Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Vending Machine App Hacked for Unlimited Credit

Featured Deal: Get The Pay What You Want: AWS Cloud Development Bundle Deal

Photo

Possible Malware Infection

Started by mikeindidginus , Jul 26 2010 06:05 PM

  • This topic is locked This topic is locked
5 replies to this topic

#1 mikeindidginus

mikeindidginus

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:01:20 AM

Posted 26 July 2010 - 06:05 PM

Hi there,

I have followed the instructions posted in the preparation guide but have been unable to get past the gmer.exe part. I have run the scan twice, but both times this has caused a blue screen of death for me (I'm running XP Pro SP3). I have attached the system dump files that were created in that process in case that helps. I have also attached the attach.zip which I managed to create OK. And here is the contents of DDS.txt. If you guys can help me determine if I have a malware issue or not that would be great. Many thanks for your help.

Michael.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Michael at 23:25:54.87 on 26/07/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2411 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Music_Apps\Other\SandBoxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\System32\msiexec.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\TOOLS\PROCESS_EXPLORER\PROCEXP.EXE
C:\Documents and Settings\Michael\Desktop\Defogger.exe
C:\Documents and Settings\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.co.uk/
mDefault_Page_URL = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\web_&_graphics\adobe\creative_suite_3\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\web_&_graphics\adobe\creative_suite_3\/Adobe Contribute CS3/contributeieplugin.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TpShocks] TpShocks.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: Append to existing PDF - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\web_&_graphics\adobe\creative_suite_3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli ACGina
IFEO: taskmgr.exe - "c:\tools\process_explorer\PROCEXP.EXE"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\jkybbxf8.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.co.uk
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\jkybbxf8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\jkybbxf8.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\michael\application data\mozilla\firefox\profiles\jkybbxf8.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\michael\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\michael\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\web_&_graphics\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\web_&_graphics\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\web_&_graphics\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\web_&_graphics\quicktime_7.2\plugins\npqtplugin4.dll
FF - plugin: c:\web_&_graphics\quicktime_7.2\plugins\npqtplugin5.dll
FF - plugin: c:\web_&_graphics\quicktime_7.2\plugins\npqtplugin6.dll
FF - plugin: c:\web_&_graphics\quicktime_7.2\plugins\npqtplugin7.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-2-8 24304]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-10-9 20520]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2008-11-10 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-12 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-12 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-12 243024]
R1 GenericMount;Generic Mount Driver;c:\windows\system32\drivers\GenericMount.sys [2009-9-21 46192]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-5-12 13480]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-7-1 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-7-1 166632]
R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008-5-9 46144]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2008-11-10 14976]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-5-13 53248]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-7-1 840936]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2007-3-30 63928]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2008-5-13 520192]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [2008-5-9 360448]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-11-10 33792]
R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [2008-12-18 20736]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [2008-12-18 18944]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort.sys [2010-7-1 20992]
R3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [2010-1-8 22232]
R3 RDID1079;UA-25EX;c:\windows\system32\drivers\Rdwm1079.sys [2010-2-25 139904]
R3 SbieDrv;SbieDrv;c:\music_apps\other\sandboxie\SbieDrv.sys [2010-7-4 119016]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2008-11-10 23152]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006-9-13 37312]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\windows\system32\drivers\vcdrom.sys --> c:\windows\system32\drivers\VCdRom.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DHEAPDMP;DHEAPDMP;c:\windows\system32\drivers\dheapdmp.sys [2009-8-18 17128]
S3 DisplayLinkFilter;DisplayLinkFilter;c:\windows\system32\drivers\displaylinkfilter.sys --> c:\windows\system32\drivers\DisplayLinkFilter.sys [?]
S3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [2008-11-10 20936]
S4 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
S4 DisplayLinkService;DisplayLink Service;c:\program files\displaylink core software\DisplayLinkService.exe [2008-12-18 447848]
S4 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-2-8 132456]
S4 e@syfile Service;e@syfile Service;c:\program files\e@syfile service\offlineService.exe [2009-7-3 278528]
S4 GenericMount Helper Service;GenericMount Helper Service;c:\tools\norton_ghost\shared\drivers\GenericMountHelper.exe [2009-9-21 1571336]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-5-21 45496]
S4 SymSnapService;SymSnapService;c:\tools\norton_ghost\shared\drivers\SymSnapService.exe [2009-9-21 1964528]

