AM - Software Distribution Service 3.0
RP330: 4/7/2010 8:00:22 PM - Software Distribution Service 3.0
RP331: 4/8/2010 4:41:29 AM - Software Distribution Service 3.0
RP332: 4/8/2010 8:00:22 PM - Software Distribution Service 3.0
RP333: 4/9/2010 3:02:47 AM - Software Distribution Service 3.0
RP334: 4/9/2010 8:00:31 PM - Software Distribution Service 3.0
RP335: 4/10/2010 3:06:51 AM - Software Distribution Service 3.0
RP336: 4/10/2010 8:00:18 PM - Software Distribution Service 3.0
RP337: 4/11/2010 3:48:31 AM - Software Distribution Service 3.0
RP338: 4/11/2010 8:00:24 PM - Software Distribution Service 3.0
RP339: 4/12/2010 7:29:40 AM - Software Distribution Service 3.0
RP340: 4/12/2010 8:00:19 PM - Software Distribution Service 3.0
RP341: 4/13/2010 2:58:06 AM - Software Distribution Service 3.0
RP342: 4/14/2010 1:54:00 PM - System Checkpoint
RP343: 4/14/2010 8:00:19 PM - Software Distribution Service 3.0
RP344: 4/15/2010 3:07:30 AM - Software Distribution Service 3.0
RP345: 4/15/2010 8:00:22 PM - Software Distribution Service 3.0
RP346: 4/16/2010 4:44:54 AM - Software Distribution Service 3.0
RP347: 4/16/2010 8:00:19 PM - Software Distribution Service 3.0
RP348: 4/17/2010 6:02:08 AM - Software Distribution Service 3.0
RP349: 4/17/2010 8:36:46 PM - Software Distribution Service 3.0
RP350: 4/18/2010 2:30:51 AM - Software Distribution Service 3.0
RP351: 4/18/2010 8:00:22 PM - Software Distribution Service 3.0
RP352: 4/19/2010 6:08:56 AM - Software Distribution Service 3.0
RP353: 4/19/2010 8:00:20 PM - Software Distribution Service 3.0
RP354: 4/20/2010 8:44:08 AM - Software Distribution Service 3.0

==== Installed Programs ======================


Access Help
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8
Adobe Shockwave Player 11
avast! Antivirus
CCleaner
Client Security Solution
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
Diskeeper Lite
Garmin Communicator Plugin
Garmin USB Drivers
HDAUDIO Soft Data Fax Modem with SmartCP
Help Center
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB889816)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894686)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB898456)
Hotfix for Windows XP (KB903250)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB916189)
Hotfix for Windows XP (KB917332)
Hotfix for Windows XP (KB918005)
Hotfix for Windows XP (KB918837)
Hotfix for Windows XP (KB923293)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Hotfix for Windows XP (KB929120)
Hotfix for Windows XP (KB935192)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Integrated Camera
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
InterVideo WinDVD Creator 3
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java™ 6 Update 18
Maintenance Manager
Malwarebytes' Anti-Malware
mCore
mDriver
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft Office Small Business Connectivity Components
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
mMHouse
Move Media Player
Mozilla Firefox (3.5.9)
Mozilla Thunderbird (2.0.0.23)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
MSXML 6 Service Pack 2 (KB973686)
mWlsSafe
On Screen Display
PC-Doctor 5 for Windows
Picasa 3
Presentation Director
Productivity Center Supplement for ThinkPad
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Skype web features
Skypeâ„¢ 4.1
Sonic DLA
Sonic Express Labeler
Sonic Icons for Lenovo
Sonic Update Manager
SpywareBlaster 4.2
System Migration Assistant
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad PC Card Power Policy
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 0.9.8a
Wallpapers
WebFldrs XP
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883517
Windows XP Hotfix - KB883523
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB884868
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885894
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889315
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB896613
XP Themes

==== Event Viewer Messages From Past Week ========

4/18/2010 2:31:37 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update for Windows 2000, Windows Server 2003, and Windows XP (KB974417).
4/18/2010 2:31:31 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for SQL Server 2000 Service Pack 4 (KB960082).
4/18/2010 2:31:15 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.
4/18/2010 2:31:11 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET Framework Assistant 1.0 x86 (KB963707).
4/18/2010 2:31:05 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
4/18/2010 1:42:56 AM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
4/16/2010 1:46:55 PM, error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: The system cannot find the path specified.
4/14/2010 1:56:30 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001CBF2CD2DF. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

==== End Of File ===========================


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-20 19:42:24
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\MICHEL~1\LOCALS~1\Temp\pweorfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0x9C2E96B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0x9C2E9574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0x9C2E9A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x9C2E914C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0x9C2E964E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x9C2E908C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x9C2E90F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0x9C2E976E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0x9C2E972E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0x9C2E98AE]
SSDT pxsec.sys (Prevx Realtime Analysis/Prevx) ZwTerminateProcess [0xF761F680]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Fastfat \Fat 9A7F8C8A
Device \FileSystem\Fastfat \Fat 9A80838A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Files - GMER 1.0.15 ----

