Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still having problems post removal of AntiVirus 7


  • Please log in to reply
9 replies to this topic

#1 minipabs

minipabs

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 15 July 2010 - 06:33 PM

Hi, I am new to posting... I removed Antivirus 7 from my laptop at the end of June, but I am still having problems.
Can somebody help?!? Below are DDS and Attach logs, again, after 2 failed attempts (computer froze) running GMER, third time, screen flashed a blue box in the upper left corner (too quick for me to read...just saw a bunch of words) and system went down. sad.gif Weather Channel at start up freezes and gives error message, Apple Sync Notification alerts me it cannot find a .dll file. IE opens REALLY slow, and sometimes doesn't connect at all. I have tried to download rkill many times, my antivirus squashes it, thinks it is a trojan. I have an old version of rkill (from feb) that I have run a few times, then malware bites. Doesn't show anymore anitvirus 7 in quarentine...but my computer is not acting right. rkill frequently lists items below in log, but malware doesn't find a problem....

C:\Documents and Settings\Kimberly\Local Settings\Temp\208.tmp\pev.rkexe
C:\Program Files\McAfee Security Scan\2.0.181\McUICnt.exe
C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe


DDS (Ver_10-03-17.01) - NTFSx86
Run by Kimberly at 17:45:52.69 on Thu 07/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.101 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\FpLogonServ.exe
C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Lenovo\PM Driver\PMSveH.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Linksys\WUSB54GSC\WLService.exe
C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Lenovo\LENOVO~2\LPMGR.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kimberly \Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://staff.spectrumlab.org/staff/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100523164505.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\CouponsBar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [PMHandler] c:\progra~1\lenovo\pmdriv~1\PMHandler.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPWAUDAP] c:\program files\lenovo\hotkey\TpWAudAp.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [LPManager] c:\progra~1\lenovo\lenovo~2\LPMGR.exe
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [<NO NAME>]
mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\kimber~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: live.com\login
Trusted Zone: skymilesshopping.com\www
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: ACNotify - ACNotify.dll
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 385880]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-17 82952]
R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-5-24 10240]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-17 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-1-28 152320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-17 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-17 88480]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-1-28 51688]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-17 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-17 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2010-1-28 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2010-1-28 40552]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

=============== Created Last 30 ================

2010-07-14 19:26:23 0 ----a-w- c:\documents and settings\kimberly \defogger_reenable
2010-07-12 19:52:05 0 d-----w- c:\docume~1\kimber~1\applic~1\Uniblue
2010-07-12 19:51:51 0 d-----w- c:\program files\Uniblue
2010-07-10 04:50:26 0 d-----w- c:\program files\CCleaner
2010-07-10 02:44:15 0 d-----w- c:\docume~1\alluse~1\applic~1\TaskMgr
2010-07-07 17:57:05 0 d-----w- c:\program files\Adobe Reader 9 Installer
2010-07-07 17:19:53 0 d-----w- c:\windows\SxsCaPendDel
2010-06-23 18:34:15 226728 ----a-r- c:\windows\system32\cpnprt2.cid
2010-06-23 18:33:09 0 d-----w- c:\windows\Cache
2010-06-23 18:33:06 0 d-----w- c:\program files\Coupons
2010-06-23 18:32:18 1285272 ----a-w- c:\program files\CouponPrinter.exe
2010-06-23 07:52:41 0 d-----w- c:\program files\The Weather Channel FW
2010-06-21 01:36:43 0 d---a-w- c:\docume~1\alluse~1\applic~1\PCDr
2010-06-21 01:36:02 0 d---a-w- c:\program files\PC-Doctor
2010-06-21 01:28:23 0 d---a-w- c:\docume~1\kimber~1\applic~1\Update
2010-06-20 18:14:12 0 d---a-w- c:\docume~1\kimber~1\applic~1\Downloaded Installations
2010-06-17 20:30:37 0 d---a-w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-17 20:14:33 0 d---a-w- c:\program files\Bonjour