=============== Created Last 30 ================

2010-07-26 22:24:18 0 ----a-w- c:\documents and settings\michael\defogger_reenable
2010-07-25 22:50:23 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
2010-07-25 22:49:52 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{A397AF63-B3A1-40DF-AA85-5C5368304B60}
2010-07-25 22:49:50 0 d-----w- c:\program files\Native Instruments
2010-07-25 21:49:08 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~2
2010-07-25 21:40:44 0 d-----w- c:\docume~1\michael\applic~1\VST3 Presets
2010-07-25 21:11:31 0 d-----w- c:\docume~1\alluse~1\applic~1\VST3 Presets
2010-07-25 21:05:56 0 d-----w- c:\program files\common files\Steinberg
2010-07-25 21:05:56 0 d-----w- c:\docume~1\alluse~1\applic~1\Steinberg
2010-07-25 14:06:15 0 dc-h--w- c:\docume~1\alluse~1\applic~1\~1
2010-07-25 13:16:05 4274816 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-25 13:16:05 4274816 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-07-25 13:16:05 1897408 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-25 13:16:05 1897408 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-07-24 10:24:07 0 d-----r- C:\Sandbox
2010-07-24 10:22:51 1416 ----a-w- c:\windows\Sandboxie.ini
2010-07-24 10:20:12 0 d-----w- c:\program files\FAW
2010-07-24 10:12:39 0 d-----w- c:\docume~1\michael\applic~1\Waves
2010-07-24 10:12:28 0 d-----w- c:\docume~1\michael\applic~1\Waves Preferences
2010-07-24 10:10:33 0 d-----w- c:\docume~1\michael\applic~1\Waves Audio
2010-07-24 10:08:48 0 d-----w- c:\program files\Waves
2010-07-23 18:38:47 0 d-----w- c:\program files\Veoh Networks
2010-07-17 18:09:55 0 d-----w- c:\docume~1\michael\applic~1\Azureus
2010-07-17 18:09:05 0 d-----w- c:\program files\Vuze
2010-07-17 18:08:59 0 d-----w- c:\program files\Conduit
2010-07-17 18:08:58 0 d-----w- c:\program files\Vuze_Remote
2010-07-17 17:52:19 0 d-----w- c:\program files\BBE Sound
2010-07-15 17:45:15 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-08 16:06:44 0 d-----w- c:\docume~1\michael\applic~1\Thinstall
2010-07-06 20:03:16 0 d-----w- c:\program files\common files\reFX
2010-07-06 09:45:42 0 d-----w- c:\program files\common files\Digidesign
2010-07-06 09:41:12 0 d-----w- c:\program files\Spectrasonics
2010-07-05 17:02:24 0 d-----w- c:\program files\Sonic Icons for Lenovo
2010-07-02 17:16:48 0 d-sh--r- C:\RRbackups
2010-07-02 17:12:51 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys
2010-07-02 17:10:26 0 d-----w- c:\docume~1\michael\applic~1\Intel
2010-07-02 17:10:11 675840 ----a-w- c:\windows\system32\NETw5c32.dll
2010-07-02 17:10:11 6601216 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2010-07-02 17:10:11 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2010-07-02 16:12:39 0 d-----w- C:\swshare
2010-07-02 16:01:29 4096 --sha-w- C:\VSNAP.IDX
2010-07-02 15:57:13 0 d-----w- c:\docume~1\michael\applic~1\Symantec
2010-07-02 10:16:42 131000 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2010-07-02 10:12:00 138592 ----a-w- c:\windows\system32\drivers\symsnap.sys
2010-07-02 10:11:54 15096 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2010-07-02 10:11:54 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMount_01009.Wdf
2010-07-02 10:11:44 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-02 10:11:44 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-07-02 10:11:22 0 d-----w- c:\docume~1\alluse~1\applic~1\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2010-07-01 14:47:20 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-07-01 14:32:50 0 d-----w- c:\program files\Lenovo Display Adapter
2010-07-01 14:32:44 299008 ----a-w- c:\windows\system32\DisplayLinkUsbCo2b.dll
2010-07-01 14:32:44 20992 ----a-w- c:\windows\system32\drivers\DisplayLinkUsbPort.sys
2010-07-01 14:32:35 0 d-----w- c:\program files\DisplayLink Core Software
2010-07-01 14:23:59 0 d-----w- c:\program files\Lenovo Enhanced USB Port Replicator
2010-07-01 13:58:09 0 d-----w- c:\program files\ASIX Electronics Corporation
2010-07-01 13:43:44 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-01 13:43:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_tp4track_01009.Wdf
2010-07-01 13:43:38 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-07-01 13:43:17 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-06-29 17:47:07 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-06-29 12:52:20 0 d-----w- c:\program files\KResearch
2010-06-29 12:25:24 499712 ----a-w- C:\msvcp71.dll
2010-06-29 12:25:24 348160 ----a-w- C:\msvcr71.dll
2010-06-29 12:21:39 0 d-----w- c:\docume~1\michael\applic~1\SIR
2010-06-29 12:21:39 0 d-----w- c:\docume~1\alluse~1\applic~1\SIR
2010-06-29 12:07:39 0 d-----w- c:\program files\apulSoft
2010-06-29 11:41:56 0 d-----w- c:\program files\Elaborate Bytes

==================== Find3M ====================

2010-07-15 17:45:16 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 17:44:33 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-09 23:01:10 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01:10 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-01 12:52:02 1058128 ----a-w- c:\windows\system32\btrez.dll
2010-06-01 12:51:58 92840 ----a-w- c:\windows\system32\drivers\btwsecfl.sys
2010-06-01 12:51:58 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-06-01 12:51:58 51752 ----a-w- c:\windows\system32\drivers\btwusb.sys
2010-06-01 12:51:58 37160 ----a-w- c:\windows\system32\drivers\btport.sys
2010-06-01 12:51:58 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-06-01 12:51:58 156816 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2010-06-01 12:51:56 993320 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-06-01 12:51:56 533152 ----a-w- c:\windows\system32\drivers\btaudio.sys
2010-05-12 00:25:00 196608 ------w- c:\windows\PWMBTHLP.EXE
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2008-11-10 18:48:00 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-11-10 20:17:45 32768 --sh--w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 23:26:27.65 ===============


Attached Files


BC AdBot (Login to Remove)

 

#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:09:20 AM

Posted 05 August 2010 - 05:42 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#3 mikeindidginus

mikeindidginus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
    •  
  • Local time:01:20 AM

Posted 05 August 2010 - 09:31 AM

Thanks for your reply Elise. Basically I'm not sure if I've managed to clear all infections from my laptop so would appreciate your help with determining if it's all clear!

