Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTP Tidserv Request blocked by Norton Internet Security 2010


  • This topic is locked This topic is locked
10 replies to this topic

#1 Led Head

Led Head

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 26 May 2010 - 12:18 PM

Hello,

I am running Windows XP Professional, Service Pack 3 on a Lenovo T61 with Norton Internet Security 2010. For the past few days I am getting a message from Norton indicating "A Recent Attempt to Attack Your Computer Was Blocked" . Some Internet Research led me to this forum. Thanks in advance for any assistance.

Thanks,

Jim


DDS (Ver_10-03-17.01) - NTFSx86
Run by jbailey at 11:45:53.72 on Wed 05/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.1884 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\Malware Removal Programs\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://lenovo.live.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] "c:\program files\spybot - search & destroy\TeaTimer.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TVT Scheduler Proxy] "c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe"
mRun: [TPHOTKEY] "c:\program files\lenovo\hotkey\TPOSDSVC.exe"
mRun: [PWRMGRTR] "c:\windows\system32\rundll32.exe" c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] "c:\windows\system32\rundll32.exe" c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe"
mRun: [<NO NAME>]
mRun: [nwiz] nwiz.exe /install
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: bmnet.dll
Trusted Zone: ameritrade.com\wwws
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} - hxxp://www.pcpitstop.com/internet/pcpConnCheck.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://portal.dyneamark.com/XTSAC.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://st.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: ACNotify - ACNotify.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 91.212.127.221 viruskill2009.microsoft.com
Hosts: 91.212.127.221 viruskill2009.com
Hosts: 91.212.127.221 www.viruskill2009.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jbaile~1.dyn\applic~1\mozilla\firefox\profiles\7fk0tnco.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\jbailey.dyneamark\application data\mozilla\firefox\profiles\7fk0tnco.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-11 64160]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-20 173104]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2008-10-6 3968]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-20 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-20 116784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2005-11-25 31896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-25 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100518.002\IDSXpx86.sys [2010-5-24 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100525.034\NAVENG.SYS [2010-5-25 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100525.034\NAVEX15.SYS [2010-5-25 1347504]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2009-12-4 121416]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-05-26 15:44:34 0 ----a-w- c:\documents and settings\jbailey.dyneamark\defogger_reenable
2010-04-30 20:17:39 0 d-----w- c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
2010-04-29 17:56:51 0 d-----w- c:\program files\DemoForge
2010-04-29 17:55:57 0 d--h--w- c:\program files\Zero G Registry
2010-04-29 17:55:08 0 d--h--w- c:\documents and settings\jbailey.dyneamark\InstallAnywhere
2010-04-29 17:50:23 0 d-----w- c:\documents and settings\jbailey.dyneamark\Yugma

==================== Find3M ====================

2010-04-30 12:56:34 72080 ----a-w- c:\documents and settings\jbailey.dyneamark\g2mdlhlpx.exe
2010-03-18 21:13:28 11501 ----a-w- c:\program files\RIM 9700 Accessories.docx
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2008-10-22 01:29:18 16766 ----a-w- c:\program files\DI-624 MAC Addresses.htm
2008-10-17 14:47:05 160587 ----a-w- c:\program files\Circuit City Receipt Confirmation for Order 4417-3672274 Nintendo Wii.htm
2008-10-16 19:41:32 124415 ----a-w- c:\program files\CNET 2008 AntiVirus Reviews.htm
2008-09-02 14:21:23 18169 ----a-w- c:\program files\DBT T Shirt Birthday Present Roy.htm
2008-07-17 02:08:07 5633 ----a-w- c:\program files\Cancelled Boston Rental Car Midsize 7-08.htm
2010-01-06 20:09:05 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-05-30 21:21:33 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-10-25 20:31:16 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102520081026\index.dat

============= FINISH: 11:47:32.64 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:19 PM

Posted 28 May 2010 - 06:07 AM

Hello and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
  • mbr.log

Thanks

unite.jpg


#3 Led Head

Led Head
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 28 May 2010 - 09:04 AM

Thanks Syler for the reply.

Here are the logs requested. I wasn't sure if you needed them attached or pasted so I did both.


OTL logfile created on: 5/28/2010 9:50:44 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\jbailey.DYNEAMARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.24 Gb Total Space | 33.23 Gb Free Space | 23.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.81 Mb Total Space | 1.95 Mb Free Space | 51.02% Space Free | Partition Type: FAT
Drive F: | 232.88 Gb Total Space | 87.23 Gb Free Space | 37.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-3572C3E5
Current User Name: jbailey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/28 09:47:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\OTL(2).exe
PRC - [2010/04/01 13:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/22 11:50:57 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/03/22 11:50:56 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/08/17 22:54:54 | 012,957,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 10:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 19:05:30 | 000,086,016 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008/03/14 19:04:48 | 000,118,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008/03/14 19:04:28 | 000,188,416 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/03/14 18:58:40 | 001,646,592 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACMainGUI.exe
PRC - [2008/03/14 18:57:34 | 000,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2008/03/14 18:53:46 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008/03/04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/01/25 14:06:08 | 000,111,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/01/24 10:21:58 | 000,066,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/11/21 18:38:38 | 000,075,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/11/02 15:51:02 | 000,036,136 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/03/02 20:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 16:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/30 21:45:42 | 000,722,496 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/11/03 18:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/05/28 09:47:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\OTL(2).exe
MOD - [2010/05/14 01:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/05/17 11:53:00 | 001,474,560 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2007/05/17 11:53:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/22 11:50:56 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2009/12/04 17:41:50 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/03/14 19:05:30 | 000,086,016 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/03/14 19:04:28 | 000,188,416 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008/03/04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/11/02 15:51:02 | 000,036,136 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/09/26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/03/21 13:42:38 | 000,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2007/03/02 20:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 16:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/30 21:45:42 | 000,722,496 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/05/27 09:25:35 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 09:25:35 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/11 06:39:39 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100527.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 06:39:39 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100527.039\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 13:44:04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/12/04 17:32:56 | 000,024,064 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/04 17:31:18 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/11/25 18:09:11 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/05 18:06:13 | 000,328,752 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 18:37:24 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100520.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/06/04 15:37:21 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/05/11 13:49:11 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/05/30 17:32:36 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/05/30 17:31:49 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/20 04:13:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/02/15 19:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/21 20:34:30 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/01/21 20:34:28 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2008/01/11 01:30:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/11/15 10:18:06 | 000,017,845 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2007/11/02 15:50:30 | 000,021,808 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/11/01 16:26:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/11/01 16:25:32 | 000,211,456 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/11/01 16:25:22 | 000,731,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/10/26 01:20:36 | 000,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/10/12 16:30:46 | 000,252,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/07/03 18:46:24 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/05/17 11:53:00 | 006,346,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/03/28 14:02:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/07 02:51:08 | 000,311,808 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/03/02 20:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/03/02 20:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/02/27 05:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/08 15:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/31 09:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/24 05:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/24 05:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/01/18 08:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/06 04:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/15 02:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/09 10:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/09/13 15:42:44 | 000,035,264 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2006/03/01 06:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/14 01:04:58 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/25 17:43:48 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/07/13 23:14:34 | 000,027,904 | ---- | M] (REDC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\risdptsk.sys -- (risdptsk)
DRV - [2005/05/17 13:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2003/09/11 02:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/25 20:57:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/27 10:32:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/26 14:09:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/26 14:25:21 | 000,000,000 | ---D | M]