==================== Find3M ====================

2010-07-10 02:45:03 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-06-20 18:14:13 30144 ------w- c:\windows\system32\drivers\psadd.sys
2010-05-24 15:27:44 67444 ---h--w- c:\windows\system32\mlfcache.dat
2010-05-18 21:35:16 91424 ------w- c:\windows\system32\dnssd.dll
2010-05-18 21:35:16 197920 ------w- c:\windows\system32\dnssdX.dll
2010-05-18 21:35:16 107808 ------w- c:\windows\system32\dns-sd.exe
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\atmfd.dll
2009-12-17 20:49:34 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-12-22 12:43:50 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009121420091221\index.dat
2009-12-22 12:45:45 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122220091223\index.dat
2009-12-23 20:41:48 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009122320091224\index.dat

============= FINISH: 17:48:37.49 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/22/2009 6:51:16 AM
System Uptime: 7/15/2010 5:34:28 PM (0 hours ago)

Motherboard: LENOVO | | IEL10
Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz | U2E1 | 781/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 106.773 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP87: 4/16/2010 7:01:20 AM - Software Distribution Service 3.0
RP88: 4/17/2010 3:18:05 PM - System Checkpoint
RP89: 4/18/2010 3:46:49 PM - System Checkpoint
RP90: 4/19/2010 7:47:19 PM - System Checkpoint
RP91: 4/20/2010 7:50:26 PM - System Checkpoint
RP92: 4/21/2010 11:09:46 PM - System Checkpoint
RP93: 4/23/2010 6:59:19 AM - System Checkpoint
RP94: 4/25/2010 9:36:25 AM - System Checkpoint
RP95: 4/26/2010 11:18:12 AM - System Checkpoint
RP96: 4/27/2010 11:53:13 AM - System Checkpoint
RP97: 4/30/2010 7:11:55 AM - System Checkpoint
RP98: 5/2/2010 10:04:19 PM - System Checkpoint
RP99: 5/3/2010 10:59:49 PM - System Checkpoint
RP100: 5/5/2010 7:30:59 AM - System Checkpoint
RP101: 5/6/2010 10:07:16 AM - System Checkpoint
RP102: 5/7/2010 10:26:21 AM - System Checkpoint
RP103: 5/9/2010 5:59:07 PM - System Checkpoint
RP104: 5/15/2010 7:21:13 AM - System Checkpoint
RP105: 5/16/2010 8:29:24 AM - Software Distribution Service 3.0
RP106: 5/17/2010 9:30:30 AM - System Checkpoint
RP107: 5/24/2010 11:51:11 AM - Installed Pure Networks Platform
RP108: 5/24/2010 12:00:57 PM - Installed Network Magic
RP109: 5/25/2010 1:56:47 PM - System Checkpoint
RP110: 5/26/2010 11:40:11 AM - Software Distribution Service 3.0
RP111: 5/27/2010 2:11:33 PM - System Checkpoint
RP112: 5/29/2010 9:38:53 AM - System Checkpoint
RP113: 5/30/2010 11:58:47 AM - System Checkpoint
RP114: 5/31/2010 6:35:23 PM - System Checkpoint
RP115: 6/2/2010 7:57:00 AM - System Checkpoint
RP116: 6/3/2010 1:14:45 PM - System Checkpoint
RP117: 6/4/2010 2:46:34 PM - System Checkpoint
RP118: 6/6/2010 10:00:02 AM - System Checkpoint
RP119: 6/7/2010 11:40:18 AM - System Checkpoint
RP120: 6/8/2010 12:47:57 PM - System Checkpoint
RP121: 6/9/2010 5:15:00 PM - System Checkpoint
RP122: 6/11/2010 1:10:53 AM - System Checkpoint
RP123: 6/11/2010 3:00:50 AM - Software Distribution Service 3.0
RP124: 6/13/2010 4:00:34 PM - System Checkpoint
RP125: 6/15/2010 10:50:57 AM - System Checkpoint
RP126: 6/16/2010 9:22:36 PM - System Checkpoint
RP127: 6/17/2010 10:29:37 PM - System Checkpoint
RP128: 6/19/2010 10:05:41 AM - System Checkpoint
RP129: 6/20/2010 11:07:38 AM - System Checkpoint
RP130: 6/21/2010 12:13:18 PM - System Checkpoint
RP131: 6/22/2010 12:41:25 PM - System Checkpoint
RP132: 6/23/2010 11:13:15 PM - System Checkpoint
RP133: 6/24/2010 11:06:08 AM - Software Distribution Service 3.0
RP134: 6/25/2010 11:10:56 AM - System Checkpoint
RP135: 6/26/2010 2:03:33 PM - System Checkpoint
RP136: 6/28/2010 12:14:40 AM - System Checkpoint
RP137: 6/29/2010 12:30:51 AM - System Checkpoint
RP138: 6/30/2010 9:47:44 AM - System Checkpoint
RP139: 7/1/2010 10:45:30 PM - System Checkpoint
RP140: 7/3/2010 12:15:42 PM - System Checkpoint
RP141: 7/4/2010 4:17:58 PM - System Checkpoint
RP142: 7/5/2010 4:47:46 PM - System Checkpoint
RP143: 7/6/2010 11:00:59 PM - System Checkpoint
RP144: 7/7/2010 11:18:23 AM - Removed iTunes
RP145: 7/7/2010 12:05:55 PM - Removed VPN Client
RP146: 7/7/2010 12:19:17 PM - Removed Apple Application Support
RP147: 7/7/2010 12:20:44 PM - Removed Apple Mobile Device Support
RP148: 7/7/2010 12:21:33 PM - Removed Apple Software Update
RP149: 7/7/2010 12:41:25 PM - Removed Adobe Reader 9.3.
RP150: 7/7/2010 12:57:28 PM - Installed Adobe Reader 9.3.
RP151: 7/8/2010 1:46:59 PM - System Checkpoint
RP152: 7/9/2010 2:37:39 PM - System Checkpoint
RP153: 7/10/2010 2:42:19 PM - System Checkpoint
RP154: 7/11/2010 4:36:13 PM - System Checkpoint
RP155: 7/12/2010 8:09:31 PM - System Checkpoint
RP156: 7/13/2010 9:48:14 PM - System Checkpoint
RP157: 7/15/2010 5:39:11 PM - Software Distribution Service 3.0