Here are those logs from OTL you asked for:

OTL logfile created on: 05/08/2010 15:22:42 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.25 Gb Total Space | 18.18 Gb Free Space | 12.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111.79 Gb Total Space | 32.48 Gb Free Space | 29.06% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 159.34 Gb Free Space | 34.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRATTITUDE
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/05 11:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2010/07/28 13:16:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/07/25 00:43:30 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/25 00:43:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/15 18:45:17 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 18:45:15 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 18:45:15 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 18:45:13 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 18:44:33 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 18:44:28 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/04 10:49:14 | 000,075,496 | ---- | M] (tzuk) -- C:\Music_Apps\Other\SandBoxie\SbieSvc.exe
PRC - [2010/07/02 11:55:12 | 010,515,456 | ---- | M] () -- C:\Tools\SendSpace_Wizard\Wizard\ssgui_app.exe
PRC - [2010/07/02 11:55:07 | 004,915,712 | ---- | M] () -- C:\Tools\SendSpace_Wizard\Wizard\SendSpace Wizard.exe
PRC - [2010/07/01 12:07:20 | 001,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/06/29 05:01:20 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Tools\Winamp\winamp.exe
PRC - [2010/05/25 10:57:26 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/04/26 13:46:32 | 000,144,824 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/12/21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/12/11 11:19:02 | 000,337,256 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/07/23 02:11:00 | 000,185,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/10/09 17:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2008/05/13 18:47:40 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/13 18:40:48 | 000,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/12/01 09:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/20 18:06:52 | 016,087,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Web_&_Graphics\Adobe\Creative_Suite_3\Adobe Dreamweaver CS3\Dreamweaver.exe
PRC - [2005/10/23 00:00:00 | 000,385,024 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe


========== Modules (SafeList) ==========

MOD - [2010/08/05 11:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
MOD - [2010/06/07 18:07:08 | 000,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2007/12/01 09:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/12/01 09:23:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\GEARSec.exe -- (GEARSecurity)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/07/28 13:16:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/22 18:38:43 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 18:45:13 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/04 10:49:14 | 000,075,496 | ---- | M] (tzuk) [Auto | Running] -- C:\Music_Apps\Other\SandBoxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010/07/01 12:07:18 | 000,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/05/25 10:57:26 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/05/12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) [Disabled | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/04/07 14:37:22 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/04/07 12:02:16 | 000,045,496 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/12/10 21:34:12 | 000,230,760 | ---- | M] (Lenovo ) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2009/12/10 21:34:10 | 000,103,784 | ---- | M] (Lenovo ) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/10/09 11:12:30 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2009/10/01 21:32:04 | 004,584,288 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Tools\Norton_Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2009/09/21 20:25:34 | 001,571,336 | ---- | M] (Symantec) [Disabled | Stopped] -- C:\Tools\Norton_Ghost\Shared\Drivers\GenericMountHelper.exe -- (GenericMount Helper Service)
SRV - [2009/09/21 20:19:20 | 001,964,528 | ---- | M] (Symantec) [Disabled | Stopped] -- C:\Tools\Norton_Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2009/09/09 05:27:52 | 001,029,432 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/07/03 10:06:36 | 000,278,528 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\e@syFile Service\offlineService.exe -- (e@syfile Service)
SRV - [2009/06/12 09:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/03/19 18:08:44 | 000,038,176 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/12/18 17:27:01 | 000,447,848 | ---- | M] (DisplayLink Corp.) [Disabled | Stopped] -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe -- (DisplayLinkService)
SRV - [2008/11/07 18:55:30 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/10/09 17:05:16 | 000,360,448 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/05/14 15:42:30 | 001,155,072 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/05/13 18:47:40 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/13 18:40:48 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/01/30 04:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Disabled | Stopped] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/29 20:57:50 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/10/07 03:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\VCdRom.sys -- (vcdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys -- (TVTPktFilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ENTECH.sys -- (ENTECH)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\DisplayLinkFilter.sys -- (DisplayLinkFilter)
DRV - [2010/07/15 18:45:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 18:44:33 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/04 10:49:10 | 000,119,016 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Music_Apps\Other\SandBoxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/07/02 18:12:51 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2010/07/01 12:07:30 | 000,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/01 12:07:30 | 000,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2010/06/04 21:10:06 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/01 13:51:58 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2010/06/01 13:51:58 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/06/01 13:51:58 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2010/06/01 13:51:56 | 000,993,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/06/01 13:51:56 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2010/05/12 01:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/05/12 01:25:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/03/26 04:08:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2010/03/17 22:15:18 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2010/01/15 15:53:42 | 000,023,152 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2010/01/13 12:18:34 | 001,730,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2010/01/08 01:12:00 | 000,022,232 | ---- | M] (KORG INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/17 18:02:46 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2009/11/17 18:02:44 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2009/10/09 11:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/10/09 11:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/10/01 22:03:40 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/09/21 20:40:14 | 000,015,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2009/09/21 20:26:10 | 000,046,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GenericMount.sys -- (GenericMount)
DRV - [2009/09/21 20:20:42 | 000,138,592 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2009/08/09 22:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009/08/07 04:17:26 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/05/13 15:48:53 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2009/03/19 18:08:06 | 000,025,000 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2009/02/18 10:33:12 | 000,139,904 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rdwm1079.sys -- (RDID1079)
DRV - [2008/12/18 17:27:38 | 000,020,992 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkUsbPort.sys -- (DisplayLinkUsbPort)
DRV - [2008/12/18 17:27:38 | 000,020,736 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys -- (DisplayLinkGA)
DRV - [2008/12/18 17:27:38 | 000,018,944 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2008/11/10 19:58:37 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2008/07/11 10:48:00 | 000,046,144 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008/05/12 22:14:14 | 000,017,844 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/02/22 15:54:40 | 000,037,312 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/12/01 02:31:08 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2007/12/01 02:31:08 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/11/30 16:30:58 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/11/30 15:15:26 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/11/29 16:35:44 | 000,163,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/11/19 10:50:14 | 000,019,072 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2007/11/14 15:20:08 | 000,020,936 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb22ldr.sys -- (USB22LDR)
DRV - [2007/11/14 15:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2007/04/27 07:00:58 | 000,666,112 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAudN.sys -- (HdAudAddService)
DRV - [2007/03/28 14:22:58 | 002,204,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/03/25 14:43:00 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/03/25 14:43:00 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/03/25 14:42:00 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/06 16:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/03/29 18:55:42 | 000,017,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dheapdmp.sys -- (DHEAPDMP)
DRV - [2006/03/01 02:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/02 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/09 19:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/04/07 17:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2005/01/07 22:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/07/28 08:04:28 | 000,004,992 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Amfilter.sys -- (Amfilter)
DRV - [2004/07/28 08:04:18 | 000,011,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Amusbprt.sys -- (Amusbprt)
DRV - [2004/02/23 07:40:38 | 000,014,976 | ---- | M] (CMS Peripherals, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\portd2k.sys -- (portD)
DRV - [2003/09/11 08:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2003/08/11 09:07:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/17 19:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)
DRV - [2001/04/09 03:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\NSynas32.sys -- (Nsynas32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.co.uk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {75CEEE46-9B64-46f8-94BF-54012DE155F0}:0.4
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:1.3
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: ramback@pavlov.net:1.0
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/22 18:40:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/23 18:20:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/28 21:58:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/04 14:56:07 | 000,000,000 | ---D | M]