File C:\RRbackups\C 0 bytes
File C:\RRbackups\C\0 0 bytes
File C:\RRbackups\C\0\Data27 50003968 bytes
File C:\RRbackups\C\0\Data46 50003968 bytes
File C:\RRbackups\C\0\Data65 50003968 bytes
File C:\RRbackups\C\0\Data84 50003968 bytes
File C:\RRbackups\C\0\Data0 50003968 bytes
File C:\RRbackups\C\0\Data1 50003968 bytes
File C:\RRbackups\C\0\Data10 50003968 bytes
File C:\RRbackups\C\0\Data100 50003968 bytes
File C:\RRbackups\C\0\Data101 50003968 bytes
File C:\RRbackups\C\0\Data102 32493298 bytes
File C:\RRbackups\C\0\Data11 50003968 bytes
File C:\RRbackups\C\0\Data12 50003968 bytes
File C:\RRbackups\C\0\Data13 50003968 bytes
File C:\RRbackups\C\0\Data14 50003968 bytes
File C:\RRbackups\C\0\Data15 50003968 bytes
File C:\RRbackups\C\0\Data16 50003968 bytes
File C:\RRbackups\C\0\Data17 50003968 bytes
File C:\RRbackups\C\0\Data18 50003968 bytes
File C:\RRbackups\C\0\Data19 50003968 bytes
File C:\RRbackups\C\0\Data2 50003968 bytes
File C:\RRbackups\C\0\Data20 50003968 bytes
File C:\RRbackups\C\0\Data21 50003968 bytes
File C:\RRbackups\C\0\Data22 50003968 bytes
File C:\RRbackups\C\0\Data23 50003968 bytes
File C:\RRbackups\C\0\Data24 50003968 bytes
File C:\RRbackups\C\0\Data25 50003968 bytes
File C:\RRbackups\C\0\Data26 50003968 bytes
File C:\RRbackups\C\0\Data28 50003968 bytes
File C:\RRbackups\C\0\Data29 50003968 bytes
File C:\RRbackups\C\0\Data3 50003968 bytes
File C:\RRbackups\C\0\Data30 50003968 bytes
File C:\RRbackups\C\0\Data31 50003968 bytes
File C:\RRbackups\C\0\Data32 50003968 bytes
File C:\RRbackups\C\0\Data33 50003968 bytes
File C:\RRbackups\C\0\Data34 50003968 bytes
File C:\RRbackups\C\0\Data35 50003968 bytes
File C:\RRbackups\C\0\Data36 50003968 bytes
File C:\RRbackups\C\0\Data37 50003968 bytes
File C:\RRbackups\C\0\Data38 50003968 bytes
File C:\RRbackups\C\0\Data39 50003968 bytes
File C:\RRbackups\C\0\Data4 50003968 bytes
File C:\RRbackups\C\0\Data40 50003968 bytes
File C:\RRbackups\C\0\Data41 50003968 bytes
File C:\RRbackups\C\0\Data42 50003968 bytes
File C:\RRbackups\C\0\Data43 50003968 bytes
File C:\RRbackups\C\0\Data44 50003968 bytes
File C:\RRbackups\C\0\Data45 50003968 bytes
File C:\RRbackups\C\0\Data47 50003968 bytes
File C:\RRbackups\C\0\Data48 50003968 bytes
File C:\RRbackups\C\0\Data49 50003968 bytes
File C:\RRbackups\C\0\Data5 50003968 bytes
File C:\RRbackups\C\0\Data50 50003968 bytes
File C:\RRbackups\C\0\Data51 50003968 bytes
File C:\RRbackups\C\0\Data52 50003968 bytes
File C:\RRbackups\C\0\Data53 50003968 bytes
File C:\RRbackups\C\0\Data54 50003968 bytes
File C:\RRbackups\C\0\Data55 50003968 bytes
File C:\RRbackups\C\0\Data56 50003968 bytes
File C:\RRbackups\C\0\Data57 50003968 bytes
File C:\RRbackups\C\0\Data58 50003968 bytes
File C:\RRbackups\C\0\Data59 50003968 bytes
File C:\RRbackups\C\0\Data6 50003968 bytes
File C:\RRbackups\C\0\Data60 50003968 bytes
File C:\RRbackups\C\0\Data61 50003968 bytes
File C:\RRbackups\C\0\Data62 50003968 bytes
File C:\RRbackups\C\0\Data63 50003968 bytes
File C:\RRbackups\C\0\Data64 50003968 bytes
File C:\RRbackups\C\0\Data66 50003968 bytes
File C:\RRbackups\C\0\Data67 50003968 bytes
File C:\RRbackups\C\0\Data68 50003968 bytes
File C:\RRbackups\C\0\Data69 50003968 bytes
File C:\RRbackups\C\0\Data7 50003968 bytes
File C:\RRbackups\C\0\Data70 50003968 bytes
File C:\RRbackups\C\0\Data71 50003968 bytes
File C:\RRbackups\C\0\Data72 50003968 bytes
File C:\RRbackups\C\0\Data73 50003968 bytes
File C:\RRbackups\C\0\Data74 50003968 bytes
File C:\RRbackups\C\0\Data75 50003968 bytes
File C:\RRbackups\C\0\Data76 50003968 bytes
File C:\RRbackups\C\0\Data77 50003968 bytes
File C:\RRbackups\C\0\Data78 50003968 bytes
File C:\RRbackups\C\0\Data79 50003968 bytes
File C:\RRbackups\C\0\Data8 50003968 bytes
File C:\RRbackups\C\0\Data80 50003968 bytes
File C:\RRbackups\C\0\Data81 50003968 bytes
File C:\RRbackups\C\0\Data82 50003968 bytes
File C:\RRbackups\C\0\Data83 50003968 bytes
File C:\RRbackups\C\0\Data85 50003968 bytes
File C:\RRbackups\C\0\Data86 50003968 bytes
File C:\RRbackups\C\0\Data87 50003968 bytes
File C:\RRbackups\C\0\Data88 50003968 bytes
File C:\RRbackups\C\0\Data89 50003968 bytes
File C:\RRbackups\C\0\Data9 50003968 bytes
File C:\RRbackups\C\0\Data90 50003968 bytes
File C:\RRbackups\C\0\Data91 50003968 bytes
File C:\RRbackups\C\0\Data92 50003968 bytes
File C:\RRbackups\C\0\Data93 50003968 bytes
File C:\RRbackups\C\0\Data94 50003968 bytes
File C:\RRbackups\C\0\Data95 50003968 bytes
File C:\RRbackups\C\0\Data96 50003968 bytes
File C:\RRbackups\C\0\Data97 50003968 bytes
File C:\RRbackups\C\0\Data98 50003968 bytes
File C:\RRbackups\C\0\Data99 50003968 bytes
File C:\RRbackups\C\0\dats 0 bytes
File C:\RRbackups\C\0\EFSFile 0 bytes
File C:\RRbackups\C\0\HashFile 347886 bytes
File C:\RRbackups\C\0\Info 756 bytes
File C:\RRbackups\C\0\TOCFile 35368410 bytes
File C:\RRbackups\C\1 0 bytes
File C:\RRbackups\C\1\Data27 50003968 bytes
File C:\RRbackups\C\1\Data0 50003968 bytes
File C:\RRbackups\C\1\Data1 50003968 bytes
File C:\RRbackups\C\1\Data10 50003968 bytes
File C:\RRbackups\C\1\Data11 50003968 bytes
File C:\RRbackups\C\1\Data12 50003968 bytes
File C:\RRbackups\C\1\Data13 50003968 bytes
File C:\RRbackups\C\1\Data14 50003968 bytes
File C:\RRbackups\C\1\Data15 50003968 bytes
File C:\RRbackups\C\1\Data16 50003968 bytes
File C:\RRbackups\C\1\Data17 50003968 bytes
File C:\RRbackups\C\1\Data18 50003968 bytes
File C:\RRbackups\C\1\Data19 50003968 bytes
File C:\RRbackups\C\1\Data2 50003968 bytes
File C:\RRbackups\C\1\Data20 50003968 bytes
File C:\RRbackups\C\1\Data21 50003968 bytes
File C:\RRbackups\C\1\Data22 50003968 bytes
File C:\RRbackups\C\1\Data23 50003968 bytes
File C:\RRbackups\C\1\Data24 50003968 bytes
File C:\RRbackups\C\1\Data25 50003968 bytes
File C:\RRbackups\C\1\Data26 50003968 bytes
File C:\RRbackups\C\1\Data28 50003968 bytes
File C:\RRbackups\C\1\Data29 50003968 bytes
File C:\RRbackups\C\1\Data3 50003968 bytes
File C:\RRbackups\C\1\Data30 50003968 bytes
File C:\RRbackups\C\1\Data31 50003968 bytes
File C:\RRbackups\C\1\Data32 50003968 bytes
File C:\RRbackups\C\1\Data33 50003968 bytes
File C:\RRbackups\C\1\Data34 50003968 bytes
File C:\RRbackups\C\1\Data35 50003968 bytes
File C:\RRbackups\C\1\Data36 50003968 bytes
File C:\RRbackups\C\1\Data37 50003968 bytes
File C:\RRbackups\C\1\Data38 50003968 bytes
File C:\RRbackups\C\1\Data39 50003968 bytes
File C:\RRbackups\C\1\Data4 50003968 bytes
File C:\RRbackups\C\1\Data40 50003968 bytes
File C:\RRbackups\C\1\Data41 13610848 bytes
File C:\RRbackups\C\1\Data5 50003968 bytes
File C:\RRbackups\C\1\Data6 50003968 bytes
File C:\RRbackups\C\1\Data7 50003968 bytes
File C:\RRbackups\C\1\Data8 50003968 bytes
File C:\RRbackups\C\1\Data9 50003968 bytes
File C:\RRbackups\C\1\dats 0 bytes
File C:\RRbackups\C\1\EFSFile 0 bytes
File C:\RRbackups\C\1\HashFile 417948 bytes
File C:\RRbackups\C\1\Info 756 bytes
File C:\RRbackups\C\1\TOCFile 42491380 bytes
File C:\RRbackups\C\2 0 bytes
File C:\RRbackups\C\2\Data0 50003968 bytes
File C:\RRbackups\C\2\Data1 50003968 bytes
File C:\RRbackups\C\2\Data10 50003968 bytes
File C:\RRbackups\C\2\Data11 50003968 bytes
File C:\RRbackups\C\2\Data12 27892376 bytes
File C:\RRbackups\C\2\Data2 50003968 bytes
File C:\RRbackups\C\2\Data3 50003968 bytes
File C:\RRbackups\C\2\Data4 50003968 bytes
File C:\RRbackups\C\2\Data5 50003968 bytes
File C:\RRbackups\C\2\Data6 50003968 bytes
File C:\RRbackups\C\2\Data7 50003968 bytes
File C:\RRbackups\C\2\Data8 50003968 bytes
File C:\RRbackups\C\2\Data9 50003968 bytes
File C:\RRbackups\C\2\dats 0 bytes
File C:\RRbackups\C\2\EFSFile 0 bytes
File C:\RRbackups\C\2\HashFile 392124 bytes
File C:\RRbackups\C\2\Info 756 bytes
File C:\RRbackups\C\2\TOCFile 39865940 bytes
File C:\RRbackups\C\3 0 bytes
File C:\RRbackups\C\3\Data0 50003968 bytes
File C:\RRbackups\C\3\Data1 50003968 bytes
File C:\RRbackups\C\3\Data2 50003968 bytes
File C:\RRbackups\C\3\Data3 50003968 bytes
File C:\RRbackups\C\3\Data4 50003968 bytes
File C:\RRbackups\C\3\Data5 50003968 bytes
File C:\RRbackups\C\3\Data6 50003968 bytes
File C:\RRbackups\C\3\Data7 50003968 bytes
File C:\RRbackups\C\3\Data8 50003968 bytes
File C:\RRbackups\C\3\Data9 27277520 bytes
File C:\RRbackups\C\3\dats 0 bytes
File C:\RRbackups\C\3\EFSFile 0 bytes
File C:\RRbackups\C\3\HashFile 391272 bytes
File C:\RRbackups\C\3\Info 756 bytes
File C:\RRbackups\C\3\TOCFile 39779320 bytes
File C:\RRbackups\C\4 0 bytes
File C:\RRbackups\C\4\Data0 50003968 bytes
File C:\RRbackups\C\4\Data1 50003968 bytes
File C:\RRbackups\C\4\Data2 50003968 bytes
File C:\RRbackups\C\4\Data3 50003968 bytes
File C:\RRbackups\C\4\Data4 50003968 bytes
File C:\RRbackups\C\4\Data5 50003968 bytes
File C:\RRbackups\C\4\Data6 50003968 bytes
File C:\RRbackups\C\4\Data7 50003968 bytes
File C:\RRbackups\C\4\Data8 33300627 bytes
File C:\RRbackups\C\4\dats 0 bytes
File C:\RRbackups\C\4\EFSFile 0 bytes
File C:\RRbackups\C\4\HashFile 393948 bytes
File C:\RRbackups\C\4\Info 756 bytes
File C:\RRbackups\C\4\TOCFile 40051380 bytes
File C:\RRbackups\C\5 0 bytes
File C:\RRbackups\C\5\Data0 50003968 bytes
File C:\RRbackups\C\5\Data1 50003968 bytes
File C:\RRbackups\C\5\Data2 50003968 bytes
File C:\RRbackups\C\5\Data3 50003968 bytes
File C:\RRbackups\C\5\Data4 50003968 bytes
File C:\RRbackups\C\5\Data5 50003968 bytes
File C:\RRbackups\C\5\Data6 50003968 bytes
File C:\RRbackups\C\5\Data7 50003968 bytes
File C:\RRbackups\C\5\Data8 50003968 bytes
File C:\RRbackups\C\5\Data9 2676681 bytes
File C:\RRbackups\C\5\dats 0 bytes
File C:\RRbackups\C\5\EFSFile 0 bytes
File C:\RRbackups\C\5\HashFile 398484 bytes
File C:\RRbackups\C\5\Info 756 bytes
File C:\RRbackups\C\5\TOCFile 40512540 bytes
File C:\RRbackups\common 0 bytes
File C:\RRbackups\common\backups.dat 8192 bytes
File C:\RRbackups\common\bt0.dat 32256 bytes
File C:\RRbackups\common\bt1.dat 32256 bytes
File C:\RRbackups\common\bt2.dat 32256 bytes
File C:\RRbackups\common\bt3.dat 32256 bytes
File C:\RRbackups\common\bt4.dat 32256 bytes
File C:\RRbackups\common\bt5.dat 32256 bytes
File C:\RRbackups\common\css.dat 8192 bytes
File C:\RRbackups\common\hints.dat 8192 bytes
File C:\RRbackups\common\mnd.dat 8192 bytes
File C:\RRbackups\common\regcerts.dat 8192 bytes
File C:\RRbackups\common\restore.log 7010 bytes
File C:\RRbackups\common\rr.log 134881 bytes
File C:\RRbackups\common\SAM 28672 bytes
File C:\RRbackups\common\seccache.dat 8192 bytes
File C:\RRbackups\common\secpolicy.dat 53248 bytes
File C:\RRbackups\common\settings.dat 28672 bytes
File C:\RRbackups\common\system.dat 12288 bytes
File C:\RRbackups\common\tvtcmn.dat 8192 bytes
File C:\RRbackups\common\tvtns.bin 15 bytes
File C:\RRbackups\common\usersids.dat 15600 bytes
File C:\RRbackups\Documents and Settings 0 bytes
File C:\RRbackups\Documents and Settings\Administrator 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500\d37e8929-0901-4b9a-ab7f-dc52f1c285b6 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500\0474e00d-bdef-4bd6-b048-856284e01f0b 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500\2d783173-7350-484d-be80-13ccf115afbb 388 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Administrator\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\All Users 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\encobject.dat 1608 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\swkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Lenovo\Client Security Solution\symkeys.dat 656 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\404b466b6bfefd5de0c0a19f33336d46_17f55422-1271-485c-a6cb-a54860e35d37 1753 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_17f55422-1271-485c-a6cb-a54860e35d37 52 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18 0 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\42e7e898003fbdeb9585806ee1664b51_17f55422-1271-485c-a6cb-a54860e35d37 57 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\4a83060920cae32caf902bed48d1fdd9_17f55422-1271-485c-a6cb-a54860e35d37 58 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_17f55422-1271-485c-a6cb-a54860e35d37 47 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\8f71098770f72c7a67cd8f1151619865_17f55422-1271-485c-a6cb-a54860e35d37 54 bytes
File C:\RRbackups\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_17f55422-1271-485c-a6cb-a54860e35d37 893 bytes
File C:\RRbackups\Documents and Settings\Default User 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500\d37e8929-0901-4b9a-ab7f-dc52f1c285b6 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500\0474e00d-bdef-4bd6-b048-856284e01f0b 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500\2d783173-7350-484d-be80-13ccf115afbb 388 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Default User\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\LocalService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Lenovo 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Lenovo\Client Security Solution 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Lenovo\Client Security Solution\config.ini 61 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Lenovo\Client Security Solution\cspContainer.dat 332 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Lenovo\Client Security Solution\cssversion.dat 1908 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Lenovo\Client Security Solution\encobject.dat 11256 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Lenovo\Client Security Solution\hibernation.dat 4 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Lenovo\Client Security Solution\swkeys.dat 6372 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Lenovo\Client Security Solution\symkeys.dat 1968 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\274e78a5092abea66ba365b4b159553e_17f55422-1271-485c-a6cb-a54860e35d37 49 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\533145ef011ddf5ca3983e2545a902b4_17f55422-1271-485c-a6cb-a54860e35d37 2075 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\6b29ae44e85efac3c72ff4d1865d73f1_17f55422-1271-485c-a6cb-a54860e35d37 53 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\83aa4cc77f591dfc2374580bbd95f6ba_17f55422-1271-485c-a6cb-a54860e35d37 45 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\8f71098770f72c7a67cd8f1151619865_17f55422-1271-485c-a6cb-a54860e35d37 54 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\90cf7e262bc48792c9a0918e9a919902_17f55422-1271-485c-a6cb-a54860e35d37 59 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\CREDHIST 160 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500\d37e8929-0901-4b9a-ab7f-dc52f1c285b6 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500\0474e00d-bdef-4bd6-b048-856284e01f0b 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\358d23d4-5ed9-4aa2-966a-11f2a1677fbd 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\3703df8c-883d-45ce-a42f-adac9e3a57d1 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\62836665-96aa-4d63-9b35-4d64e0d75705 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\6dbb042f-94eb-43b8-8c8f-4ddb4d42ffc8 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\71b91f4a-eca7-411b-8f3c-70415f9d1a6b 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\7cd6a19d-7d8f-4e02-9ba2-b32338d9edb9 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\815ee3a1-2ef6-4fbc-b7fe-aee1470d5e5f 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\848eaefc-4095-45c7-8cea-ace352cc3f8b 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\8e2cca00-20a8-4afd-bfc6-747c4011439c 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\957afd1e-027b-4461-9f13-8579590ccbb5 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\b36098e0-8be6-4fb0-92d7-462785e5544c 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\c50b6142-37d9-4034-9bb5-062f7f5c581b 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\ecf29e03-ceff-4ae7-92a6-5f86e21427f7 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-4229174763-2783399609-392354559-1008\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500\2d783173-7350-484d-be80-13ccf115afbb 388 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_17f55422-1271-485c-a6cb-a54860e35d37 2519 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\cfe4cfea-f665-4ea4-85a3-b6ec03a2af0f 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\f42021c3-c023-4648-a8e7-0e5c4bc00882 388 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\Documents and Settings\TEMP 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Crypto 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Crypto\RSA 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\CREDHIST 24 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500\d37e8929-0901-4b9a-ab7f-dc52f1c285b6 388 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-1424301881-1474135004-3197188703-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500\0474e00d-bdef-4bd6-b048-856284e01f0b 388 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-3792864060-2100092850-60248418-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500\2d783173-7350-484d-be80-13ccf115afbb 388 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\Protect\S-1-5-21-486241745-1784924572-608481452-500\Preferred 24 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My\Certificates 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My\CRLs 0 bytes
File C:\RRbackups\Documents and Settings\TEMP\Application Data\Microsoft\SystemCertificates\My\CTLs 0 bytes
File C:\RRbackups\SIS 0 bytes
File C:\RRbackups\SIS\C 0 bytes
File C:\RRbackups\SIS\C\0 0 bytes