==== Installed Programs ======================


2007 Microsoft Office system
Access Help
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Agere Systems HDA Modem
Bonjour
Broadcom 802.11 Network Adapter
Broadcom Gigabit Integrated Controller
Brother MFL-Pro Suite
Business Contact Manager for Outlook 2007 SP2
CCleaner
Client Security Solution
Compact Wireless-G USB Network Adapter with SpeedBooster
Corel Business Center
Corel Snapfire Plus
Coupon Printer for Windows
CouponBar
Diskeeper Lite
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Help Center
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Integrated Camera
Intel® Graphics Media Accelerator Driver
InterVideo Register Manager
InterVideo WinDVD
InterVideo WinDVD Creator 3
J2SE Runtime Environment 5.0 Update 6
Lenovo Care
Lenovo Care Supplement
Lenovo Fingerprint Software
Lenovo PM Driver
Lenovo Registration
Lenovo ThinkVantage Toolbox
Maintenance Manager
Malwarebytes' Anti-Malware
McAfee AntiVirus Plus
McAfee Security Scan Plus
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
MobileMe Control Panel
Move Media Player
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Network Magic
OGA Notifier 2.0.0048.0
On Screen Display
Picasa 2
PM Driver
Presentation Director
Pure Networks Platform
QuickTime
Realtek High Definition Audio Driver
Rescue and Recovery
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32
Roxio Digital Media LE
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sonic Icons for Lenovo
Sonic Update Manager
Synaptics Pointing Device Driver
System Update
The Weather Channel Desktop 6
ThinkPad Hotkey Features Setup
ThinkPad PC Card Power Policy
ThinkVantage Access Connections
ThinkVantage Technologies Welcome Message
Uniblue RegistryBooster
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Wallpapers
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Toolbar
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WordPerfect Office X3
XP Themes

==== End Of File ===========================



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 PM

Posted 22 July 2010 - 08:17 AM

Hello minipabs

Welcome to BleepingComputer smile.gif
========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 minipabs

minipabs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 23 July 2010 - 03:06 PM

Thank you for helping me! Prior to runnig the OTL, I disabled McAfree Antivirus Plus. These are the text documents post run OTL:

OTL logfile created on: 7/23/2010 1:54:59 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Kimberly Corrado\Desktop\BC help
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 363.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.99 Gb Total Space | 106.76 Gb Free Space | 74.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIMC_LT
Current User Name: Kimberly Corrado
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Kimberly Corrado\Desktop\BC help\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)
PRC - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
PRC - C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo)
PRC - C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
PRC - C:\Program Files\Linksys\WUSB54GSC\WUSB54GSC.exe (Linksys)
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\WINDOWS\system32\WISPTIS.EXE (Microsoft Corporation)
PRC - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
PRC - C:\Program Files\Linksys\WUSB54GSC\WLService.exe (GEMTEKS)
PRC - C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Common Files\Installshield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Kimberly Corrado\Desktop\BC help\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_banner.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\css_lenovo_res.dll (Lenovo Group Limited)
MOD - C:\Program Files\Lenovo\Client Security Solution\csswait.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\cssuserdatadispatcher.dll (Lenovo Group Limited)
MOD - C:\WINDOWS\system32\tcsrpc.dll (Lenovo)
MOD - C:\WINDOWS\system32\tvttsp.dll (Lenovo)
MOD - C:\Program Files\Common Files\Lenovo\tvt_lenovo_res2.dll (Lenovo Group Limited)