[2008/11/10 19:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2010/08/04 16:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions
[2010/05/05 09:46:51 | 000,000,000 | ---D | M] (MeasureIt) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
[2010/06/04 21:25:42 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/08/04 09:55:22 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2009/08/14 13:29:07 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/07/23 19:41:27 | 000,000,000 | ---D | M] (Veoh Web Player Toolbar) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2010/07/11 15:10:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/14 19:56:57 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/05/10 14:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\firebug@software.joehewitt.com
[2010/06/27 10:49:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\netvideohunter@netvideohunter.com
[2010/03/29 13:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\extensions\ramback@pavlov.net
[2010/02/17 20:50:34 | 000,001,793 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jkybbxf8.default\searchplugins\filetubecom.xml
[2010/04/02 17:31:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/29 05:01:22 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Web_&_Graphics\Adobe\Creative_Suite_3\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Web_&_Graphics\Adobe\Creative_Suite_3\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/05/25 13:43:18 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4069033342-1913383472-2393234615-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Append to existing PDF - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Web_&_Graphics\Adobe\Creative_Suite_3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\taskmgr.exe: Debugger - "C:\TOOLS\PROCESS_EXPLORER\PROCEXP.EXE" (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/08 22:42:28 | 000,000,033 | -H-- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{9767ebb1-8d6f-11de-9618-001fe1ee95f1}\Shell\AutoRun\command - "" = G:\Nsum\F\Tud.exe -- File not found
O33 - MountPoints2\{9767ebb1-8d6f-11de-9618-001fe1ee95f1}\Shell\open\command - "" = G:\Nsum\F\Tud.exe -- File not found
O33 - MountPoints2\{a975ee61-04bd-11df-aef4-001f3b509f71}\Shell - "" = AutoRun
O33 - MountPoints2\{a975ee61-04bd-11df-aef4-001f3b509f71}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a975ee61-04bd-11df-aef4-001f3b509f71}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *pgdfgsvc C 1) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/05 11:44:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/08/04 14:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/04 14:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/08/04 14:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/03 22:27:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo Display Adapter
[2010/08/03 22:26:57 | 000,299,008 | ---- | C] (DisplayLink Corp.) -- C:\WINDOWS\System32\DisplayLinkUsbCo2b.dll
[2010/08/03 22:26:57 | 000,020,992 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\System32\drivers\DisplayLinkUsbPort.sys
[2010/08/03 22:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\DisplayLink Core Software
[2010/08/03 14:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2010/08/03 13:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/07/28 13:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/07/28 13:21:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/28 13:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/07/25 23:50:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{C2686527-0D57-4F0B-ADAB-EE203CA30FC6}
[2010/07/25 23:49:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A397AF63-B3A1-40DF-AA85-5C5368304B60}
[2010/07/25 23:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2010/07/25 22:49:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~2
[2010/07/25 22:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\VST3 Presets
[2010/07/25 22:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VST3 Presets
[2010/07/25 22:05:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2010/07/25 22:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Steinberg
[2010/07/25 15:06:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~1
[2010/07/25 14:16:05 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/07/25 14:16:05 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010/07/25 14:16:05 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/07/25 14:16:05 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/07/25 14:16:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2010/07/25 14:15:58 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/07/25 14:15:58 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinrvxx.sys
[2010/07/25 14:15:57 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ativvaxx.dll
[2010/07/25 14:15:57 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2010/07/25 14:15:57 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/07/25 14:15:57 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1tuxx.sys
[2010/07/25 14:15:57 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/07/25 14:15:57 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxbxx.sys
[2010/07/25 14:15:57 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/07/25 14:15:57 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinsnxx.sys
[2010/07/25 14:15:56 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/07/25 14:15:56 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atintuxx.sys
[2010/07/25 14:15:56 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativtmxx.dll
[2010/07/25 14:15:56 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/07/25 14:15:55 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3duag.dll
[2010/07/25 14:15:55 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2010/07/25 14:15:55 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/07/25 14:15:55 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1btxx.sys
[2010/07/25 14:15:55 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativmvxx.ax
[2010/07/25 14:15:55 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/07/25 14:15:54 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010/07/25 14:15:54 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtag.sys
[2010/07/25 14:15:54 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/07/25 14:15:54 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinbtxx.sys
[2010/07/25 14:15:54 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/07/25 14:15:54 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1xsxx.sys
[2010/07/25 14:15:53 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\dllcache\ati3d1ag.dll
[2010/07/25 14:15:53 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/07/25 14:15:53 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/07/25 14:15:53 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2mtaa.sys
[2010/07/25 14:15:53 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/07/25 14:15:53 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinxsxx.sys
[2010/07/25 14:15:53 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/07/25 14:15:53 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1raxx.sys
[2010/07/25 14:15:52 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvag.dll
[2010/07/25 14:15:52 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2010/07/25 14:15:52 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/07/25 14:15:52 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\atinraxx.sys
[2010/07/25 14:15:52 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/07/25 14:15:52 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1mdxx.sys
[2010/07/25 14:15:52 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ativdaxx.ax
[2010/07/25 14:15:52 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/07/25 14:15:51 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2dvaa.dll
[2010/07/25 14:15:51 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/07/25 14:15:51 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/07/25 14:15:51 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1ttxx.sys
[2010/07/25 14:15:51 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/07/25 14:15:51 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1pdxx.sys
[2010/07/25 14:15:50 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati2cqag.dll
[2010/07/25 14:15:50 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2010/07/25 14:15:50 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/07/25 14:15:50 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\dllcache\ati1rvxx.sys
[2010/07/24 11:24:07 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010/07/24 11:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\FAW
[2010/07/24 11:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Waves
[2010/07/24 11:12:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Waves Preferences
[2010/07/24 11:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Waves Audio
[2010/07/24 11:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Waves
[2010/07/23 19:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/07/17 19:40:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Vuze Downloads
[2010/07/17 19:09:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Azureus
[2010/07/17 19:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010/07/17 19:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Vuze_Remote
[2010/07/17 19:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/07/17 19:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2010/07/17 18:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\BBE Sound
[2010/07/15 18:45:15 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/09 20:21:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\DivX
[2010/07/08 17:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Thinstall
[2010/07/08 17:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Thinstall