[2008/11/14 10:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jbailey.DYNEAMARK\Application Data\Mozilla\Extensions
[2010/05/28 09:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jbailey.DYNEAMARK\Application Data\Mozilla\Firefox\Profiles\7fk0tnco.default\extensions
[2010/04/27 08:24:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jbailey.DYNEAMARK\Application Data\Mozilla\Firefox\Profiles\7fk0tnco.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/11 09:03:25 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\jbailey.DYNEAMARK\Application Data\Mozilla\Firefox\Profiles\7fk0tnco.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/04/27 08:24:06 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\jbailey.DYNEAMARK\Application Data\Mozilla\Firefox\Profiles\7fk0tnco.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/11/10 13:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jbailey.DYNEAMARK\Application Data\Mozilla\Firefox\Profiles\7fk0tnco.default\extensions\firefox@tvunetworks.com
[2008/11/16 22:07:03 | 000,001,536 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Application Data\Mozilla\Firefox\Profiles\7fk0tnco.default\searchplugins\ny-giants.xml
[2010/05/26 14:09:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/25 17:55:15 | 000,000,152 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.221 viruskill2009.microsoft.com
O1 - Hosts: 91.212.127.221 viruskill2009.com
O1 - Hosts: 91.212.127.221 www.viruskill2009.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142..\Run: [ISUSPM] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKU\S-1-5-21-2226995957-1088261065-2424906731-1142\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://portal.dyneamark.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://st.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DyneAMark.local
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (OWS\S) - File not found
O30 - LSA: Security Packages - (CURITY SOLUTION) - File not found
O30 - LSA: Security Packages - (y Packages sett) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: winykubd - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/04/29 20:12:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpReg: ACTray - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
MsConfig - StartUpReg: ACWLIcon - hkey= - key= - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
MsConfig - StartUpReg: AMSG - hkey= - key= - C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
MsConfig - StartUpReg: AwaySch - hkey= - key= - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
MsConfig - StartUpReg: BLOG - hkey= - key= - C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
MsConfig - StartUpReg: cssauth - hkey= - key= - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: EZEJMNAP - hkey= - key= - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: LPManager - hkey= - key= - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PWRMGRTR - hkey= - key= - C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
MsConfig - StartUpReg: SoundMAX - hkey= - key= - C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SoundMAXPnP - hkey= - key= - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TPFNF7 - hkey= - key= - C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
MsConfig - StartUpReg: TPHOTKEY - hkey= - key= - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
MsConfig - StartUpReg: TpShocks - hkey= - key= - File not found
MsConfig - StartUpReg: TVT Scheduler Proxy - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69256399187607552)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 09:47:00 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\OTL(2).exe
[2010/05/26 14:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/26 14:03:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jbailey.DYNEAMARK\Recent
[2010/05/26 13:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\plugins
[2010/05/26 11:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\Malware Removal Programs
[2010/05/25 09:25:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/25 09:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/30 16:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2010/04/30 16:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Guru3D.com
[2010/04/30 16:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\Guru3D.com
[2010/04/30 16:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\New Folder (2)
[2010/04/29 13:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\DemoForge
[2010/04/29 13:55:57 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010/04/29 13:55:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jbailey.DYNEAMARK\InstallAnywhere
[2010/04/29 13:50:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jbailey.DYNEAMARK\Yugma
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/28 09:47:21 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\mbr.exe
[2010/05/28 09:47:07 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\OTL(2).exe
[2010/05/28 09:23:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/28 09:14:49 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/05/28 09:13:27 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/05/28 09:12:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/28 09:12:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/28 09:10:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/05/28 09:10:01 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/05/28 09:09:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/28 09:09:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/28 09:09:44 | 3202,658,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/27 22:36:19 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\NTUSER.DAT
[2010/05/27 22:07:01 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/05/27 20:33:02 | 000,045,145 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Seattle_Aqua_Theatre-1951.jpg
[2010/05/27 20:32:29 | 000,075,090 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\SeattlePop1969.jpg
[2010/05/27 20:15:07 | 000,071,335 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\SeattlePop_2.jpg
[2010/05/27 15:08:48 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\Microsoft Office Word 2007.lnk
[2010/05/27 14:39:56 | 003,699,963 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\ComboFix.exe
[2010/05/27 14:00:55 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\Microsoft Office Outlook 2007.lnk
[2010/05/27 10:04:10 | 002,106,616 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\AVX SolidState Connectors.pdf
[2010/05/27 09:36:56 | 000,100,864 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Latest DRS update 5-21-10.msg
[2010/05/27 09:36:32 | 000,384,000 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\RE DAM transition Lockheed .msg
[2010/05/27 09:35:04 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\REIntelligent Media Account Info.msg
[2010/05/27 09:34:36 | 000,770,560 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\DAM transition Invivo, Elster, Atheros, Avidyne, DRS, L3, Nexxus.msg
[2010/05/27 09:32:43 | 000,222,208 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Voraxis Account Info.msg
[2010/05/26 14:09:25 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/26 14:04:42 | 000,000,286 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100526_140439.reg
[2010/05/26 14:04:27 | 000,010,196 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100526_140425.reg
[2010/05/26 11:44:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\defogger_reenable
[2010/05/26 10:06:52 | 000,021,796 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-9-10.xlsx
[2010/05/25 22:43:03 | 000,720,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\Cat.DB
[2010/05/25 14:27:49 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\AVX Product Country of Origin.xls
[2010/05/25 13:14:07 | 000,021,713 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-23-10.xlsx
[2010/05/25 13:08:36 | 000,021,609 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-30-10.xlsx
[2010/05/25 10:40:24 | 000,249,458 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\AVXLighting connectors 10-09.pdf
[2010/05/25 10:37:57 | 000,351,392 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Lighting Bro 4-09.pdf
[2010/05/25 10:33:20 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-25-10 Rev3.xls
[2010/05/25 10:30:03 | 000,061,952 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-25-10 Rev 3.xls
[2010/05/25 09:55:30 | 000,001,472 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100525_095523.reg
[2010/05/25 09:19:43 | 000,001,980 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2010/05/25 09:19:27 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/05/24 18:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010/05/24 11:40:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/05/18 10:59:36 | 000,204,394 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\8069.pdf
[2010/05/18 10:55:40 | 000,308,517 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5650_1.pdf
[2010/05/18 10:55:19 | 000,198,774 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5650_3.pdf
[2010/05/18 10:54:52 | 000,195,190 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5650_2.pdf
[2010/05/18 10:41:05 | 000,146,130 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\8005.pdf
[2010/05/18 10:32:14 | 000,177,417 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5138.pdf
[2010/05/18 10:26:01 | 000,128,476 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\6288 FFC.pdf
[2010/05/17 15:32:52 | 000,150,528 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\jb DAMC OSR Account Assignment Tracking - June 2010 - MASTER.xls
[2010/05/17 09:47:25 | 000,021,697 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-16-10.xlsx
[2010/05/16 20:28:40 | 000,001,922 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/14 09:35:05 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\PW.docx
[2010/05/14 02:32:01 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\isolate.ini
[2010/05/13 11:21:04 | 001,140,358 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\6882 High Speed FPC.pdf
[2010/05/13 11:04:05 | 000,010,749 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Customer-CM.xlsx
[2010/05/13 10:47:38 | 000,571,282 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5668.pdf
[2010/05/13 10:47:38 | 000,407,349 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Shielded 5668.pdf
[2010/05/13 10:47:38 | 000,246,340 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\8069 Product Spec (H=1.8mm).pdf
[2010/05/13 10:47:38 | 000,235,271 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\8069 Product Spec (H=3mm).pdf
[2010/05/13 10:47:38 | 000,192,733 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5658 Hybrid Floating BTB.pdf
[2010/05/13 09:28:08 | 000,190,794 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\AXGE-3754-05xy (SFP-1000BX40,60-D5)_V1.1.pdf
[2010/05/12 19:55:03 | 000,060,928 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-12-10 Rev 2.xls
[2010/05/12 07:03:34 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-12-10.xls