========== Win32 Services (SafeList) ==========

SRV - (WUSB54GSC) -- C:\Program Files\Linksys\WUSB54GSC\WLService.exe WUSB54GSC.exe File not found
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (TVT Scheduler) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)
SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)
SRV - (PMSveH) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo)
SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()
SRV - (TVT Backup Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe (Lenovo Group Limited)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (WMConnectCDS) -- C:\Program Files\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (vsdatant) -- C:\WINDOWS\System32\vsdatant.sys File not found
DRV - (PcdrNdisuio) -- C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys File not found
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (tvtfilter) -- C:\WINDOWS\system32\drivers\tvtfilter.sys (Lenovo)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\pmemnt.sys (Microsoft Corporation)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (TVTPktFilter) -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys (Lenovo Group Limited)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (PMHler) -- C:\WINDOWS\system32\drivers\PMHler.sys (Lenovo )
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (BCM42RLY) -- C:\WINDOWS\system32\bcm42rly.sys (Broadcom Corporation)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (ac97intc) Intel® 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://staff.spectrumlab.org/staff/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/12/28 08:23:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/04 12:11:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\CouponsBar.dll (Coupons, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100523164505.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponsBar.dll (Coupons, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponsBar.dll (Coupons, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\Kimberly Corrado\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: live.com ([login] http in Trusted sites)
O15 - HKCU\..Trusted Domains: skymilesshopping.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: spectrumlab.org ([webmail] https in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.190.94.2 207.190.94.129
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Kimberly Corrado\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Kimberly Corrado\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 02:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/07/14 14:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kimberly Corrado\Desktop\BC help
[2010/07/14 08:50:51 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/12 19:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/12 14:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kimberly Corrado\Application Data\Uniblue
[2010/07/12 14:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/07/10 12:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/10 12:37:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/09 23:50:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kimberly Corrado\Recent
[2010/07/09 23:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/09 21:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TaskMgr
[2010/07/07 12:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Reader 9 Installer
[2010/07/07 12:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/07 12:19:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/07/06 12:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kimberly Corrado\Desktop\epic
[2010/06/24 19:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kimberly Corrado\Application Data\InterVideo
[2009/12/17 15:50:24 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2009/12/17 15:50:24 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/23 13:53:07 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\defogger_reenable
[2010/07/23 12:39:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/07/23 12:16:23 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A4312CB7-FD50-409B-8B1C-9448D5930EA2}.job
[2010/07/21 20:13:18 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Kimberly Corrado\NTUSER.DAT
[2010/07/21 10:03:13 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010/07/20 18:47:35 | 000,015,685 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\2009_Virginia_Return_KAC.pdf
[2010/07/20 18:46:44 | 000,025,901 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\2009_Federal_Return_KAC.pdf
[2010/07/20 18:12:43 | 000,176,141 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\2007TaxReturn_Fed_KIM3.pdf
[2010/07/20 13:29:17 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2010/07/20 00:23:31 | 000,491,752 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/20 00:23:31 | 000,090,276 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/20 00:23:30 | 000,592,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/20 00:18:32 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/07/20 00:18:17 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/07/20 00:18:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/20 00:18:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/20 00:18:13 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/16 21:10:49 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/15 18:43:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Kimberly Corrado\ntuser.ini
[2010/07/13 10:01:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/13 08:53:34 | 000,222,402 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\My Documents\cc_20100713_085247.reg
[2010/07/09 23:50:30 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\CCleaner.lnk
[2010/07/09 23:25:49 | 000,000,439 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/09 21:45:03 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/07/09 21:45:02 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\0AD36E739A.sys
[2010/07/09 21:44:14 | 000,002,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Corel Business Center.lnk
[2010/06/30 22:59:31 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\Corrado Resume 2010.doc
[2010/06/30 08:43:42 | 000,012,035 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\My Documents\Kimberly Corrado_CV Leter Epic.docx
[2010/06/29 13:24:58 | 000,016,422 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\Sample Interview Questions.docx
[2010/06/25 10:49:25 | 000,171,827 | ---- | M] () -- C:\Documents and Settings\Kimberly Corrado\My Documents\Comparison Analysis for MyPoints and AmX Rewards Shopping.docx
[2010/06/25 10:00:01 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 13:53:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Kimberly Corrado\defogger_reenable
[2010/07/20 18:47:35 | 000,015,685 | ---- | C] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\2009_Virginia_Return_KAC.pdf
[2010/07/20 18:46:44 | 000,025,901 | ---- | C] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\2009_Federal_Return_KAC.pdf
[2010/07/20 18:12:42 | 000,176,141 | ---- | C] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\2007TaxReturn_Fed_KIM3.pdf
[2010/07/15 17:34:54 | 1063,702,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/13 08:52:52 | 000,222,402 | ---- | C] () -- C:\Documents and Settings\Kimberly Corrado\My Documents\cc_20100713_085247.reg
[2010/07/09 23:50:30 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\CCleaner.lnk
[2010/06/30 08:12:10 | 000,000,444 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A4312CB7-FD50-409B-8B1C-9448D5930EA2}.job
[2010/06/29 13:24:57 | 000,016,422 | ---- | C] () -- C:\Documents and Settings\Kimberly Corrado\Desktop\Sample Interview Questions.docx
[2010/06/26 18:13:30 | 000,521,360 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/25 10:49:23 | 000,171,827 | ---- | C] () -- C:\Documents and Settings\Kimberly Corrado\My Documents\Comparison Analysis for MyPoints and AmX Rewards Shopping.docx
[2010/06/24 11:28:33 | 000,012,035 | ---- | C] () -- C:\Documents and Settings\Kimberly Corrado\My Documents\Kimberly Corrado_CV Leter Epic.docx
[2010/03/13 16:54:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/03/13 16:53:56 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/03/09 07:21:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2010/03/09 07:21:38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2010/02/23 20:20:28 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/02/08 08:45:42 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2010/02/03 16:05:53 | 000,000,818 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/02/03 16:05:53 | 000,000,426 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2010/02/03 16:05:53 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/02/03 16:05:53 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/02/03 16:05:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2009/12/22 15:12:16 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/12/22 15:12:16 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\0AD36E739A.sys
[2009/12/17 16:40:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/12/17 16:15:00 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/12/17 16:02:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/12/17 16:02:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/12/17 16:02:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/12/17 16:02:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/12/17 16:02:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/12/17 16:02:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/12/17 15:54:38 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2009/12/17 15:54:38 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2009/12/17 15:54:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/12/17 15:54:19 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/12/17 15:52:48 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2009/12/17 15:51:13 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/12/17 15:50:25 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2009/12/17 15:50:25 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2009/08/03 18:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/08/16 05:28:38 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/08/16 05:28:27 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/02/09 14:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/30 02:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 01:56:21 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2006/04/30 01:56:21 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2006/04/30 01:56:21 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2006/04/30 01:56:21 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2006/04/30 01:56:20 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