[2010/07/08 16:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/06 21:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\reFX
[2008/11/10 19:41:07 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/11/10 19:41:07 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/05 14:48:25 | 016,515,072 | -H-- | M] () -- C:\Documents and Settings\Michael\NTUSER.DAT
[2010/08/05 12:44:58 | 000,433,107 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\bleep_we_look_young_in_this.jpg
[2010/08/05 12:10:32 | 000,147,340 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\malware_info_to_do.pdf
[2010/08/05 11:46:33 | 062,974,081 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/05 11:44:48 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\wopm5m3v.exe
[2010/08/05 11:44:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/08/05 09:56:31 | 000,117,343 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\everest_report.htm
[2010/08/05 09:52:43 | 000,010,234 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\clockgen3.jpg
[2010/08/05 09:52:18 | 000,011,723 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\clockgen2.jpg
[2010/08/05 09:51:49 | 000,009,275 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\clockgen1.jpg
[2010/08/05 09:51:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\prvlcl.dat
[2010/08/05 09:38:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/05 02:10:00 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Michael\ntuser.ini
[2010/08/05 00:15:24 | 000,072,901 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Radio Stations.pdf
[2010/08/04 21:55:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TMonitor.INI
[2010/08/04 14:26:31 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/04 00:51:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/03 23:14:17 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 22:31:19 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010/08/03 22:31:19 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010/08/03 21:39:35 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010/08/03 21:39:35 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\msvcsv60.dll
[2010/08/03 21:39:35 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010/08/03 21:35:14 | 000,025,334 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/08/03 21:34:46 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/08/03 19:46:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/03 13:48:53 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/08/03 11:10:17 | 000,013,596 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\Health Info for Guests.pdf
[2010/07/30 01:10:02 | 000,000,462 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\from rama.lnk
[2010/07/28 15:57:55 | 000,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2010/07/28 15:57:55 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2010/07/28 15:10:36 | 000,000,967 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/28 15:10:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/28 15:10:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/28 14:06:45 | 000,705,624 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/28 13:52:05 | 003,963,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/28 12:39:08 | 000,001,416 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/07/24 13:30:20 | 000,050,435 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\milton_keynes_ticket_price_via_clapham.pdf
[2010/07/24 11:22:27 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/07/22 17:06:04 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2010/07/17 19:09:24 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/07/15 18:45:16 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 18:45:15 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 18:44:33 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/15 11:30:01 | 000,000,107 | ---- | M] () -- C:\WINDOWS\MYOKENT.INI
[2010/07/07 18:37:48 | 000,117,116 | ---- | M] () -- C:\Documents and Settings\Michael\Desktop\EMAIL eFiling TAXPAYERS.pdf
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/05 12:44:56 | 000,433,107 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\bleep_we_look_young_in_this.jpg
[2010/08/05 12:10:32 | 000,147,340 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\malware_info_to_do.pdf
[2010/08/05 11:44:48 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\wopm5m3v.exe
[2010/08/05 09:56:31 | 000,117,343 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\everest_report.htm
[2010/08/05 09:52:43 | 000,010,234 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\clockgen3.jpg
[2010/08/05 09:52:18 | 000,011,723 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\clockgen2.jpg
[2010/08/05 09:51:49 | 000,009,275 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\clockgen1.jpg
[2010/08/05 00:15:24 | 000,072,901 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Radio Stations.pdf
[2010/08/04 22:24:03 | 000,001,270 | ---- | C] () -- C:\IUICONS.BMP
[2010/08/04 21:55:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TMonitor.INI
[2010/08/03 13:48:53 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/08/03 13:48:52 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/08/03 11:10:17 | 000,013,596 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\Health Info for Guests.pdf
[2010/08/03 10:40:05 | 000,000,528 | ---- | C] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010/08/03 10:40:05 | 000,000,332 | ---- | C] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010/07/30 01:10:02 | 000,000,462 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\from rama.lnk
[2010/07/24 13:30:20 | 000,050,435 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\milton_keynes_ticket_price_via_clapham.pdf
[2010/07/24 11:22:53 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2010/07/24 11:22:51 | 000,001,416 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/07/17 19:09:24 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/07/07 18:37:47 | 000,117,116 | ---- | C] () -- C:\Documents and Settings\Michael\Desktop\EMAIL eFiling TAXPAYERS.pdf
[2010/05/25 10:57:38 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010/03/26 09:24:20 | 000,000,107 | ---- | C] () -- C:\WINDOWS\MYOKENT.INI
[2010/02/25 10:01:05 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\RdCi1079.dll
[2009/10/26 10:21:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/10/23 18:28:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/05/15 19:26:10 | 000,000,239 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/13 15:25:08 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/05/10 16:14:19 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/03/09 15:26:33 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/12 15:42:20 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2008/11/11 21:55:45 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Hyperman.dll
[2008/11/11 21:55:05 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Wavlbsys.dll
[2008/11/11 21:42:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibsfh.dll
[2008/11/11 21:42:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibrty.dll
[2008/11/11 21:42:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibjye.dll
[2008/11/11 21:42:43 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\sslibjte.dll
[2008/11/11 21:42:42 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibsfh.dll
[2008/11/11 21:42:42 | 000,002,756 | ---- | C] () -- C:\WINDOWS\System32\slibhe.dll
[2008/11/11 13:27:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/11/11 13:27:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/11/11 13:27:22 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/11/11 13:27:22 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/11/11 13:27:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/11/10 20:08:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/10 19:58:08 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/11/10 19:52:52 | 000,000,288 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/10 19:51:16 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/10 19:51:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/10 19:51:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/10 19:51:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/10 19:51:16 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/10 19:51:16 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/10 19:44:50 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/11/10 19:44:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2008/11/10 19:42:45 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/11/10 19:41:45 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/11/10 19:41:07 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/11/10 19:41:07 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2008/11/10 19:30:57 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2008/11/10 17:39:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/10 17:23:36 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/11/10 17:23:36 | 000,000,095 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2008/11/10 17:05:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS50.DLL
[2008/01/04 14:13:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2007/03/02 13:15:36 | 000,025,334 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/03/02 13:15:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/02/05 11:27:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/04/30 08:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 08:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 07:56:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NSREG.DLL
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/07/28 08:04:28 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\Amfilter.sys
[2004/07/28 08:04:18 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\Amusbprt.sys
[2003/05/22 09:24:49 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
< End of report >