[2010/05/11 17:11:55 | 000,059,904 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-11-10.xls
[2010/05/10 15:30:24 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/05/06 14:48:20 | 000,202,865 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\EE2-KH00-10 converted.pdf
[2010/05/06 14:41:17 | 000,099,111 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\KNH21 Series.pdf
[2010/05/06 08:56:33 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100506_085630.reg
[2010/05/06 08:56:14 | 000,009,494 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100506_085611.reg
[2010/05/06 08:43:09 | 000,001,555 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\CCleaner.lnk
[2010/05/06 00:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdi.sys
[2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symtdiv.sys
[2010/05/06 00:01:43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnetv.inf
[2010/05/06 00:01:43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\symnet.inf
[2010/05/04 16:03:57 | 000,015,144 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\KEC Products.docx
[2010/05/03 10:59:20 | 000,021,606 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-2-10.xlsx
[2010/05/02 22:16:02 | 032,556,615 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\NY-_Time_Fades_Away.zip
[2010/04/30 17:28:14 | 004,948,904 | -H-- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Local Settings\Application Data\IconCache.db
[2010/04/30 15:23:39 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\LENOVO Order 2CP74P .msg
[2010/04/30 14:51:58 | 009,982,280 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\KEC Conn Overview.pdf
[2010/04/30 12:16:04 | 001,266,235 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\RF Antenna concepts 2010.pdf
[2010/04/30 10:38:11 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Sensitron DAM-Forecast 4 30 10.xls
[2010/04/30 08:56:34 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\g2mdlhlpx.exe
[2010/04/29 13:56:13 | 000,000,902 | ---- | M] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\Yugma.lnk
[2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\ironx86.sys
[2010/04/29 01:03:51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.cat
[2010/04/29 01:03:51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1107000.00C\iron.inf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/28 09:47:21 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\mbr.exe
[2010/05/27 20:33:02 | 000,045,145 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Seattle_Aqua_Theatre-1951.jpg
[2010/05/27 20:32:29 | 000,075,090 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\SeattlePop1969.jpg
[2010/05/27 20:15:06 | 000,071,335 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\SeattlePop_2.jpg
[2010/05/27 14:39:41 | 003,699,963 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\ComboFix.exe
[2010/05/27 10:04:09 | 002,106,616 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\AVX SolidState Connectors.pdf
[2010/05/27 09:36:56 | 000,100,864 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Latest DRS update 5-21-10.msg
[2010/05/27 09:36:31 | 000,384,000 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\RE DAM transition Lockheed .msg
[2010/05/27 09:35:03 | 000,073,216 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\REIntelligent Media Account Info.msg
[2010/05/27 09:34:36 | 000,770,560 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\DAM transition Invivo, Elster, Atheros, Avidyne, DRS, L3, Nexxus.msg
[2010/05/27 09:32:43 | 000,222,208 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Voraxis Account Info.msg
[2010/05/26 14:09:25 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/05/26 14:04:40 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100526_140439.reg
[2010/05/26 14:04:26 | 000,010,196 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100526_140425.reg
[2010/05/26 11:44:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\defogger_reenable
[2010/05/25 14:27:48 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\AVX Product Country of Origin.xls
[2010/05/25 13:08:36 | 000,021,609 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-30-10.xlsx
[2010/05/25 13:08:09 | 000,021,713 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-23-10.xlsx
[2010/05/25 10:40:24 | 000,249,458 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\AVXLighting connectors 10-09.pdf
[2010/05/25 10:37:57 | 000,351,392 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Lighting Bro 4-09.pdf
[2010/05/25 10:33:20 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-25-10 Rev3.xls
[2010/05/25 10:30:02 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-25-10 Rev 3.xls
[2010/05/25 09:55:27 | 000,001,472 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100525_095523.reg
[2010/05/18 10:55:36 | 000,308,517 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5650_1.pdf
[2010/05/18 10:55:18 | 000,198,774 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5650_3.pdf
[2010/05/18 10:54:52 | 000,195,190 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5650_2.pdf
[2010/05/18 10:41:05 | 000,146,130 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\8005.pdf
[2010/05/18 10:32:12 | 000,177,417 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5138.pdf
[2010/05/18 10:25:58 | 000,128,476 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\6288 FFC.pdf
[2010/05/17 15:32:52 | 000,150,528 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\jb DAMC OSR Account Assignment Tracking - June 2010 - MASTER.xls
[2010/05/17 09:47:25 | 000,021,697 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-16-10.xlsx
[2010/05/16 20:28:40 | 000,001,922 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/05/14 09:51:28 | 000,021,796 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-9-10.xlsx
[2010/05/13 11:34:22 | 001,298,166 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5151 Micro USB English.pdf
[2010/05/13 11:34:22 | 001,140,358 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\6882 High Speed FPC.pdf
[2010/05/13 11:04:04 | 000,010,749 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Customer-CM.xlsx
[2010/05/13 10:47:38 | 000,571,282 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5668.pdf
[2010/05/13 10:47:38 | 000,407,349 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Shielded 5668.pdf
[2010/05/13 10:47:38 | 000,246,340 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\8069 Product Spec (H=1.8mm).pdf
[2010/05/13 10:47:38 | 000,235,271 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\8069 Product Spec (H=3mm).pdf
[2010/05/13 10:47:38 | 000,204,394 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\8069.pdf
[2010/05/13 10:47:38 | 000,192,733 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\5658 Hybrid Floating BTB.pdf
[2010/05/13 09:28:07 | 000,190,794 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\AXGE-3754-05xy (SFP-1000BX40,60-D5)_V1.1.pdf
[2010/05/12 19:55:03 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-12-10 Rev 2.xls
[2010/05/12 07:03:34 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-12-10.xls
[2010/05/11 17:09:59 | 000,059,904 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Zhone Axcen SFP Quote 5-11-10.xls
[2010/05/06 14:48:19 | 000,202,865 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\EE2-KH00-10 converted.pdf
[2010/05/06 14:41:16 | 000,099,111 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\KNH21 Series.pdf
[2010/05/06 08:56:31 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100506_085630.reg
[2010/05/06 08:56:13 | 000,009,494 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\cc_20100506_085611.reg
[2010/05/04 17:06:15 | 001,266,235 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\RF Antenna concepts 2010.pdf
[2010/05/04 16:03:57 | 000,015,144 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\KEC Products.docx
[2010/05/03 10:59:19 | 000,021,606 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Expenses 5-2-10.xlsx
[2010/05/02 22:16:03 | 032,556,615 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\NY-_Time_Fades_Away.zip
[2010/04/30 15:23:39 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\LENOVO Order 2CP74P .msg
[2010/04/30 14:51:17 | 009,982,280 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\KEC Conn Overview.pdf
[2010/04/30 10:38:11 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\My Documents\Sensitron DAM-Forecast 4 30 10.xls
[2010/04/29 13:56:13 | 000,000,902 | ---- | C] () -- C:\Documents and Settings\jbailey.DYNEAMARK\Desktop\Yugma.lnk
[2010/03/19 21:17:35 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/03/09 22:44:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/13 17:55:17 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/15 17:50:59 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/01/15 17:50:07 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/01/15 17:50:07 | 000,000,141 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/10/27 16:16:02 | 000,000,138 | ---- | C] () -- C:\WINDOWS\ImageRescue3.INI
[2008/08/19 18:13:04 | 000,000,302 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2008/06/18 10:06:12 | 000,139,280 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/05/30 17:40:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/30 17:31:23 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/05/30 17:26:01 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/30 17:24:31 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/05/30 17:24:31 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/05/30 17:24:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/05/30 17:24:31 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/05/30 17:24:31 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/05/30 17:24:31 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/05/30 17:19:08 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/30 17:19:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/30 17:19:07 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/30 17:19:07 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/30 17:15:18 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/05/30 17:14:10 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/05/30 17:13:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/05/30 17:12:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008/05/30 16:57:21 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/03/02 08:15:36 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/03/02 08:15:25 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/02/27 20:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 20:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/16 11:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/05 17:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 03:22:10 | 000,000,887 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/17 14:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 14:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/29 20:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 20:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 20:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2010/01/15 12:58:05 | 000,072,080 | ---- | M] () -- C:\g2mdlhlpx.exe
< End of report >