========== LOP Check ==========

[2009/12/17 16:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/06/20 13:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/12/17 16:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2010/06/21 10:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/07/09 21:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaskMgr
[2009/12/17 16:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/06/17 15:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/25 19:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/20 13:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimberly Corrado\Application Data\Downloaded Installations
[2010/06/24 19:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimberly Corrado\Application Data\InterVideo
[2009/12/22 07:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimberly Corrado\Application Data\Lenovo
[2010/07/12 14:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimberly Corrado\Application Data\Uniblue
[2010/06/20 20:37:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kimberly Corrado\Application Data\Update
[2010/07/23 12:39:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/06/25 10:00:01 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
[2010/07/21 10:03:13 | 000,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job
[2010/07/23 12:16:23 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A4312CB7-FD50-409B-8B1C-9448D5930EA2}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/04/30 02:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/17 15:54:32 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
[2009/12/22 07:51:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/04/30 02:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/17 16:03:46 | 000,001,496 | ---- | M] () -- C:\drivez.log
[2010/07/20 00:18:13 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2006/04/30 02:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/09 19:39:10 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2006/04/30 02:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/23 15:24:00 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/07/20 00:18:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2009/12/17 15:53:25 | 000,000,542 | ---- | M] () -- C:\RHDSetup.log
[2010/07/21 02:48:38 | 000,000,403 | ---- | M] () -- C:\rkill.log
[2009/12/17 15:51:21 | 000,000,086 | ---- | M] () -- C:\setup.log
[2009/12/17 15:36:17 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl
[2010/07/20 00:18:17 | 000,000,168 | ---- | M] () -- C:\TPHKLOCK.TXT

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 07:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/29 19:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 19:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 19:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/27 16:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\cfwids.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/04/27 16:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys
[2010/04/27 16:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2010/04/27 16:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2010/04/27 16:16:24 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeclnk.sys
[2010/04/27 16:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfefirek.sys
[2010/04/27 16:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2010/04/27 16:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfendisk.sys
[2010/04/27 16:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdet.sys
[2010/04/27 16:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys
[2010/06/20 13:14:13 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) -- C:\WINDOWS\system32\drivers\psadd.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
< End of report >

OTL Extras logfile created on: 7/23/2010 1:54:59 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Kimberly Corrado\Desktop\BC help
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 363.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.99 Gb Total Space | 106.76 Gb Free Space | 74.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIMC_LT
Current User Name: Kimberly Corrado
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"62515:UDP" = 62515:UDP:*:Enabled:Cisco
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- File not found
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{79D56DFD-D28E-4289-BED2-32A6342A305B}" = Corel Business Center
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AwayTask" = Maintenance Manager
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Digital Media LE" = Roxio Digital Media LE
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"Lenovo Registration" = Lenovo Registration
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSC" = McAfee AntiVirus Plus
"MSNINST" = MSN
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa2" = Picasa 2
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"TTB000001.TTB000001Toolbar" = CouponBar
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2010 12:37:14 PM | Computer Name = KIMC_LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1946907

Error - 7/20/2010 12:37:14 PM | Computer Name = KIMC_LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1946907

Error - 7/20/2010 2:25:08 PM | Computer Name = KIMC_LT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2010 2:25:18 PM | Computer Name = KIMC_LT | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/20/2010 2:31:03 PM | Computer Name = KIMC_LT | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 12.0.6535.5000, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/20/2010 2:31:29 PM | Computer Name = KIMC_LT | Source = Application Hang | ID = 1001
Description = Fault bucket 1858090278.

Error - 7/21/2010 10:32:32 AM | Computer Name = KIMC_LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/21/2010 10:32:32 AM | Computer Name = KIMC_LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18516016

Error - 7/21/2010 10:32:32 AM | Computer Name = KIMC_LT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18516016

Error - 7/21/2010 11:01:28 AM | Computer Name = KIMC_LT | Source = PC-Doctor | ID = 1
Description =

[ Lenovo-Message Center Plus/Admin Events ]
Error - 6/20/2010 5:37:22 PM | Computer Name = KIMC_LT | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\SeedDB.cab
does not have a Lenovo Digital Signature. The file will be deleted

Error - 6/20/2010 5:37:22 PM | Computer Name = KIMC_LT | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The Msg SeedDB could not be decompressed

[ System Events ]
Error - 7/19/2010 10:14:35 AM | Computer Name = KIMC_LT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.12 for the Network Card with network
address 002269A91506 has been denied by the DHCP server 192.168.200.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/20/2010 1:21:28 AM | Computer Name = KIMC_LT | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 7/20/2010 1:21:33 AM | Computer Name = KIMC_LT | Source = DCOM | ID = 10010
Description = The server {3A185DDE-E020-4985-A8F2-E27CDC4A0F3A} did not register
with DCOM within the required timeout.