---- EOF - GMER 1.0.15 ----

Merged topics then posts and move result to log forum. ~ OB

Edited by Orange Blossom, 20 April 2010 - 07:48 PM.

BC AdBot (Login to Remove)

 

#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:46 PM

Posted 25 April 2010 - 06:49 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
    •  
  • Local time:07:46 AM

Posted 25 April 2010 - 11:38 PM

Hi m0le

Thanks for your response. As per your instructions I have subscribed to this forum. I'll await your further instructions.

Sincerely,
Still Lost to my PC :*/

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:46 PM

Posted 26 April 2010 - 12:43 PM

Is it just the Java that is a problem?


Let's try JavaRa first up to sort out the problems there

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Please make sure you turn on the Java Automatic Update Feature

    Then you will not have to remember to update it when Java introduces a new version.
    Java is updated very frequently, and the old versions are malware magnets.

    Note: This feature is available only on Windows XP, 2003, 2000 (SP2 or higher) and set by default for these operating systems.


Posted Image
m0le is a proud member of UNITE

#5 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
    •  
  • Local time:07:46 AM

Posted 26 April 2010 - 03:14 PM

Hi mOle,

I followed your instructions exactly. However I still received the error message when in Java Setup Progress "Error 1714. The older version of Java 6 update 20 cannot be removed. Contact your technical support group" Installation Failed

Not sure if this matters but my default browser is Firefox, but I do the Java updates and download using IE 8.0 only.

Thanks!

PS> I just went to the Control Panel to Add/Remove Program - when I tried to remove Java 6 Update 18 (90.49MB) I received an error message that "the configuration data for this product is corrupt. Contact your support personnel"

Edited by lost2pc, 26 April 2010 - 03:42 PM.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:46 PM

Posted 26 April 2010 - 03:55 PM

We could try to clear the Java components via an automatic tool
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Let's also run a search system for other possible Java

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :filefind
    *java*
    :folderfind
    *java*
    :regfind
    *java*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Posted Image
m0le is a proud member of UNITE

#7 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
    •  
  • Local time:07:46 AM

Posted 26 April 2010 - 04:21 PM

Hi mOle - here are the copy n paste. Thanks! I'll now perform step 2 - "Run a search system for other possible Java" Thanks!


OTL.Txt - Notepad

OTL logfile created on: 4/26/2010 5:10:10 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Michelle Ledgister\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 304.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.94 Gb Total Space | 43.96 Gb Free Space | 63.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-C2C1C07B
Current User Name: Michelle Ledgister
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michelle Ledgister\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\WINDOWS\system32\tp4serv.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe ( )
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\Installshield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\Installshield\UpdateService\agent.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Michelle Ledgister\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_banner.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_think_res.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\csswait.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\cssuserdatadispatcher.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\tcsrpc.dll (Lenovo)
MOD - C:\WINDOWS\system32\tvttsp.dll (Lenovo)
MOD - C:\Program Files\Common Files\Lenovo\tvt_think_res.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CSIScanner) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe ( )
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (pxsec) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx)
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAudN.sys (Conexant Systems Inc.)
DRV - (Tp4Track) -- C:\WINDOWS\system32\drivers\tp4track.sys (Lenovo Group Limited)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 14:09:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/09 14:20:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/20 04:35:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 12:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/08 22:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/30 15:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Mozilla\Extensions
[2008/08/30 15:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle Ledgister\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/17 05:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Mozilla\Firefox\Profiles\o9t859ov.default\extensions
[2010/04/26 03:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/14 12:02:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/09 14:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/09/03 20:48:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/17 00:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/24 08:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/29 20:53:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/04/14 12:02:20 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/14 12:02:20 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/03/19 19:23:20 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/04/14 12:02:22 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/11/02 21:16:17 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/02 21:16:17 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/02 21:16:17 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/02 21:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/02 21:16:17 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/02 21:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/02 21:16:17 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/08/31 22:44:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Documents and Settings\Michelle Ledgister\Desktop\HijackThis.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1234980431625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle Ledgister\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle Ledgister\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 17:07:56 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle Ledgister\Desktop\OTL.exe
[2010/04/26 16:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/04/20 15:53:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2007/11/15 03:30:52 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/11/15 03:30:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp files -> C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/26 17:07:58 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle Ledgister\Desktop\OTL.exe
[2010/04/26 17:02:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/04/26 15:29:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/04/26 15:29:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 15:29:30 | 000,025,312 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/04/26 15:29:20 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/04/26 15:29:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 15:29:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 15:29:10 | 1063,694,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 07:51:45 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Michelle Ledgister\NTUSER.DAT
[2010/04/26 07:50:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michelle Ledgister\ntuser.ini
[2010/04/14 20:05:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/30 03:00:56 | 006,940,826 | -H-- | M] () -- C:\Documents and Settings\Michelle Ledgister\Local Settings\Application Data\IconCache.db
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 19:20:52 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\FDA_Quality Assurance Specialist closes 4-9-10.doc
[2010/03/29 11:57:25 | 000,210,846 | ---- | M] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\TaxReturn_transmitted_3-29-2010.pdf
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp files -> C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/29 19:20:52 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\FDA_Quality Assurance Specialist closes 4-9-10.doc
[2010/03/29 11:57:25 | 000,210,846 | ---- | C] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\TaxReturn_transmitted_3-29-2010.pdf
[2009/02/18 14:58:07 | 000,002,613 | ---- | C] () -- C:\WINDOWS\System32\yctkpqwv.dll
[2009/02/18 14:55:10 | 000,002,613 | ---- | C] () -- C:\WINDOWS\System32\gqjbdjih.dll
[2009/02/17 14:42:09 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\xqinkgpj.dll
[2009/02/15 15:26:50 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\wmlhvtrs.dll
[2009/02/15 15:23:50 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\kbfhakkt.dll
[2009/02/14 15:24:03 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\qfxggsvu.dll
[2009/02/14 15:21:33 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\ddkmlvkh.dll
[2008/03/20 13:19:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/15 04:07:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/15 03:48:16 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/11/15 03:42:15 | 000,000,177 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/15 03:40:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/11/15 03:40:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/11/15 03:40:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/11/15 03:40:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/11/15 03:40:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/11/15 03:40:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/11/15 03:33:52 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/11/15 03:33:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4825.dll
[2007/11/15 03:31:43 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007/11/15 03:31:33 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/11/15 03:30:53 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/11/15 03:30:52 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/03/02 08:15:36 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/03/02 08:15:25 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/01/16 11:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 18:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 02:56:21 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/04/30 02:56:21 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/04/30 02:56:21 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/04/30 02:56:21 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/04/30 02:56:20 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2003/01/07 03:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/12/11 19:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2007/11/15 03:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/08/22 23:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/03/24 16:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/24 20:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\GARMIN
[2007/12/19 23:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\InterVideo
[2008/11/27 02:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Juniper Networks
[2007/12/12 09:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Leadertech
[2008/02/08 21:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Lenovo
[2009/01/05 18:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Thunderbird
[2010/04/26 17:02:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/04/26 15:29:50 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


Extas.Txt - Notepad

OTL Extras logfile created on: 4/26/2010 5:10:10 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Michelle Ledgister\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 304.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.94 Gb Total Space | 43.96 Gb Free Space | 63.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-C2C1C07B
Current User Name: Michelle Ledgister
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"avast!" = avast! Antivirus
"AwayTask" = Maintenance Manager
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"Remove Multimedia Center" = Remove Multimedia Center
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"VLC media player" = VLC media player 0.9.8a
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/26/2010 3:30:43 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\6b29ae44e85efac3c72ff4d1865d73f1_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/26/2010 3:30:43 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\83aa4cc77f591dfc2374580bbd95f6ba_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/26/2010 3:30:43 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\8f71098770f72c7a67cd8f1151619865_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/26/2010 3:30:43 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\90cf7e262bc48792c9a0918e9a919902_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/26/2010 3:30:45 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST
failed, 00000005.