OTL Extras logfile created on: 5/28/2010 9:50:44 AM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\jbailey.DYNEAMARK\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 54.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.24 Gb Total Space | 33.23 Gb Free Space | 23.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 3.81 Mb Total Space | 1.95 Mb Free Space | 51.02% Space Free | Partition Type: FAT
Drive F: | 232.88 Gb Total Space | 87.23 Gb Free Space | 37.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-3572C3E5
Current User Name: jbailey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2226995957-1088261065-2424906731-1142\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [tralih] -- "C:\Program Files\Trader's Little Helper\tralih.exe" /0 "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3978:UDP" = 3978:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"3996:UDP" = 3996:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"4318:UDP" = 4318:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"4336:UDP" = 4336:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)
"4357:UDP" = 4357:UDP:*:Enabled:Windows Media Format SDK (winamp.exe)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\play2p\play2p.exe" = C:\Program Files\play2p\play2p.exe:*:Disabled:play2p -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\play2p\play2p.exe" = C:\Program Files\play2p\play2p.exe:*:Enabled:play2p -- File not found
"C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe" = C:\Program Files\StreamTorrent 1.0\StreamTorrent.exe:*:Enabled:StreamTorrent P2P Media Player -- (StreamTorrent Team)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34E9509A-583C-49A1-A57C-C9301C8D6D2C}" = CONTEX Presenter
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"{627EAB2D-F5AE-4815-AD8E-79129D7959E7}" = Memory Stick File Rescue
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_AccessR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_AccessR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_AccessR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_AccessR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_AccessR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0015-0000-0000-0000000FF1CE}" = Microsoft Office Access 2007
"{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0015-0000-0000-0000000FF1CE}_AccessR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5670-0000-800000000003}" = Korean Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2DA1CDC-EF9D-4B7C-91F8-710B17AD44A7}" = Microsoft Office Live Meeting 2007
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D81FBA6E-5492-4C46-BAE3-3A9242C27210}" = TaxCut Basic + Efile 2008
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F813E3A8-1641-4510-9C35-BF4656C63B8C}" = AT&T Communication Manager
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"7-Zip" = 7-Zip 4.57
"AccessR" = Microsoft Office Access 2007
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Atomic Clock Sync" = Atomic Clock Sync
"AVGantiRootkit" = AVG Anti-Rootkit Free
"AwayTask" = Maintenance Manager
"BlackBerry_{5B7CF62F-D339-4FAA-A610-372ED5A2787F}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"CentraClient" = Centra Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Defraggler" = Defraggler (remove only)
"DMX4_is1" = DriverMax 4
"DMX5_is1" = DriverMax 5
"DVD Identifier_is1" = DVD Identifier
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"ExtractNow_is1" = ExtractNow
"F13EE0B22AD5D087DFA50E3D4D6F13FC1AAAFB32" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Family Lawyer 2003" = Family Lawyer 2003
"FL2003 Registration" = FL2003 Registration
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Updater" = Google Updater
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mirage Driver_is1" = Mirage Driver 1.1
"Monitor Calibration Wizard" = Monitor Calibration Wizard 1.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Power Management Driver" = ThinkPad Power Management Driver
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® PRO Network Connections Drivers
"Recuva" = Recuva (remove only)
"Remove Multimedia Center" = Remove Multimedia Center
"SopCast" = SopCast 3.0.3
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TradersLittleHelper_is1" = Trader's Little Helper 2.4.1
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.7.1
"USA TODAY MileTracker" = USA TODAY MileTracker
"VLC media player" = VLC media player 0.9.2
"Winamp" = Winamp
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yugma" = Yugma