Error - 7/22/2010 6:58:29 AM | Computer Name = KIMC_LT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.200.3 for the Network Card with network
address 002269A91506 has been denied by the DHCP server 192.168.200.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/22/2010 6:59:03 AM | Computer Name = KIMC_LT | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.200.3 for the Network Card with network
address 002269A91506 has been denied by the DHCP server 192.168.200.1 (The DHCP
Server sent a DHCPNACK message).

Error - 7/23/2010 12:55:45 PM | Computer Name = KIMC_LT | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.200.3 on
the Network Card with network address 002269A91506.

Error - 7/23/2010 12:57:06 PM | Computer Name = KIMC_LT | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/23/2010 12:57:06 PM | Computer Name = KIMC_LT | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/23/2010 12:57:12 PM | Computer Name = KIMC_LT | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 002269A91506. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 7/23/2010 2:51:16 PM | Computer Name = KIMC_LT | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the W32Time service.


< End of report >



#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 PM

Posted 23 July 2010 - 05:03 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 minipabs

minipabs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 23 July 2010 - 07:14 PM

Kahdah, again thank you for your help!
OTL file per your request:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 6121173 bytes
->Temporary Internet Files folder emptied: 16201182 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Andy
->Temp folder emptied: 5347449 bytes
->Temporary Internet Files folder emptied: 168854256 bytes
->Flash cache emptied: 1683 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56504 bytes

User: Kimberly Corrado
->Temp folder emptied: 8109297 bytes
->Temporary Internet Files folder emptied: 8050475 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 77083 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65988 bytes
->Flash cache emptied: 618 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38446316 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64716480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65989 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 302.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07232010_181013

Files\Folders moved on Reboot...
C:\Documents and Settings\Kimberly Corrado\Local Settings\Temporary Internet Files\Content.IE5\UWUL4SOF\ads[1].htm moved successfully.
C:\Documents and Settings\Kimberly Corrado\Local Settings\Temporary Internet Files\Content.IE5\6EXPX15W\ads[1].htm moved successfully.
C:\Documents and Settings\Kimberly Corrado\Local Settings\Temporary Internet Files\Content.IE5\1FJUH9AE\iframescript[1].htm moved successfully.
C:\Documents and Settings\Kimberly Corrado\Local Settings\Temporary Internet Files\Content.IE5\18MOIGE2\ads[1].htm moved successfully.
C:\Documents and Settings\Kimberly Corrado\Local Settings\Temporary Internet Files\Content.IE5\18MOIGE2\iframe[1].htm moved successfully.
C:\Documents and Settings\Kimberly Corrado\Local Settings\Temporary Internet Files\Content.IE5\18MOIGE2\index[1].htm moved successfully.
C:\Documents and Settings\Kimberly Corrado\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Kimberly Corrado\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_82c.dat not found!

Registry entries deleted on Reboot...

And ESET result:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1e736eddf61a184298b1b4a5386e6fe3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-24 12:08:42
# local_time=2010-07-23 07:08:42 (-0600, Central Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5121 16777189 100 75 314203 9078702 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=83787
# found=1
# cleaned=1
# scan_time=1940
C:\WINDOWS\CouponsBar.dll probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

So does this mean my on-line coupon printer is an infection? and how did my computer change to a "proxy" thing? What does that mean?
~minipabs

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 PM

Posted 24 July 2010 - 06:39 AM

QUOTE
So does this mean my on-line coupon printer is an infection?
Yes it is considered adware.
The proxy is set from the antivirus 7 infection.
This is set so you cannot get online.