Error - 4/26/2010 3:30:45 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\cfe4cfea-f665-4ea4-85a3-b6ec03a2af0f
failed, 00000005.

Error - 4/26/2010 3:30:45 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\f42021c3-c023-4648-a8e7-0e5c4bc00882
failed, 00000005.

Error - 4/26/2010 3:30:45 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred
failed, 00000005.

Error - 4/26/2010 3:30:45 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/26/2010 3:30:47 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\common\usersids.dat failed, 00000005.

[ Application Events ]
Error - 4/26/2010 7:50:54 AM | Computer Name = LENOVO-C2C1C07B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/26/2010 7:51:11 AM | Computer Name = LENOVO-C2C1C07B | Source = MSSQLSERVER | ID = 921877
Description =

Error - 4/26/2010 7:51:17 AM | Computer Name = LENOVO-C2C1C07B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/26/2010 4:04:44 PM | Computer Name = LENOVO-C2C1C07B | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120611FF\SourceList'

Error - 4/26/2010 4:09:20 PM | Computer Name = LENOVO-C2C1C07B | Source = MsiInstaller | ID = 11714
Description = Product: Java™ 6 Update 20 -- Error 1714.The older version of Java™
6 Update 20 cannot be removed. Contact your technical support group. System Error
1610.

Error - 4/26/2010 4:30:53 PM | Computer Name = LENOVO-C2C1C07B | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120611FF\SourceList'

Error - 4/26/2010 4:31:04 PM | Computer Name = LENOVO-C2C1C07B | Source = MsiInstaller | ID = 11714
Description = Product: Java™ 6 Update 20 -- Error 1714.The older version of Java™
6 Update 20 cannot be removed. Contact your technical support group. System Error
1610.

Error - 4/26/2010 4:37:39 PM | Computer Name = LENOVO-C2C1C07B | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120611FF\SourceList'

Error - 4/26/2010 4:39:53 PM | Computer Name = LENOVO-C2C1C07B | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120611FF\SourceList'

Error - 4/26/2010 4:42:57 PM | Computer Name = LENOVO-C2C1C07B | Source = MsiInstaller | ID = 1002
Description = Unexpected or missing value (name: 'PackageName', value: '') in key
'HKLM\Software\Classes\Installer\Products\4EA42A62D9304AC4784BF238120611FF\SourceList'

[ System Events ]
Error - 4/21/2010 1:20:04 PM | Computer Name = LENOVO-C2C1C07B | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%3

Error - 4/23/2010 2:23:38 PM | Computer Name = LENOVO-C2C1C07B | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%3

Error - 4/25/2010 2:39:56 PM | Computer Name = LENOVO-C2C1C07B | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%3

Error - 4/25/2010 3:24:20 PM | Computer Name = LENOVO-C2C1C07B | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 001CBF2CD2DF. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 4/25/2010 8:00:46 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 4/25/2010 8:00:55 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET
Framework Assistant 1.0 x86 (KB963707).

Error - 4/25/2010 8:01:00 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 4/25/2010 8:01:19 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2000 Service Pack 4 (KB960082).

Error - 4/25/2010 8:02:21 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update
for Windows 2000, Windows Server 2003, and Windows XP (KB974417).

Error - 4/26/2010 12:18:54 AM | Computer Name = LENOVO-C2C1C07B | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%3


< End of report >

#8 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
    •  
  • Local time:07:46 AM

Posted 26 April 2010 - 04:31 PM

Hi mOle - here is the text from SystemLook - Notepad. Thanks!

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 17:26 on 26/04/2010 by Michelle Ledgister (Administrator - Elevation successful)