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2226995957-1088261065-2424906731-1142\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.452
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/26/2010 6:33:07 PM | Computer Name = LENOVO-3572C3E5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/26/2010 6:33:07 PM | Computer Name = LENOVO-3572C3E5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/26/2010 6:33:16 PM | Computer Name = LENOVO-3572C3E5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/26/2010 6:34:41 PM | Computer Name = LENOVO-3572C3E5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for DYNEAMARK\jbailey failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/27/2010 1:59:26 PM | Computer Name = LENOVO-3572C3E5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 5/27/2010 1:59:26 PM | Computer Name = LENOVO-3572C3E5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 5/27/2010 7:51:44 PM | Computer Name = LENOVO-3572C3E5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/27/2010 7:51:44 PM | Computer Name = LENOVO-3572C3E5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/27/2010 7:51:53 PM | Computer Name = LENOVO-3572C3E5 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/27/2010 7:53:03 PM | Computer Name = LENOVO-3572C3E5 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for DYNEAMARK\jbailey failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ OSession Events ]
Error - 8/26/2008 10:40:38 PM | Computer Name = LENOVO-3572C3E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 720
seconds with 300 seconds of active time. This session ended with a crash.

Error - 9/2/2008 4:28:47 PM | Computer Name = LENOVO-3572C3E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5741
seconds with 840 seconds of active time. This session ended with a crash.

Error - 9/8/2008 2:17:25 PM | Computer Name = LENOVO-3572C3E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 12893
seconds with 60 seconds of active time. This session ended with a crash.

Error - 3/26/2009 2:10:59 PM | Computer Name = LENOVO-3572C3E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 18392
seconds with 3960 seconds of active time. This session ended with a crash.

Error - 5/3/2009 12:34:29 PM | Computer Name = LENOVO-3572C3E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3586
seconds with 120 seconds of active time. This session ended with a crash.

Error - 5/13/2009 1:47:04 PM | Computer Name = LENOVO-3572C3E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 15961
seconds with 3540 seconds of active time. This session ended with a crash.