***************

OTL Extras logfile created on: 05/08/2010 15:22:42 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.25 Gb Total Space | 18.18 Gb Free Space | 12.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 111.79 Gb Total Space | 32.48 Gb Free Space | 29.06% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 159.34 Gb Free Space | 34.21% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GRATTITUDE
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-4069033342-1913383472-2393234615-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Tools\VLC_Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Tools\VLC_Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Tools\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Tools\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Tools\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Web_&_Graphics\Adobe\Creative_Suite_3\Adobe Contribute CS3\Contribute.exe" = C:\Web_&_Graphics\Adobe\Creative_Suite_3\Adobe Contribute CS3\Contribute.exe:*:Enabled:Contribute -- (Adobe Systems Incorporated.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Web_&_Graphics\Adobe\Creative_Suite_3\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Web_&_Graphics\Adobe\Creative_Suite_3\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\Web_&_Graphics\Adobe\Creative_Suite_3\Adobe Flash CS3\Flash.exe" = C:\Web_&_Graphics\Adobe\Creative_Suite_3\Adobe Flash CS3\Flash.exe:*:Enabled:Adobe Flash CS3 -- (Adobe Systems Incorporated.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{05C2120A-4400-4F1C-82C0-D50C34281F73}" = Lenovo Enhanced USB Port Replicator
"{060A0EAE-2615-4946-8212-653D743C7226}" = Lenovo Display Adapter
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A2820DB-CB78-4C24-9F48-49E67B0337E1}" = Phoscyon 1.8.0
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = Series II MIDI
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3A7DDC0A-B576-47E4-B061-2DD5D91E432F}" = KORG USB-MIDI Driver Tools for Windows
"{3D289CAC-AD9F-45d9-9D36-524EB7B6C958}" = Lenovo Hard Drive Quick Test
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{46B3CC07-3B29-41B4-9B22-0988425E8E2C}_is1" = Auslogics Duplicate File Finder
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5636E517-8100-4E2A-B69E-2B16AFFA2360}" = Sony Sound Forge 8.0d
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{648C1BFD-6A70-46D8-B855-F84D95C2DC34}" = CSR
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{64CCBE26-A8EE-4D34-87BE-2AF3E5489574}" = Nepheton
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A70D9E8-C51B-4196-BD1F-137E6EF6AEBB}" = Canopus ProCoder 2
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{73EF21D0-E59E-48AB-9F97-7FF50ABD00D7}" = DisplayLink Core Software
"{775500D3-ADB1-4735-B7D2-46DB6706B450}" = Toraverb
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7F55748C-CCDB-4942-99F8-C221D7BD5C26}" = Nithonat
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{82DA9C71-DBFF-4ED9-8B53-B2F28AA6BFD7}" = Syntorus 1.0.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}" = System Migration Assistant
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95632566-071E-4A02-92C1-4BD907065736}" = BounceBack Express
"{9624502C-3D39-41A0-8917-858EC16769CE}" = KORG M1 Le
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E509477-5259-6141-C092-79C255C49508}" = e@syFile-Practitioner
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A88117A1-5E22-4AD1-86FD-BCA427836D9C}" = Sounddiver Virus OEM 6.6 Release 1
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel® Processor ID Utility
"{AAE4B36C-7A25-4513-975B-ACE7437572A0}" = Korg Kontrol Editor
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF42E274-77CB-420F-A7CC-42E1540EA0C7}" = KR-Space Demo
"{B0255743-165B-4BD5-8DA8-37DFB9930015}" = Norton Ghost
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3BE8F94-4B61-4237-852F-C0F27F6B65E4}" = Intel Processor Diagnostic Tool
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4691C58-2A6A-4AFA-960E-AEB767639E44}" = PCM Native Reverb VST Plug-in
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC975AF9-0C87-4361-8F4B-FBEF2FC7B3A9}" = Drumazon
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E565B0-03A0-40D9-A514-000634AA58C6}" = KORG Legacy Collection - DIGITAL EDITION
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1E1DFFB-0172-416C-A94E-AD73924B5BFF}" = AX88772A & AX88772 Windows XP Drivers
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F9220DB6-8E1A-4CBA-A6CB-45CF28B5ED9B}" = Flash Player Update for Flash 8
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3DChorus" = SpinAudio 3DChorus 1.1