========== filefind ==========

Searching for "*java*"
C:\Documents and Settings\Michelle Ledgister\Cookies\michelle_ledgister@dl.javafx[1].txt --a--- 86 bytes [00:53 30/01/2010] [00:53 30/01/2010] 8D0A85592C93421670B68F2545A2BB56
C:\Documents and Settings\Michelle Ledgister\Cookies\michelle_ledgister@dl.javafx[2].txt --a--- 83 bytes [01:14 23/04/2010] [01:14 23/04/2010] 67071459F2BEB6E38C5E9E3FD1074B60
C:\Documents and Settings\Michelle Ledgister\Cookies\michelle_ledgister@java[1].txt --a--- 394 bytes [19:55 20/04/2010] [19:55 20/04/2010] 67036937064B4036075A28DAEFDAB09E
C:\Documents and Settings\Michelle Ledgister\Cookies\michelle_ledgister@java[2].txt --a--- 344 bytes [17:54 15/02/2010] [18:00 15/02/2010] 399A29CCC924DB29451CAD91CDEC825B
C:\Documents and Settings\Michelle Ledgister\Favorites\Download Java SE Runtime Environment 6u20 for Windows, Multi-language.url --a--- 373 bytes [20:03 26/04/2010] [20:03 26/04/2010] C5AE8EA951343BDBF378C3F1C3373AF9
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\3AWBXWUV\l1_javase_ref[1].jpg --a--- 10731 bytes [19:51 26/04/2010] [19:51 26/04/2010] F1BD9AE56AA910238A76A81881F5423E
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\3AWBXWUV\pc10_dwnlds_javafx_hvr[1].gif --a--- 6429 bytes [19:51 26/04/2010] [19:51 26/04/2010] B830924D660993138865DCB491E0F624
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\3OJ5Q3A2\JavanLangurJulieLangford_mini[1].jpg --a--- 136687 bytes [07:01 23/03/2010] [07:01 23/03/2010] C1BD870204235B19B5C554D53EEC7E0A
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\4K2ESZ2R\JavaSetup6u20[1].exe --a--- 921376 bytes [06:46 17/04/2010] [06:46 17/04/2010] 547EBBBCAA09304E9BF6D5C7976D23CF
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\4K2ESZ2R\java_update04[1].jpg --a--- 24763 bytes [06:45 17/04/2010] [06:45 17/04/2010] 2F02D92593ABBCEF3FEE5B4F45CD83DE
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\4K2ESZ2R\java_update09[1].jpg --a--- 68808 bytes [06:45 17/04/2010] [06:45 17/04/2010] 90478390B5DFEE4765EAA717C4AD92E3
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\4K2ESZ2R\java_update11[1].jpg --a--- 67705 bytes [06:45 17/04/2010] [06:45 17/04/2010] 404706D6B02DF376C9BEE914DD1603AE
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\4K2ESZ2R\java_update[1].htm --a--- 19348 bytes [19:49 20/04/2010] [19:49 20/04/2010] BF2BCB3BF10019C9AAC892A72923A405
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\4K2ESZ2R\uninstall_java[1].jpg --a--- 39521 bytes [06:49 17/04/2010] [06:49 17/04/2010] 45FF85E2A08A5E01CE0634FE04854AE7
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\75G2WEIY\lang_javascript[1].js --a--- 2294 bytes [21:05 26/04/2010] [21:05 26/04/2010] A4DC206AED634EFADE45A6AA5E3D785C
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\C8N9YCWG\deployJava[1].js --a--- 15179 bytes [06:45 17/04/2010] [06:45 17/04/2010] 7ACB095894D4D248E5E634FD4742B4A5
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\C8N9YCWG\e19_java_ee_sdk[1].gif --a--- 6576 bytes [19:51 26/04/2010] [19:51 26/04/2010] F840C370C739B8F3D5D71BC8F609F460
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\C8N9YCWG\java_update01[1].jpg --a--- 24108 bytes [06:45 17/04/2010] [06:45 17/04/2010] 17105510038B5EC72C37D66C1510E44A
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\C8N9YCWG\java_update02[1].jpg --a--- 43818 bytes [06:45 17/04/2010] [06:45 17/04/2010] DAA45E4C423D20F9A9209DDD6B77064B
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\C8N9YCWG\java_update10[1].jpg --a--- 66388 bytes [06:45 17/04/2010] [06:45 17/04/2010] 38881478C5FC739F0FF6A8C151FF642D
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\C8N9YCWG\java_update12[1].jpg --a--- 66607 bytes [06:45 17/04/2010] [06:45 17/04/2010] 9084CEE14A00C10F35300B2B17BE8C9C
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\L7T8NS1M\ExpertHelp-RedBox-JavaLogo_22489[1].jpg --a--- 9841 bytes [06:45 17/04/2010] [06:45 17/04/2010] ACFC635AB3C9E1710152B67BC45D0DA7
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\L7T8NS1M\java_update03[1].jpg --a--- 19114 bytes [06:45 17/04/2010] [06:45 17/04/2010] 58D1F0911C40D590D42605B09174E11A
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\L7T8NS1M\java_update05[1].jpg --a--- 43410 bytes [06:45 17/04/2010] [06:45 17/04/2010] 904FE39AF9765B74A82FF9C15BA02303
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\L7T8NS1M\pc10_dwnlds_javaee[1].gif --a--- 9398 bytes [19:51 26/04/2010] [19:51 26/04/2010] 421AE27F2BC4EDFD71C79AD7EF54E8B1
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\L7T8NS1M\uninstall_java[1].htm --a--- 10860 bytes [06:49 17/04/2010] [06:49 17/04/2010] 203E79B7CCD38B51545E6B24E9729453
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\M8N5692Z\JavaSetup6u20[1].exe --a--- 921376 bytes [19:49 20/04/2010] [19:49 20/04/2010] 547EBBBCAA09304E9BF6D5C7976D23CF
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\M8N5692Z\java_update06[1].jpg --a--- 32355 bytes [06:45 17/04/2010] [06:45 17/04/2010] 7821352DE83D3D6EDC9715FF3BF14889
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\M8N5692Z\java_update07[1].jpg --a--- 31359 bytes [06:45 17/04/2010] [06:45 17/04/2010] 2B74AED691575F04145D0D56CAAD0685
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\M8N5692Z\java_update08[1].jpg --a--- 67579 bytes [06:45 17/04/2010] [06:45 17/04/2010] C1A94173F4A0D695F91DEA7DFF04D554
C:\Documents and Settings\Michelle Ledgister\Local Settings\Temporary Internet Files\Content.IE5\RI9L4DLZ\pc10_dwnlds_java_hvr[1].gif --a--- 5943 bytes [19:51 26/04/2010] [19:51 26/04/2010] FCDAC783CC61CF93A3433AF246CA0D40
C:\Documents and Settings\Michelle Ledgister\My Documents\Downloads\JavaRa.zip --a--- 71826 bytes [19:42 26/04/2010] [19:42 26/04/2010] 257278827A059A54888DEB30027A8A27
C:\Documents and Settings\Michelle Ledgister\My Documents\Downloads\JavaRa\JavaRa.def --a--- 245103 bytes [01:53 23/05/2009] [01:53 23/05/2009] 7581E3AE14AA8BD29F72A0A4D09306E8
C:\Documents and Settings\Michelle Ledgister\My Documents\Downloads\JavaRa\JavaRa.exe --a--- 157696 bytes [17:33 16/07/2009] [17:33 16/07/2009] 8FB2BAFDA81520867539C5393E715D89
C:\Documents and Settings\Michelle Ledgister\Recent\JavaRa(2).lnk --a--- 880 bytes [20:17 26/04/2010] [20:17 26/04/2010] 92EB9F3C08D5C7906AC27780761F3C59
C:\Documents and Settings\Michelle Ledgister\Recent\JavaRa.lnk --a--- 863 bytes [19:42 26/04/2010] [19:42 26/04/2010] 4E01A8302CAC805E03DEF478F9E6B35F
C:\I386\ADCJAVAS.IN_ ------ 387 bytes [20:57 29/04/2006] [12:00 04/08/2004] 64B3DD3A9415FF18643B042714690281
C:\I386\ADOJAVAS.IN_ ------ 3911 bytes [20:57 29/04/2006] [12:00 04/08/2004] 872CA5B99AD18F8E6BC6D4AA699C22F1
C:\JavaRa.log --a--- 13960 bytes [19:46 26/04/2010] [20:46 26/04/2010] BF0A77839B7BB2406299136DB321DB19
C:\Program Files\Common Files\Lenovo\Python24\Lib\site-packages\_xmlplus\dom\javadom.pyc ------ 42523 bytes [07:50 15/11/2007] [20:54 08/02/2007] 25F9B8DC4ADD6C689CA13222ECA89770
C:\Program Files\Common Files\Lenovo\Python24\Lib\site-packages\_xmlplus\sax\drivers2\drv_javasax.pyc ------ 13286 bytes [07:50 15/11/2007] [20:54 08/02/2007] 844667D15046BB4CA7DB39C304522EA6
C:\Program Files\Common Files\System\ado\adojavas.inc ------ 14610 bytes [07:10 30/04/2006] [12:00 04/08/2004] 398FD657D8EA0BD77325E6BAEEA25090
C:\Program Files\Common Files\System\msadc\adcjavas.inc ------ 629 bytes [07:10 30/04/2006] [12:00 04/08/2004] 49B9878B48D6614A5D76C7B07AE00F25
C:\Program Files\Java\jre6\bin\java-rmi.exe --a--- 33568 bytes [18:20 09/03/2009] [22:14 17/12/2009] AF11613D770752D232E4B6918DA5EB3B
C:\Program Files\Java\jre6\bin\java.dll --a--- 126976 bytes [18:20 09/03/2009] [22:13 17/12/2009] 8E89F6EFF27213862E2A61E01563D45F
C:\Program Files\Java\jre6\bin\java.exe --a--- 145184 bytes [18:20 09/03/2009] [22:14 17/12/2009] AD3A2226B72F6E161425254276670117
C:\Program Files\Java\jre6\bin\javacpl.cpl --a--- 73728 bytes [18:20 09/03/2009] [20:02 17/12/2009] A430C07A2B0D09DADB6AE1DA5FDE9071
C:\Program Files\Java\jre6\bin\javacpl.exe --a--- 59168 bytes [18:20 09/03/2009] [22:14 17/12/2009] A90F965EF355E4B1E80D7FC4137C3E52
C:\Program Files\Java\jre6\bin\javaw.exe --a--- 145184 bytes [18:20 09/03/2009] [22:14 17/12/2009] B427962BDB196D132AF50F6C7B78380D
C:\Program Files\Java\jre6\bin\javaws.exe --a--- 153376 bytes [18:20 09/03/2009] [22:14 17/12/2009] C8824405C4E358A2FE4D97C83101079A
C:\Program Files\Java\jre6\bin\java_crw_demo.dll --a--- 14336 bytes [18:20 09/03/2009] [22:13 17/12/2009] DE6A847391AABFA78A171C76291A08D9
C:\Program Files\Java\jre6\lib\javaws.jar --a--- 813447 bytes [18:20 09/03/2009] [22:07 17/12/2009] EF51095E23CAF6A5E4E237268A3EB856
C:\Program Files\Java\jre6\lib\security\java.policy --a--- 2221 bytes [18:20 09/03/2009] [18:20 09/03/2009] 28A85BEFF3EF87D4F0C643C52F183A3D
C:\Program Files\Java\jre6\lib\security\java.security --a--- 9979 bytes [18:20 09/03/2009] [05:39 25/07/2009] 81CA5353C2F3A63F8585C4872B6F19F3
C:\Program Files\Java\jre6\lib\security\javaws.policy --a--- 132 bytes [18:20 09/03/2009] [18:20 09/03/2009] 921F971B69450756EFDD5E14322E1037
C:\Program Files\Microsoft Office\CLIPART\PUB60COR\JAVA_01.MID ------ 9797 bytes [09:00 08/12/1997] [09:00 08/12/1997] 1972574D57B331DF75E3039F22754284
C:\Program Files\PCDR5\AsapiJava.dll ------ 1174016 bytes [01:09 04/05/2007] [01:09 04/05/2007] FC993C43CA2AA80777ED105C20489F6C
C:\Program Files\PCDR5\SisapiJava.dll ------ 267776 bytes [01:10 04/05/2007] [01:10 04/05/2007] D84E992B025E9B46174E7DF7FDB6B438
C:\Program Files\PCDR5\xjre\bin\java.dll ------ 69632 bytes [01:22 04/05/2007] [01:22 04/05/2007] 9CC15BD70D50EF154C0BF0637331698D
C:\Program Files\PCDR5\xjre\lib\security\java.policy ------ 2221 bytes [01:22 04/05/2007] [01:22 04/05/2007] 28A85BEFF3EF87D4F0C643C52F183A3D
C:\Program Files\PCDR5\xjre\lib\security\java.security ------ 10151 bytes [01:22 04/05/2007] [01:22 04/05/2007] B364EC57805B762B474E861D469E3282
C:\Program Files\PCDR5\xjre\lib\security\javaws.policy ------ 132 bytes [01:22 04/05/2007] [01:22 04/05/2007] 921F971B69450756EFDD5E14322E1037
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\AddEventRequest.java --a--- 2171 bytes [12:23 23/03/2009] [12:23 23/03/2009] 72A6D1F02FF5483689EBBC8011C5C2B2
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\CalendarController.java --a--- 13543 bytes [12:23 23/03/2009] [12:23 23/03/2009] D0E28FB1C9ED6328C11DAA11F6B64E3F
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\CalEvent.java --a--- 3472 bytes [12:23 23/03/2009] [12:23 23/03/2009] EDEC54220CFB38A0B74E476DFDF89FE6
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\DatabaseManager.java --a--- 7413 bytes [12:23 23/03/2009] [12:23 23/03/2009] 0EDCA65CD411A44D3780E401EF62BB73
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\DeleteEventRequest.java --a--- 1801 bytes [12:23 23/03/2009] [12:23 23/03/2009] E54C24691F2C0AF9D4FC05997B978F70