Error - 5/19/2009 2:05:19 PM | Computer Name = LENOVO-3572C3E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 16757
seconds with 2820 seconds of active time. This session ended with a crash.

Error - 9/11/2009 11:26:37 AM | Computer Name = LENOVO-3572C3E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8745
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 3/26/2010 8:35:00 AM | Computer Name = LENOVO-3572C3E5 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 749
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/27/2010 7:58:39 PM | Computer Name = LENOVO-3572C3E5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 5/27/2010 8:13:41 PM | Computer Name = LENOVO-3572C3E5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 5/27/2010 8:43:41 PM | Computer Name = LENOVO-3572C3E5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 5/27/2010 9:43:42 PM | Computer Name = LENOVO-3572C3E5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 5/28/2010 8:50:52 AM | Computer Name = LENOVO-3572C3E5 | Source = NetBT | ID = 4321
Description = The name "DYNEAMARK :1d" could not be registered on the Interface
with IP address 192.168.2.133. The machine with the IP address 192.168.2.10 did
not allow the name to be claimed by this machine.

Error - 5/28/2010 8:56:04 AM | Computer Name = LENOVO-3572C3E5 | Source = NetBT | ID = 4321
Description = The name "DYNEAMARK :1d" could not be registered on the Interface
with IP address 192.168.2.133. The machine with the IP address 192.168.2.10 did
not allow the name to be claimed by this machine.

Error - 5/28/2010 9:04:44 AM | Computer Name = LENOVO-3572C3E5 | Source = DCOM | ID = 10010
Description = The server {FFF2D28F-E4EE-44D9-8104-8E71556757F6} did not register
with DCOM within the required timeout.

Error - 5/28/2010 9:12:49 AM | Computer Name = LENOVO-3572C3E5 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NIS service.

Error - 5/28/2010 9:47:17 AM | Computer Name = LENOVO-3572C3E5 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 5/28/2010 9:48:38 AM | Computer Name = LENOVO-3572C3E5 | Source = NetBT | ID = 4321
Description = The name "DYNEAMARK :1d" could not be registered on the Interface
with IP address 192.168.2.133. The machine with the IP address 192.168.2.10 did
not allow the name to be claimed by this machine.


< End of report >

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AD97D01]<<
kernel: MBR read successfully
user & kernel MBR OK


Attached Files

  • Attached File  OTL.Txt   132.79KB   8 downloads
  • Attached File  Extras.Txt   64.22KB   8 downloads
  • Attached File  mbr.log   290bytes   7 downloads


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:19 PM

Posted 28 May 2010 - 09:40 AM

Hi Led Head,

Just pasting the logs for me would be good, thanks.


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Download TDLfix and save it to your desktop.
  • Close all the open windows.
  • Double-click TDLfix.exe to run the tool.
  • Type the following bold line, into the command window and press Enter:
pci
  • The application shall restart the computer immediately and runs after restart.
  • Tell me if the computer rebooted and ran to completion.
Note: The tool currently only supports Windows XP.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O4 - HKLM..\Run: [] File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
    MsConfig - StartUpReg: DLA - hkey= - key= - File not found
    MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
    MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
    MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
    MsConfig - StartUpReg: TpShocks - hkey= - key= - File not found
    [2010/05/25 09:19:27 | 000,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring"=dword:00000000
    :Commands
    [Resethosts]
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.


  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c "%userprofile%\desktop\mbr.exe" -t& start mbr.log
  • The command prompt should pop up and say 1 file(s) copied, if it doesn't please let me know before continuing.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • New mbr.log

Thanks

unite.jpg


#5 Led Head

Led Head
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 28 May 2010 - 10:24 AM

Syler,

Thanks for the reply. Given the advise I believe I will reformat and re-install. I have a couple of questions though I hope you can assist with:

1. The computer was running updated Norton Internet Security all the time, and messages popped up indicating Norton blocked remote attacks on the computer. Does this mean attacks still got through?
2. One of your links above indicates:" If the computer was connected to the Internet for a long time with the backdoor installed, or if the malware used ICQ to actively contact hackers, then it is more likely the backdoor was used. Therefore there is a high risk if re-formatting and re-installing is not done.

If the backdoor merely opens a port to listen the risk is slightly lower.

If the backdoor merely opens a port to listen and the computer was behind a working firewall or NAT router, then the risk of the backdoor being used is greatly reduced. Therefore there is probably a much lower risk if re-formatting and re-installing is not done.

Most search hijackers and pop-up producing adware contain a capability for the maker to automatically update them and to add additional adware. In other words, most of them install backdoors of some sort."


This computer always operated on a network at work with Sonicwall Hardware and a Firewall or at home with a DLINK Router and Firewall. Is it possible to tell whether the backdoor was used or if a port was only opened to listen?

3. If I have Credit Cards or other Financial Accounts that were not accessed online during the past several weeks, are they in jeopardy as well?


Thanks again for your help.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:19 PM

Posted 28 May 2010 - 10:44 AM

QUOTE
The computer was running updated Norton Internet Security all the time, and messages popped up indicating Norton blocked remote attacks on the computer. Does this mean attacks still got through?


I would suspect that the messages about the attacks are telling you that the rootkit you have is try to
make connections, from inside your computer to outside your computer, so the rootkit had already
compromised you before you got these messages and the messages are telling you that it is try to
communicate with it's servers and it is blocking it.

QUOTE
This computer always operated on a network at work with Sonicwall Hardware and a Firewall or at home with a DLINK Router and Firewall. Is it possible to tell whether the backdoor was used or if a port was only opened to listen?


The rootkit you have is the worst of it's kind and uses more than just open ports to listen, if this machine
has been connected to a network, then it may have infected you through the network or your machine
may have helped it spread to other machines on the network. I can not tell you for certain though how
this got in there, their are many possibilities.


QUOTE
If I have Credit Cards or other Financial Accounts that were not accessed online during the past several weeks, are they in jeopardy as well?