For Itunes have you tried to reinstall it to fix the file not found message?
Let me know of any remaining issues please.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 minipabs

minipabs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 24 July 2010 - 09:42 AM

I tried removing iTunes, but it apparently has many components. I have not tried adding iTunes back onto my laptop yet because it wiped out all my stored music. Is iTunes safe? I used to think Adobe was safe and it seems to have a lot of problems. I was infected with Antivirus 7 on 6/20 and thought I removed it by using rkill and Malwarebytes within 24 hours, but I have been on the internet (sometimes losing a connection easily) since then. I was on-line banking and doing other personal stuff. Do you think the Antivirus 7 stole my SS# or any of my passwords to secure websites (credit cards/ IRS) that I logged into? As far as the iTunes error, can I try to reinstall from the Apple/iTunes website without uninstalling the other components? I get an error message from my diskepper Lite function too. It states "MMC has detected an error in a snap-in. It is recommended you shut down and restart MMC." the error message gives me three options: 1-Report error to Microsoft and shut down MMC, 2-Continue running and ignore errors with this snap-in for the rest of this session, and 3- Continue running and always ignor errors with this snap-in, regardless of user or session. Did Antivirus 7 do this too?
In the future, when I get an error message regarding a program, do I have to always uninstall and reinstall to fix? Why does my PC Doctor Pro unable to work on this computer? It PC Doctor Pro a junk program?
Thank you for your assistance! As you can tell, I am not completely versed in the PC world!!

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 PM

Posted 24 July 2010 - 05:48 PM

QUOTE
I have not tried adding iTunes back onto my laptop yet because it wiped out all my stored music.
Do you mean when you uninstalled it ,it wiped out all of your music?
Or it did this by malfunctioning?

QUOTE
I used to think Adobe was safe and it seems to have a lot of problems.
Adobe is safe a different alternative to that is Foxit reader.

QUOTE
I was infected with Antivirus 7 on 6/20 and thought I removed it by using rkill and Malwarebytes within 24 hours, but I have been on the internet (sometimes losing a connection easily) since then. I was on-line banking and doing other personal stuff. Do you think the Antivirus 7 stole my SS# or any of my passwords to secure websites (credit cards/ IRS) that I logged into?
No it is not a backdoor it is just a rouge.
I see no signs of backdoors in your logs.

QUOTE
As far as the iTunes error, can I try to reinstall from the Apple/iTunes website without uninstalling the other components?
Yes it will basically install itself on top of the same components.

QUOTE
I get an error message from my diskepper Lite function too. It states "MMC has detected an error in a snap-in. It is recommended you shut down and restart MMC." the error message gives me three options: 1-Report error to Microsoft and shut down MMC, 2-Continue running and ignore errors with this snap-in for the rest of this session, and 3- Continue running and always ignor errors with this snap-in, regardless of user or session. Did Antivirus 7 do this too?
Not sure you could try to do a repair install of it.
Basically go to start > Control Panel > Add/Remove programs click on Disk Keeper lite and choose change\remove.
See if it offers a repair feature if not then you can redownload it from your computer manufacturer's website more than likely.

QUOTE
In the future, when I get an error message regarding a program, do I have to always uninstall and reinstall to fix?
Usually this will fix most issues.
This is not a guarantee however it fixes most issues.

QUOTE
It PC Doctor Pro a junk program?
I would never trust a program that claims to fix everything in the system with "just a few clicks".
Most programs like this say there are errors on your computer each time you run it to make you think it is doing something.
I would not use it.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 minipabs

minipabs
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 02 August 2010 - 11:44 AM

Kahdah:
I have tried to reinstall iTunes since I unistalled it... I don't get the same error message on restart. Thank you
I removed the coupon software from my computer.
Upon start up, my computer is still running really slow. I am not certain why. Does Antivirus destroy registry keys? How do I know if I have probs? It changed my proxy...
I removed my Diskeeper Lite Program. I will use my system tools (Disk Cleaner and Disk frag) instead.
The slow start up...don't know for sure what is causing it now, but I will deal with it, as long as I know it is not an infection.
Thank you SO MUCH for your help!
~minipabs

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:26 PM

Posted 02 August 2010 - 06:05 PM

The infection you did have generally will not destroy registry keys but rather just use the registry to restrict access to certain things. (ex:regedit,internet,antivirus,etc..)
You have a few things we can remove using another program this will help the overall speed.
So for that please do the following:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.



Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users