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\EventManager.java --a--- 7424 bytes [12:23 23/03/2009] [12:23 23/03/2009] 9571EA663786E9FD56EAA74491EB7B24
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\GCalendar.java --a--- 16183 bytes [12:23 23/03/2009] [12:23 23/03/2009] 339E4631102EC203398BB7F6B1F9FFDD
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\GCalendarRequest.java --a--- 1550 bytes [12:23 23/03/2009] [12:23 23/03/2009] 31963D563CF27060DAB02ABF503972EE
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\NetworkDownException.java --a--- 1174 bytes [12:23 23/03/2009] [12:23 23/03/2009] 20C5FF3A255C76418B247FDE003000A7
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\RequestManager.java --a--- 11464 bytes [12:23 23/03/2009] [12:23 23/03/2009] 56E1A6F603BFCEA6779E5F6FE2DFB176
C:\Program Files\Sun\JavaDB\demo\programs\localcal\src\UpdateEventRequest.java --a--- 2081 bytes [12:23 23/03/2009] [12:23 23/03/2009] F7E6F2A52818A33D49AE9E8A0452C1E4
C:\Program Files\Sun\JavaDB\demo\programs\nserverdemo\NetworkServerUtil.java --a--- 2701 bytes [12:23 23/03/2009] [12:23 23/03/2009] C0F965B1DCD4A2EDCB222568FE8D9D47
C:\Program Files\Sun\JavaDB\demo\programs\nserverdemo\NsSample.java --a--- 8440 bytes [18:32 09/07/2009] [18:32 09/07/2009] AD261C3E24B4BC2F7D55525E45BF8036
C:\Program Files\Sun\JavaDB\demo\programs\nserverdemo\NsSampleClientThread.java --a--- 13691 bytes [12:23 23/03/2009] [12:23 23/03/2009] BDED46F097ECDD8A454F5A3DE279BD8C
C:\Program Files\Sun\JavaDB\demo\programs\nserverdemo\SimpleNetworkClientSample.java --a--- 8638 bytes [18:32 09/07/2009] [18:32 09/07/2009] 731F3E99C79D89C05CF0A0CED8EAE9D1
C:\Program Files\Sun\JavaDB\demo\programs\nserverdemo\SimpleNetworkServerSample.java --a--- 9825 bytes [12:23 23/03/2009] [12:23 23/03/2009] D228E05DB849A1A3A12015E184674F2D
C:\Program Files\Sun\JavaDB\demo\programs\scores\java\client\org\apache\derbyDemo\scores\app\Scores.java --a--- 4848 bytes [12:23 23/03/2009] [12:23 23/03/2009] 88ADE6D698EBC36A7640B7B0BCEE2E78
C:\Program Files\Sun\JavaDB\demo\programs\scores\java\client\org\apache\derbyDemo\scores\data\Data.java --a--- 29185 bytes [12:23 23/03/2009] [12:23 23/03/2009] 24B9A45158363F61C2B41ADD844DE395
C:\Program Files\Sun\JavaDB\demo\programs\scores\java\client\org\apache\derbyDemo\scores\data\Database.java --a--- 16643 bytes [12:23 23/03/2009] [12:23 23/03/2009] A81A175372E858159A40A708BD0BB72C
C:\Program Files\Sun\JavaDB\demo\programs\scores\java\common\org\apache\derbyDemo\scores\util\Logger.java --a--- 3570 bytes [12:23 23/03/2009] [12:23 23/03/2009] 3F3C5F43D457324399F73CA24BB8E1A3
C:\Program Files\Sun\JavaDB\demo\programs\scores\java\common\org\apache\derbyDemo\scores\util\Utils.java --a--- 6338 bytes [12:23 23/03/2009] [12:23 23/03/2009] B6F7E662CC57A1B896AF2ACF169E68A1
C:\Program Files\Sun\JavaDB\demo\programs\scores\java\server\org\apache\derbyDemo\scores\proc\Functions.java --a--- 6134 bytes [12:23 23/03/2009] [12:23 23/03/2009] 66D8D8514D85D60D3D218256301AC0D6
C:\Program Files\Sun\JavaDB\demo\programs\scores\java\server\org\apache\derbyDemo\scores\proc\Procedures.java --a--- 3953 bytes [12:23 23/03/2009] [12:23 23/03/2009] FC1C5A34EBB5F732190EAD8617CB9087
C:\Program Files\Sun\JavaDB\demo\programs\simplemobile\SimpleMobileApp.java --a--- 15502 bytes [12:22 23/03/2009] [12:22 23/03/2009] FE73AAD837EC91E9D7A0C557610914E3
C:\Program Files\Sun\JavaDB\demo\programs\simple\SimpleApp.java --a--- 19648 bytes [18:32 09/07/2009] [18:32 09/07/2009] 4A75C4C566B30EAD2D80AF5995D88640
C:\Program Files\Sun\JavaDB\demo\programs\toursdb\insertMaps.java --a--- 3759 bytes [12:22 23/03/2009] [12:22 23/03/2009] 6FC0C0A7C0D524B1F92A5095FBE816C0
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\core\FlatFileVTI.java --a--- 6221 bytes [12:22 23/03/2009] [12:22 23/03/2009] 7C3D4E67894124F9A07857880426323A
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\core\QueryRow.java --a--- 1717 bytes [12:22 23/03/2009] [12:22 23/03/2009] 34C3CE3E1E5C085A0DC9295B3CEB6299
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\core\QueryVTIHelper.java --a--- 13599 bytes [12:22 23/03/2009] [12:22 23/03/2009] 0310F03096D09090720A9666B6F87A07
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\core\StringColumnVTI.java --a--- 16481 bytes [12:22 23/03/2009] [12:22 23/03/2009] C55D4A7D21622A1855747BAED7ABD97D
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\core\VTIHelper.java --a--- 7736 bytes [12:22 23/03/2009] [12:22 23/03/2009] 6E05C6D40AE79C53D93F0ACFA0FB1CA0
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\core\VTITemplate.java --a--- 31811 bytes [12:22 23/03/2009] [12:22 23/03/2009] 12CDD16E62C4942B3BCBAA215B47CB1D
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\core\XMLRow.java --a--- 1909 bytes [12:22 23/03/2009] [12:22 23/03/2009] C681C799AD0CBB1AC74BD2A2947A1188
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\core\XmlVTI.java --a--- 11940 bytes [12:22 23/03/2009] [12:22 23/03/2009] A14D01FFC7F2BCB3E79FDD1388C39124
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\example\ApacheServerLogVTI.java --a--- 3956 bytes [12:22 23/03/2009] [12:22 23/03/2009] 27F48AEC67DCC2FEBFE13AFF3787259A
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\example\DerbyJiraReportVTI.java --a--- 2992 bytes [12:22 23/03/2009] [12:22 23/03/2009] 53373D9B453FE8116F140F83EFAE9BA4
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\example\LineListVTI.java --a--- 3874 bytes [12:22 23/03/2009] [12:22 23/03/2009] 4450F5B29EA5B0F07D557C58B48BBF11
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\example\PropertyFileVTI.java --a--- 5518 bytes [12:22 23/03/2009] [12:22 23/03/2009] BA180863A229AF926D64E95110135B05
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\example\SubversionLogVTI.java --a--- 8373 bytes [12:22 23/03/2009] [12:22 23/03/2009] 0D9FDCC2B98FDF248F5DD314DF9A0545
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\example\VTIs.java --a--- 5356 bytes [12:22 23/03/2009] [12:22 23/03/2009] 5B059C0B6F076D081CA435994FAE4454
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\example\WorldDBSnapshot.java --a--- 2258 bytes [12:22 23/03/2009] [12:22 23/03/2009] E9DEAC69CA417852E05725C224417018
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\snapshot\SnapshotQuery.java --a--- 1916 bytes [12:22 23/03/2009] [12:22 23/03/2009] 83B0E8F3421C671E92F0FFF7C5D5AFF7
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\snapshot\Subscription.java --a--- 21715 bytes [12:22 23/03/2009] [12:22 23/03/2009] E162B723AD64F0CA129E13B75BE8C2D2
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java\org\apache\derbyDemo\vtis\snapshot\SubscriptionSignature.java --a--- 1870 bytes [12:22 23/03/2009] [12:22 23/03/2009] 35100F646F159CF665DCD28590B7C522
C:\Program Files\Sun\JavaDB\demo\programs\workingwithderby\WwdClientExample.java --a--- 7449 bytes [12:22 23/03/2009] [12:22 23/03/2009] 0F32991509FCE81366B04BFBEB9A07BA
C:\Program Files\Sun\JavaDB\demo\programs\workingwithderby\WwdEmbedded.java --a--- 7441 bytes [12:22 23/03/2009] [12:22 23/03/2009] 243A776EFEBF3285420130B25C34E1AB
C:\Program Files\Sun\JavaDB\demo\programs\workingwithderby\WwdUtils.java --a--- 3352 bytes [12:22 23/03/2009] [12:22 23/03/2009] A0532197085E8BB86E11BB047C518128
C:\Program Files\Sun\JavaDB\docs\html\adminguide\cadminjavadb.html --a--- 3811 bytes [03:06 15/08/2009] [03:06 15/08/2009] 08282DBF829EF6B40EECD21F6BA09BDC
C:\Program Files\Sun\JavaDB\docs\html\devguide\cdevjavadb.html --a--- 3812 bytes [03:07 15/08/2009] [03:07 15/08/2009] 17A67D1849A3794844B194012E031435
C:\Program Files\Sun\JavaDB\docs\html\getstart\cgsjavadb.html --a--- 3809 bytes [03:08 15/08/2009] [03:08 15/08/2009] 44542FF295CF4D66ADF94EA457127F4C
C:\Program Files\Sun\JavaDB\docs\html\getstart\tgssetupjavaenvir.html --a--- 7924 bytes [03:08 15/08/2009] [03:08 15/08/2009] 4C6EAA254E01A5050389AF93700400A2
C:\Program Files\Sun\JavaDB\docs\html\images\java_db_type.jpg --a--- 28824 bytes [03:06 15/08/2009] [03:06 15/08/2009] 5DA4A41FCEF767BEB7CC9EC7D85F4574
C:\Program Files\Sun\JavaDB\docs\html\ref\crefjavadb.html --a--- 3803 bytes [03:08 15/08/2009] [03:08 15/08/2009] A5C64284BCB72B01A0F1970148CE07E1
C:\Program Files\Sun\JavaDB\docs\html\ref\rrefjdbcjavasqlsavepoint.html --a--- 5815 bytes [03:08 15/08/2009] [03:08 15/08/2009] FC08D5D2BB978DDAED81EDE0DE288358
C:\Program Files\Sun\JavaDB\docs\html\tools\ctoolsjavadb.html --a--- 3818 bytes [03:06 15/08/2009] [03:06 15/08/2009] DAFA8E7C5F58C61206BB8C2710043AF4
C:\Program Files\Sun\JavaDB\docs\html\tuning\ctunjavadb.html --a--- 3803 bytes [03:06 15/08/2009] [03:06 15/08/2009] 8370B638E934DE0111C0E00008FDB1C5
C:\RECYCLER\S-1-5-21-4229174763-2783399609-392354559-1008\Dc41\JavaRa.def --a--- 245103 bytes [01:53 23/05/2009] [01:53 23/05/2009] 7581E3AE14AA8BD29F72A0A4D09306E8
C:\RECYCLER\S-1-5-21-4229174763-2783399609-392354559-1008\Dc41\JavaRa.exe --a--- 157696 bytes [17:33 16/07/2009] [17:33 16/07/2009] 8FB2BAFDA81520867539C5393E715D89
C:\SWTOOLS\APPS\SUN_JRE\JAVA_DEL.INI ------ 833 bytes [18:08 23/05/2006] [14:17 05/05/2006] 754FB43712DE8A25C196C4BFBC60A081
C:\WINDOWS\Prefetch\JAVA.EXE-0C263507.pf --a--- 7600 bytes [19:34 26/04/2010] [19:34 26/04/2010] D76F2BECD0C6F189344986AAE61C8721
C:\WINDOWS\Prefetch\JAVACPL.EXE-3A722075.pf --a--- 6934 bytes [20:32 26/04/2010] [20:32 26/04/2010] 96504BFB81A4FA8E7CD828C223CC47E4
C:\WINDOWS\Prefetch\JAVARA.EXE-00E4C8B3.pf --a--- 36718 bytes [20:18 26/04/2010] [20:18 26/04/2010] 1298A2282535E0A46D329856E6E35861
C:\WINDOWS\Prefetch\JAVARA.EXE-39DD1565.pf --a--- 36684 bytes [19:45 26/04/2010] [20:45 26/04/2010] CE87A6D6CB0A9F73A8EF7C06E8EC9B4A
C:\WINDOWS\Prefetch\JAVAW.EXE-2CD2ABF1.pf --a--- 81336 bytes [20:30 26/04/2010] [20:35 26/04/2010] 583A880527A3022217FA8DB81CDD1D9D
C:\WINDOWS\Prefetch\JAVAW.EXE-2DC32ABC.pf --a--- 62312 bytes [20:32 26/04/2010] [20:32 26/04/2010] 9191AAC32A21A2425695AEF34E977365
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\adcjavas.inc ------ 629 bytes [17:51 30/08/2008] [12:00 04/08/2004] 49B9878B48D6614A5D76C7B07AE00F25
C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\adojavas.inc ------ 14610 bytes [17:51 30/08/2008] [12:00 04/08/2004] 398FD657D8EA0BD77325E6BAEEA25090
C:\WINDOWS\system32\java.exe --a--- 145184 bytes [00:53 30/01/2010] [22:14 17/12/2009] AD3A2226B72F6E161425254276670117
C:\WINDOWS\system32\javacpl.cpl --a--- 73728 bytes [23:42 11/12/2007] [20:02 17/12/2009] A430C07A2B0D09DADB6AE1DA5FDE9071
C:\WINDOWS\system32\javaw.exe --a--- 145184 bytes [00:53 30/01/2010] [22:14 17/12/2009] B427962BDB196D132AF50F6C7B78380D
C:\WINDOWS\system32\javaws.exe --a--- 153376 bytes [00:53 30/01/2010] [22:14 17/12/2009] C8824405C4E358A2FE4D97C83101079A