Again this is something I can not say for sure, I have no idea how long it has been there and what
information it may have been able to gather.

unite.jpg


#7 Led Head

Led Head
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 31 May 2010 - 02:43 PM

Syler,

I wiped my HDD with Kill Disk and reloaded XP. Can you please take a quick look and verify the backdoor Trojan has been removed?
Thanks again for your help. I did not include the gmer log as it kept crashing XP.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jim Bailey at 14:28:38.68 on Mon 05/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.2336 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jim Bailey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://lenovo.live.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [<NO NAME>]
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Notify: ACNotify - ACNotify.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jimbai~1\applic~1\mozilla\firefox\profiles\kypmjsu5.default\
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\coffplgn\components\coFFPlgn.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-31 173104]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-3-2 19760]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-31 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-31 116784]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-31 126392]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-31 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100520.001\IDSXpx86.sys [2009-10-28 329592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100531.003\NAVENG.SYS [2010-5-31 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100531.003\NAVEX15.SYS [2010-5-31 1347504]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 35264]

=============== Created Last 30 ================

2010-05-31 18:49:32 0 d-----w- c:\program files\Windows Live Toolbar
2010-05-31 18:49:25 0 d-----w- c:\docume~1\jimbai~1\applic~1\Lenovo
2010-05-31 18:45:10 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-05-31 18:42:41 61 ----a-w- c:\windows\smscfg.ini
2010-05-31 18:41:36 0 d-sh--r- C:\RRbackups
2010-05-31 18:38:42 0 d-----w- c:\windows\system32\(null)
2010-05-31 18:38:39 129784 ----a-w- c:\windows\system32\pxafs.dll
2010-05-31 18:38:39 118520 ----a-w- c:\windows\system32\pxinsi64.exe
2010-05-31 18:38:39 115960 ----a-w- c:\windows\system32\pxcpyi64.exe
2010-05-31 18:38:24 0 d-----w- C:\SWSHARE
2010-05-31 18:38:22 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2010-05-31 18:34:23 0 d-----w- c:\docume~1\alluse~1\applic~1\PC-Doctor
2010-05-31 18:34:01 0 d-----w- c:\program files\PCDR5
2010-05-31 18:34:00 0 d-----w- c:\program files\Lenovo Registration
2010-05-31 18:33:58 9679 ----a-w- c:\windows\system32\msxml4r.cat
2010-05-31 18:33:58 9675 ----a-w- c:\windows\system32\msxml4.cat
2010-05-31 18:33:58 500 ----a-w- c:\windows\system32\msxml4r.Manifest
2010-05-31 18:33:58 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-05-31 18:33:58 3489 ----a-w- c:\windows\system32\msxml4.Manifest
2010-05-31 18:33:53 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-05-31 18:33:09 923184 ----a-w- c:\windows\system32\ahlprun.exe
2010-05-31 18:33:09 0 d-----w- c:\program files\ThinkVantage
2010-05-31 18:33:09 0 d-----w- C:\Icons
2010-05-31 18:33:06 0 d-----w- c:\program files\Sonic Icons for Lenovo
2010-05-31 18:33:00 0 d-----w- c:\program files\Sonic
2010-05-31 18:33:00 0 d-----w- c:\program files\common files\SureThing Shared
2010-05-31 18:32:57 94263 ----a-w- c:\windows\DLA.EXE
2010-05-31 18:32:57 89472 ----a-w- c:\windows\system32\drivers\DRVMCDB.SYS
2010-05-31 18:32:57 61500 ----a-w- c:\windows\system32\DLAAPI_W.DLL
2010-05-31 18:32:57 5660 ----a-w- c:\windows\system32\drivers\DLACDBHM.SYS
2010-05-31 18:32:57 40544 ----a-w- c:\windows\system32\drivers\DRVNDDM.SYS
2010-05-31 18:32:57 22684 ----a-w- c:\windows\system32\drivers\DLARTL_N.SYS
2010-05-31 18:32:57 126 ----a-w- c:\windows\wininit.ini
2010-05-31 18:32:57 0 d-----w- c:\windows\system32\DLA
2010-05-31 18:32:33 0 d-----w- c:\program files\Multimedia Center for Think Offerings
2010-05-31 18:32:32 0 d-----w- c:\program files\common files\Sonic Shared
2010-05-31 18:32:05 21060 ----a-w- c:\windows\system32\drivers\iviaspi.sys
2010-05-31 18:31:47 0 d-----w- c:\program files\common files\InterVideo
2010-05-31 18:31:32 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2010-05-31 18:31:32 20480 ----a-w- c:\windows\system32\IVIresize.dll
2010-05-31 18:31:32 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2010-05-31 18:31:32 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2010-05-31 18:31:32 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2010-05-31 18:31:32 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2010-05-31 18:31:28 0 d-----w- c:\program files\InterVideo
2010-05-31 18:31:17 49265 ----a-w- c:\windows\system32\jpicpl32.cpl
2010-05-31 18:30:19 0 d-----w- c:\program files\common files\Lenovo
2010-05-31 18:30:14 28224 ----a-w- c:\windows\system32\drivers\psadd.sys
2010-05-31 18:28:01 0 ----a-w- c:\documents and settings\jim bailey\defogger_reenable
2010-05-31 18:26:09 0 d-----w- c:\program files\Digital Line Detect
2010-05-31 18:26:06 0 d-----w- c:\program files\NetWaiting
2010-05-31 18:25:57 0 d-----w- c:\program files\CONEXANT
2010-05-31 18:25:11 53248 ----a-w- c:\windows\system32\wdmioctl.dll
2010-05-31 18:25:11 49152 ----a-w- c:\windows\system32\DSndUp.exe
2010-05-31 18:25:11 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-05-31 18:25:11 1285632 ----a-w- c:\windows\system32\SMMedia.dll
2010-05-31 18:25:11 0 d-----w- c:\program files\Analog Devices
2010-05-31 18:21:31 12848 ----a-w- c:\windows\system32\drivers\TSMAPIP.SYS
2010-05-31 18:20:44 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2010-05-31 18:20:44 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-05-31 18:20:43 868042 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-05-31 18:20:14 4442 ----a-w- c:\windows\system32\drivers\TPPWRIF.SYS