========== folderfind ==========

Searching for "*java*"
C:\Documents and Settings\All Users\Application Data\Sun\Java d----- [00:53 30/01/2010]
C:\Documents and Settings\All Users\Application Data\Sun\JavaDB Server 10.5.3.0 d----- [20:31 26/04/2010]
C:\Documents and Settings\All Users\Application Data\Sun\Java\Java Update d----- [00:53 30/01/2010]
C:\Documents and Settings\Michelle Ledgister\Application Data\Adobe\Acrobat\8.0\JavaScripts d----- [20:17 16/12/2007]
C:\Documents and Settings\Michelle Ledgister\Application Data\Sun\Java d----- [07:07 17/04/2010]
C:\Documents and Settings\Michelle Ledgister\My Documents\Downloads\JavaRa d----- [19:44 26/04/2010]
C:\Program Files\Adobe\Reader 8.0\Reader\Javascripts d----- [07:42 15/11/2007]
C:\Program Files\Common Files\Java d----- [19:53 20/04/2010]
C:\Program Files\Common Files\Java\Java Update d----- [19:53 20/04/2010]
C:\Program Files\Java d----- [07:39 15/11/2007]
C:\Program Files\Sun\JavaDB d----- [20:31 26/04/2010]
C:\Program Files\Sun\JavaDB\demo\programs\scores\java d----- [20:31 26/04/2010]
C:\Program Files\Sun\JavaDB\demo\programs\vtis\java d----- [20:31 26/04/2010]
C:\Program Files\Sun\JavaDB\javadoc d----- [20:31 26/04/2010]
C:\WINDOWS\java d----- [07:05 15/11/2007]
C:\WINDOWS\Sun\Java d----- [23:42 11/12/2007]

========== regfind ==========

Searching for "*java*"
[HKEY_USERS\S-1-5-21-4229174763-2783399609-392354559-1008\Software\IBM\TpShocks]
"AdvertiseDone"="1Ā궨˲ŵԈC:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Acrobat\8.0\Synchronizer\*JAVA*"

-=End Of File=-

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:46 PM

Posted 26 April 2010 - 06:44 PM

Okay, this is a massive task but we are going to try and remove Java completely from your system. This will allow you to reinstall Java.

First, please clear out your cache/cookies and Java cache

Please download ATF Cleaner by Atribune.
    Double-click ATF-Cleaner.exe to run the program.
    Under Main "Select Files to Delete" choose: Select All.
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

If you are using Firefox and this has caused page loading problems then please clear your private data. To do this go
to the Tools menu, select Clear Private Data, and then check Cache. Click Clear Private Data Now.

This could also be Clear Recent History or similar

Then close Firefox and then reopen it.


Then

To Clear the Java Runtime Environment (JRE) cache, do this:
  • Click Start > Settings > Control Panel.
  • Double-click the Java icon.
    -The Java Control Panel appears.
  • Click "Settings" under Temporary Internet Files.
    -The Temporary Files Settings dialog box appears.
  • Click "Delete Files".
    -The Delete Temporary Files dialog box appears.
    -There are three options on this window to clear the cache.
    • Delete Files
    • View Applications
    • View Applets
  • Click "OK" on Delete Temporary Files window.
    -Note: This deletes all the Downloaded Applications and Applets from the cache.
  • Click "OK" on Temporary Files Settings window.
  • Close the Java Control Panel.
You can also view these instructions along with screenshots here.


Try Java again. If that doesn't work please run the OTM script


We need to execute an OTM script
  1. Please download OTM by OldTimer and save it to your desktop.
  2. Double click the icon on your desktop.
  3. Paste the following code under the area. Do not include the word "Code".
    CODE
    :Files
    C:\Program Files\Java
    C:\Program Files\Sun
    C:\Documents and Settings\All Users\Application Data\Sun
    C:\Documents and Settings\Michelle Ledgister\Application Data\Sun
    C:\Program Files\Common Files\Java
    :Commands
    [Reboot]
  4. Push the large button.

This log will be enormous so please don't post it, instead just rerun OTL and post that.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#10 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
    •  
  • Local time:07:46 AM

Posted 26 April 2010 - 07:17 PM

Hi mOle

Just a quick question before I undertake this task. I have passwords saved in my default browser-Firefox and I want to keep All of them. Can I still delete my FF cache without disturbing them? If "Yes" how do I do this?

Thanks so much!

#11 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
    •  
  • Local time:07:46 AM

Posted 26 April 2010 - 11:51 PM

Not sure what did not happen - only 1 notepad - OTL.Txt came up - no sign of the Extras.Txt notepad file unsure.gif

OTL logfile created on: 4/27/2010 12:31:28 AM - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Michelle Ledgister\Desktop\BC
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 337.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.94 Gb Total Space | 46.25 Gb Free Space | 67.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-C2C1C07B
Current User Name: Michelle Ledgister
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michelle Ledgister\Desktop\BC\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\WINDOWS\system32\tp4serv.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe ( )
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Installshield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Michelle Ledgister\Desktop\BC\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_banner.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_think_res.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\csswait.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\cssuserdatadispatcher.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\tcsrpc.dll (Lenovo)
MOD - C:\WINDOWS\system32\tvttsp.dll (Lenovo)
MOD - C:\Program Files\Common Files\Lenovo\tvt_think_res.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- File not found
SRV - (CSIScanner) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe ( )
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (pxsec) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx)
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAudN.sys (Conexant Systems Inc.)
DRV - (Tp4Track) -- C:\WINDOWS\system32\drivers\tp4track.sys (Lenovo Group Limited)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 14:09:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/20 04:35:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 12:02:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/08 22:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/30 15:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Mozilla\Extensions
[2008/08/30 15:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle Ledgister\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/17 05:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Mozilla\Firefox\Profiles\o9t859ov.default\extensions
[2010/04/26 03:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/14 12:02:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/09 14:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/09/03 20:48:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/17 00:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/24 08:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/29 20:53:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010/04/14 12:02:20 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/14 12:02:20 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/03/19 19:23:20 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/04/14 12:02:22 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/11/02 21:16:17 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/02 21:16:17 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/02 21:16:17 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/02 21:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/02 21:16:17 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/02 21:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/02 21:16:17 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/08/31 22:44:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Documents and Settings\Michelle Ledgister\Desktop\HijackThis.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1234980431625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle Ledgister\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle Ledgister\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 00:25:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/27 00:24:14 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle Ledgister\Desktop\OTM.exe
[2007/11/15 03:30:52 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/11/15 03:30:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp files -> C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/27 00:28:35 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/04/27 00:28:22 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/27 00:28:13 | 000,025,312 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/04/27 00:28:03 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/04/27 00:28:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 00:27:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 00:27:53 | 1063,694,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/27 00:27:20 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Michelle Ledgister\NTUSER.DAT
[2010/04/27 00:26:56 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michelle Ledgister\ntuser.ini
[2010/04/27 00:24:18 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle Ledgister\Desktop\OTM.exe
[2010/04/27 00:02:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/04/26 23:50:06 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Michelle Ledgister\Desktop\FF CookieFiles.doc
[2010/04/14 20:05:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/30 03:00:56 | 006,940,826 | -H-- | M] () -- C:\Documents and Settings\Michelle Ledgister\Local Settings\Application Data\IconCache.db
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 19:20:52 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\FDA_Quality Assurance Specialist closes 4-9-10.doc
[2010/03/29 11:57:25 | 000,210,846 | ---- | M] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\TaxReturn_transmitted_3-29-2010.pdf
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp files -> C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 23:50:05 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Michelle Ledgister\Desktop\FF CookieFiles.doc
[2010/03/29 19:20:52 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\FDA_Quality Assurance Specialist closes 4-9-10.doc
[2010/03/29 11:57:25 | 000,210,846 | ---- | C] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\TaxReturn_transmitted_3-29-2010.pdf
[2009/02/18 14:58:07 | 000,002,613 | ---- | C] () -- C:\WINDOWS\System32\yctkpqwv.dll
[2009/02/18 14:55:10 | 000,002,613 | ---- | C] () -- C:\WINDOWS\System32\gqjbdjih.dll
[2009/02/17 14:42:09 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\xqinkgpj.dll
[2009/02/15 15:26:50 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\wmlhvtrs.dll
[2009/02/15 15:23:50 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\kbfhakkt.dll
[2009/02/14 15:24:03 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\qfxggsvu.dll
[2009/02/14 15:21:33 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\ddkmlvkh.dll
[2008/03/20 13:19:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/15 04:07:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/15 03:48:16 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/11/15 03:42:15 | 000,000,177 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/15 03:40:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/11/15 03:40:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/11/15 03:40:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/11/15 03:40:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/11/15 03:40:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/11/15 03:40:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/11/15 03:33:52 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/11/15 03:33:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4825.dll
[2007/11/15 03:31:43 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007/11/15 03:31:33 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/11/15 03:30:53 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/11/15 03:30:52 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/03/02 08:15:36 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/03/02 08:15:25 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/01/16 11:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 18:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/07 03:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/12/11 19:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2007/11/15 03:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/08/22 23:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/03/24 16:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/24 20:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\GARMIN
[2007/12/19 23:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\InterVideo
[2008/11/27 02:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Juniper Networks
[2007/12/12 09:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Leadertech
[2008/02/08 21:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Lenovo
[2009/01/05 18:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Thunderbird
[2010/04/27 00:02:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/04/27 00:28:35 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >



#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:46 PM

Posted 27 April 2010 - 03:40 PM

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
SRV - (JavaQuickStarterService) -- File not found
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[2009/03/09 14:21:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/09/03 20:48:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/17 00:15:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/11/24 08:06:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/01/29 20:53:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2009/12/17 18:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe File not found
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
[2009/02/18 14:58:07 | 000,002,613 | ---- | C] () -- C:\WINDOWS\System32\yctkpqwv.dll
[2009/02/18 14:55:10 | 000,002,613 | ---- | C] () -- C:\WINDOWS\System32\gqjbdjih.dll
[2009/02/17 14:42:09 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\xqinkgpj.dll
[2009/02/15 15:26:50 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\wmlhvtrs.dll
[2009/02/15 15:23:50 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\kbfhakkt.dll
[2009/02/14 15:24:03 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\qfxggsvu.dll
[2009/02/14 15:21:33 | 000,002,611 | ---- | C] () -- C:\WINDOWS\System32\ddkmlvkh.dll
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

One more OTL log please. That should do it. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#13 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
    •  
  • Local time:07:46 AM

Posted 27 April 2010 - 06:45 PM

mOle I totally messed up poster_oops.gif I misread your instructions and did a "Run Scan" with the copy and pasted scripted included. After I realized my mistake I performed the "Fix Scan" with the copy and pasted script. I received the message to reboot. I said "Yes" The system rebooted, the log appeared, and then the system froze - I was not able to log on to the internet. So I had to reboot the computer. Now I can't find the log scratchhead.gif

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:46 PM

Posted 27 April 2010 - 07:00 PM

No problem. Let's have a new OTL log and see what it did or didn't do. thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#15 lost2pc

lost2pc
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
    •  
  • Local time:07:46 AM

Posted 27 April 2010 - 07:09 PM

Thanks so much for your patience mOle. Here is the most recent OTL log and Extras.Txt log:

OTL logfile created on: 4/27/2010 8:01:17 PM - Run 5
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Michelle Ledgister\Desktop\BC
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 333.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.94 Gb Total Space | 46.06 Gb Free Space | 66.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-C2C1C07B
Current User Name: Michelle Ledgister
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Michelle Ledgister\Desktop\BC\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\WINDOWS\system32\tp4serv.exe (Lenovo Group Limited)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
PRC - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe ( )
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Installshield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Michelle Ledgister\Desktop\BC\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_banner.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_think_res.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\csswait.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\cssuserdatadispatcher.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\tcsrpc.dll (Lenovo)
MOD - C:\WINDOWS\system32\tvttsp.dll (Lenovo)
MOD - C:\Program Files\Common Files\Lenovo\tvt_think_res.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (CSIScanner) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe ( )
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (pxsec) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx)
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\CHDAudN.sys (Conexant Systems Inc.)
DRV - (Tp4Track) -- C:\WINDOWS\system32\drivers\tp4track.sys (Lenovo Group Limited)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.9

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/15 14:09:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/20 04:35:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/27 19:19:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/02/08 22:44:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/30 15:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Mozilla\Extensions
[2008/08/30 15:34:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michelle Ledgister\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/17 05:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Mozilla\Firefox\Profiles\o9t859ov.default\extensions
[2010/04/27 19:36:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/14 12:02:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/14 12:02:20 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/14 12:02:20 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/03/19 19:23:20 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2010/04/14 12:02:22 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/11/02 21:16:17 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/02 21:16:17 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/11/02 21:16:17 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/02 21:16:17 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/02 21:16:17 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/11/02 21:16:17 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/02 21:16:17 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2009/08/31 22:44:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Documents and Settings\Michelle Ledgister\Desktop\HijackThis.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1234980431625 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Michelle Ledgister\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michelle Ledgister\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/27 19:19:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/27 00:25:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/04/27 00:24:14 | 000,510,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michelle Ledgister\Desktop\OTM.exe
[2007/11/15 03:30:52 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007/11/15 03:30:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp files -> C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/27 20:02:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/04/27 19:35:12 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/04/27 19:35:02 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/27 19:34:54 | 000,025,312 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/04/27 19:34:44 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/04/27 19:34:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/27 19:34:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/27 19:34:35 | 1063,694,336 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/27 19:34:01 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Michelle Ledgister\NTUSER.DAT
[2010/04/27 19:33:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michelle Ledgister\ntuser.ini
[2010/04/27 00:24:18 | 000,510,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michelle Ledgister\Desktop\OTM.exe
[2010/04/26 23:50:06 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\Michelle Ledgister\Desktop\FF CookieFiles.doc
[2010/04/14 20:05:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/30 03:00:56 | 006,940,826 | -H-- | M] () -- C:\Documents and Settings\Michelle Ledgister\Local Settings\Application Data\IconCache.db
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 19:20:52 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\FDA_Quality Assurance Specialist closes 4-9-10.doc
[2010/03/29 11:57:25 | 000,210,846 | ---- | M] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\TaxReturn_transmitted_3-29-2010.pdf
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp files -> C:\Documents and Settings\Michelle Ledgister\My Documents\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 23:50:05 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\Michelle Ledgister\Desktop\FF CookieFiles.doc
[2010/03/29 19:20:52 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\FDA_Quality Assurance Specialist closes 4-9-10.doc
[2010/03/29 11:57:25 | 000,210,846 | ---- | C] () -- C:\Documents and Settings\Michelle Ledgister\My Documents\TaxReturn_transmitted_3-29-2010.pdf
[2008/03/20 13:19:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/15 04:07:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/11/15 03:48:16 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2007/11/15 03:42:15 | 000,000,177 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/11/15 03:40:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/11/15 03:40:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/11/15 03:40:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/11/15 03:40:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/11/15 03:40:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/11/15 03:40:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/11/15 03:33:52 | 000,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/11/15 03:33:52 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4825.dll
[2007/11/15 03:31:43 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007/11/15 03:31:33 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/11/15 03:30:53 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/11/15 03:30:52 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007/03/02 08:15:36 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/03/02 08:15:25 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/01/16 11:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 18:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/07 03:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/12/11 19:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2007/11/15 03:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/08/22 23:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/03/24 16:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/11/24 20:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\GARMIN
[2007/12/19 23:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\InterVideo
[2008/11/27 02:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Juniper Networks
[2007/12/12 09:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Leadertech
[2008/02/08 21:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Lenovo
[2009/01/05 18:47:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michelle Ledgister\Application Data\Thunderbird
[2010/04/27 20:02:00 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/04/27 19:35:12 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Extras.Txt:

OTL Extras logfile created on: 4/27/2010 8:01:18 PM - Run 5
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Michelle Ledgister\Desktop\BC
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 333.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.94 Gb Total Space | 46.06 Gb Free Space | 66.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-C2C1C07B
Current User Name: Michelle Ledgister
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde File not found
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0160200}" = Java™ SE Development Kit 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"avast!" = avast! Antivirus
"AwayTask" = Maintenance Manager
"CCleaner" = CCleaner
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"Remove Multimedia Center" = Remove Multimedia Center
"SpywareBlaster_is1" = SpywareBlaster 4.2
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"VLC media player" = VLC media player 0.9.8a
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/27/2010 7:35:56 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\6b29ae44e85efac3c72ff4d1865d73f1_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/27/2010 7:35:56 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\83aa4cc77f591dfc2374580bbd95f6ba_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/27/2010 7:35:56 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\8f71098770f72c7a67cd8f1151619865_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/27/2010 7:35:56 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\Michelle Ledgister\Application Data\Microsoft\Crypto\RSA\S-1-5-21-4229174763-2783399609-392354559-1008\90cf7e262bc48792c9a0918e9a919902_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/27/2010 7:35:56 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\CREDHIST
failed, 00000005.

Error - 4/27/2010 7:35:56 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\cfe4cfea-f665-4ea4-85a3-b6ec03a2af0f
failed, 00000005.

Error - 4/27/2010 7:35:56 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\f42021c3-c023-4648-a8e7-0e5c4bc00882
failed, 00000005.

Error - 4/27/2010 7:35:56 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Protect\S-1-5-20\Preferred
failed, 00000005.

Error - 4/27/2010 7:35:57 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\Documents and Settings\NetworkService\Application Data\Microsoft\Crypto\RSA\S-1-5-20\94498385663a229a93d423c6d144ae0b_17f55422-1271-485c-a6cb-a54860e35d37
failed, 00000005.

Error - 4/27/2010 7:35:57 PM | Computer Name = LENOVO-C2C1C07B | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\RRbackups\common\usersids.dat failed, 00000005.

[ Application Events ]
Error - 4/27/2010 5:50:01 AM | Computer Name = LENOVO-C2C1C07B | Source = NativeWrapper | ID = 5000
Description =

Error - 4/27/2010 5:50:07 AM | Computer Name = LENOVO-C2C1C07B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/27/2010 5:50:10 AM | Computer Name = LENOVO-C2C1C07B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/27/2010 5:50:27 AM | Computer Name = LENOVO-C2C1C07B | Source = MSSQLSERVER | ID = 921877
Description =

Error - 4/27/2010 5:50:32 AM | Computer Name = LENOVO-C2C1C07B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/27/2010 8:00:31 PM | Computer Name = LENOVO-C2C1C07B | Source = NativeWrapper | ID = 5000
Description =

Error - 4/27/2010 8:00:38 PM | Computer Name = LENOVO-C2C1C07B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb963707,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/27/2010 8:00:43 PM | Computer Name = LENOVO-C2C1C07B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.5-kb958484,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 4/27/2010 8:01:01 PM | Computer Name = LENOVO-C2C1C07B | Source = MSSQLSERVER | ID = 921877
Description =

Error - 4/27/2010 8:01:08 PM | Computer Name = LENOVO-C2C1C07B | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb974417,
P2 1033, P3 1605, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.

[ System Events ]
Error - 4/25/2010 8:00:46 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update
for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and
Windows Server 2008 R2 (KB953297).

Error - 4/25/2010 8:00:55 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update to .NET Framework 3.5 Service Pack 1 for the .NET
Framework Assistant 1.0 x86 (KB963707).

Error - 4/25/2010 8:01:00 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework
3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86.

Error - 4/25/2010 8:01:19 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for SQL Server 2000 Service Pack 4 (KB960082).

Error - 4/25/2010 8:02:21 PM | Computer Name = LENOVO-C2C1C07B | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft .NET Framework 2.0 Service Pack 2 Security Update
for Windows 2000, Windows Server 2003, and Windows XP (KB974417).

Error - 4/26/2010 12:18:54 AM | Computer Name = LENOVO-C2C1C07B | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%3

Error - 4/27/2010 3:47:42 PM | Computer Name = LENOVO-C2C1C07B | Source = Service Control Manager | ID = 7000
Description = The CSIScanner service failed to start due to the following error:
%%3

Error - 4/27/2010 3:47:42 PM | Computer Name = LENOVO-C2C1C07B | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%3

Error - 4/27/2010 3:49:31 PM | Computer Name = LENOVO-C2C1C07B | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 4/27/2010 3:51:00 PM | Computer Name = LENOVO-C2C1C07B | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.


< End of report >

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·