2010-05-31 18:20:14 16384 ----a-w- c:\windows\PWMBTHLP.EXE
2010-05-31 18:20:14 0 d-----w- c:\program files\ThinkPad
2010-05-31 18:19:24 0 d-----w- c:\program files\common files\snp2uvc
2010-05-31 18:19:06 0 d-----w- c:\program files\Synaptics
2010-05-31 18:18:53 10134 ----a-w- c:\windows\SetupIcon.ico
2010-05-31 18:18:02 0 d-----w- c:\program files\Lenovo
2010-05-31 18:17:44 0 d-----w- c:\program files\MSXML 4.0
2010-05-31 18:14:34 28672 ----a-w- c:\windows\system32\verclsid.exe
2010-05-31 18:10:24 0 d-----w- c:\program files\Windows Media Connect 2
2010-05-31 18:10:05 138 ----a-w- c:\windows\system32\Softkbd.exe.config
2010-05-31 18:08:14 0 d-----w- c:\windows\RegisteredPackages
2010-05-31 18:06:20 10240 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys
2010-05-31 18:03:56 10240 ----a-w- c:\windows\system32\drivers\compbatt.sys
2010-05-31 18:03:55 14208 ----a-w- c:\windows\system32\drivers\battc.sys
2010-05-31 18:03:55 13952 ----a-w- c:\windows\system32\drivers\cmbatt.sys
2010-05-31 18:03:31 7168 ----a-w- c:\windows\system32\hccoin.dll
2010-05-31 18:03:31 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-05-31 18:03:19 6400 ----a-w- c:\windows\system32\drivers\enum1394.sys
2010-05-31 18:03:19 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2010-05-31 18:03:19 53376 ----a-w- c:\windows\system32\drivers\1394bus.sys
2010-05-31 18:03:08 8832 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2010-05-31 17:52:12 0 d-----w- c:\windows\system32\XPSViewer
2010-05-31 17:51:41 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-31 17:51:41 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-31 17:51:41 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-31 17:51:41 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-31 17:51:41 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-31 17:51:40 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-31 17:51:40 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-31 17:51:40 0 d-----w- C:\f9d5e3abf86e5da48091
2010-05-31 17:45:47 0 d-----w- C:\SWTOOLS
2010-05-31 17:43:27 0 d---a-w- C:\I386
2010-05-31 17:42:57 0 d-----w- c:\program files\CCleaner
2010-05-31 17:39:51 0 d-sh--w- c:\documents and settings\jim bailey\IETldCache
2010-05-31 17:33:17 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-05-31 17:32:57 0 d-----w- c:\windows\ie8updates
2010-05-31 17:32:51 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-05-31 17:32:50 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-31 17:30:56 0 dc-h--w- c:\windows\ie8
2010-05-31 17:13:37 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-05-31 17:13:33 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2010-05-31 17:13:11 353792 ------w- c:\windows\system32\dllcache\srv.sys
2010-05-31 17:12:17 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-31 17:12:12 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-05-31 17:10:43 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2010-05-31 17:10:37 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-05-31 17:10:30 128512 ------w- c:\windows\system32\dllcache\dhtmled.ocx
2010-05-31 17:09:37 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-05-31 17:09:28 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2010-05-31 17:03:43 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-05-31 17:03:38 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-05-31 17:02:15 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-05-31 17:02:15 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2010-05-31 17:02:15 1206508 ------w- c:\windows\system32\dllcache\sysmain.sdb
2010-05-31 16:49:29 0 d-----w- c:\windows\system32\scripting
2010-05-31 16:49:29 0 d-----w- c:\windows\system32\en
2010-05-31 16:49:29 0 d-----w- c:\windows\l2schemas
2010-05-31 16:49:28 0 d-----w- c:\windows\system32\bits
2010-05-31 16:45:29 0 d-----w- c:\windows\ServicePackFiles
2010-05-31 16:42:24 0 d-----w- c:\windows\network diagnostic
2010-05-31 16:21:40 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2010-05-31 16:12:26 0 d-----w- c:\windows\system32\PreInstall
2010-05-31 15:56:48 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-31 15:56:48 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-31 15:56:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-31 15:56:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-31 15:56:48 0 d-----w- c:\program files\Symantec
2010-05-31 15:56:48 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-31 15:56:22 0 d-----w- c:\windows\system32\drivers\NIS
2010-05-31 15:56:19 0 d-----w- c:\program files\Norton Internet Security
2010-05-31 15:56:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-05-31 15:53:57 0 d-----w- c:\program files\NortonInstaller
2010-05-31 15:53:57 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-05-31 15:53:17 0 d-----w- c:\windows\system32\SoftwareDistribution

==================== Find3M ====================

2010-05-31 18:49:31 50 ----a-w- c:\windows\system32\drivers\LENOVO_6459_CTO.MRK
2010-05-31 18:38:13 36624 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-05-31 18:37:33 7012 ----a-w- c:\windows\system32\drivers\pmemnt.sys
2010-03-11 12:38:51 133120 ----a-w- c:\windows\system32\dllcache\extmgr.dll
2010-03-10 13:18:21 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe

============= FINISH: 14:29:00.70 ===============





#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:19 PM

Posted 31 May 2010 - 03:42 PM

Hi Led Head,

The rootkit will be gone, NO malware can survive a format, not even a standard format.

unite.jpg


#9 Led Head

Led Head
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:19 PM

Posted 31 May 2010 - 03:56 PM

Thanks again for your assistance.

Cheers!

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:19 PM

Posted 31 May 2010 - 03:58 PM

You're very welcome smile.gif

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:19 PM

Posted 02 June 2010 - 10:47 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users