"3DDelays_1.1_Build_230" = 3DDelays 1.1 Build 230
"3DPanner Motion Effects" = SpinAudio 3DPanner Motion Effects 1.0
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AKAI professional Plugins Pack v1.01-OxYGeN" = AKAI professional Plugins Pack v1.01-OxYGeN
"Analog Factory Demo_is1" = Analog Factory Demo 2.0
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"Antares AVOX Bundle VST RTAS_is1" = Antares AVOX Bundle VST RTAS v1.1.3
"Antares Filter VST DX v1.0" = Antares Filter VST DX v1.0
"Antares Harmony Engine VST RTAS_is1" = Antares Harmony Engine VST RTAS v1.0
"Antares Kantos v1.0" = Antares Kantos v1.0
"apEQ" = apEQ 1.3.0
"Arturia CS-80V v1.2" = Arturia CS-80V v1.2
"ASAPI Update" = ASAPI Update
"ASIO4ALL" = ASIO4ALL
"Atmosphere_is1" = Atmosphere
"Audio Damage 907A VST v1.0.0.7" = Audio Damage 907A VST v1.0.0.7
"Audio Damage DubStation VST v1.0.2.0" = Audio Damage DubStation VST v1.0.2.0
"AudioEase Altiverb VST RTAS_is1" = AudioEase Altiverb VST RTAS v6.12
"AutoGK" = Auto Gordian Knot 2.55
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"AwayTask" = Maintenance Manager
"BBE Sonic Sweet Bundle VST RTAS_is1" = BBE Sonic Sweet Bundle VST RTAS v1.0
"Belarc Advisor 2.0" = Belarc Advisor 7.1
"BigSeq VST plug-in" = BigSeq VST plug-in
"CCleaner" = CCleaner
"CD Trustee" = CD Trustee
"CDXTRACT 4.5_is1" = CDXtract 4.5
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_17AA20DA" = HDAUDIO Soft Data Fax Modem with SmartCP
"db Audioware Mastering Plugins v1.05b" = db Audioware Mastering Plugins v1.05b
"DeClicker" = Steinberg DeClicker v1.21
"Dheapmon" = Desktop Heap Monitor (Uninstall Only)
"discoDSP Discovery VSTi_is1" = discoDSP Discovery VSTi v2.9
"discoDSP Phantom_is1" = discoDSP Phantom v1.1
"Discord 2 VST plug-in" = Discord 2 VST plug-in
"DivX Setup.divx.com" = DivX Setup
"EarMaster School 5_is1" = EarMaster School 5
"easyFilePrac.0612E4541602589CA8807A3EA214FDF182FEF49D.1" = e@syFile-Practitioner
"EncFlac" = EncFlac 1.1.2
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"F13EE0B22AD5D087DFA50E3D4D6F13FC1AAAFB32" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Futureaudioworkshop Circle VSTi RTAS_is1" = Futureaudioworkshop Circle VSTi RTAS v1.0.5
"FX Designer" = SpinAudio FX Designer 1.1
"GMedia Music impOSCar Standalone VST v1.01" = GMedia Music impOSCar Standalone VST v1.01
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hyperprism 2.5.0" = Hyperprism 2.5.0
"Hypersonic" = Hypersonic
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IL Vocodex" = IL Vocodex
"InstallShield_{F1E1DFFB-0172-416C-A94E-AD73924B5BFF}" = AX88772A & AX88772 Windows XP Drivers
"IrfanView" = IrfanView (remove only)
"iZotope Spectron_is1" = iZotope Spectron
"Jupiter-8V Demo_is1" = Jupiter-8V Demo 1.0
"Korg Legacy Collection v1.0.0.2" = Korg Legacy Collection v1.0.0.2
"Lenovo Registration" = Lenovo Registration
"LENOVO.SMIIF" = Lenovo System Interface Driver
"Live 7.0.18" = Live 7.0.18
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.46a
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig v1.1.1" = Native Instruments Guitar Rig v1.1.1
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Service Center" = Native Instruments Service Center
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NoteCenter" = NoteCenter 1.57
"Novation Bass-Station VSTi v1.10" = Novation Bass-Station VSTi v1.10
"Novation V-Station for Cubase SX3 VSTi v1.41" = Novation V-Station for Cubase SX3 VSTi v1.41
"OnScreenDisplay" = On Screen Display
"OrangeVocoder v2.0-OxYGeN" = OrangeVocoder v2.0-OxYGeN
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PCM Native Reverb VST Plug-in" = PCM Native Reverb VST Plug-in
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PhaseTwo VST plug-in" = PhaseTwo VST plug-in
"Power Management Driver" = ThinkPad Power Management Driver
"Predator_is1" = Rob Papen Predator V1.1.0
"PrimoPDF3.2" = PrimoPDF
"PSP VintageWarmer2 2.1.4" = PSP VintageWarmer2 2.1.4
"PSP_DelayPack" = PSPDelayPack 1.3
"PSP_Nitro" = PSP Nitro VST and DX 1.0
"Rapport_msi" = Rapport
"Ray Gun v1.3.5" = Ray Gun v1.3.5
"Reason4_is1" = Reason 4.0
"Recuva" = Recuva
"ReCycle v2.1" = ReCycle v2.1
"Replicant VST plug-in" = Replicant VST plug-in
"Reverence VST plug-in" = Reverence VST plug-in
"Revo Uninstaller" = Revo Uninstaller 1.89
"RgcAudio z3ta Plus DXi VSTi v1.41" = RgcAudio z3ta Plus DXi VSTi v1.41
"Rob Papen Albino 3" = Rob Papen Albino 3
"Rob Papen BLUE Version 1.1_is1" = Rob Papen BLUE Version 1.1
"RolandRDID0079" = UA-25EX Driver
"Sandboxie" = Sandboxie 3.46
"SendSpaceWizard" = SendSpace Wizard
"SimpleCast" = SimpleCast (remove only)
"Sonalksis Plug-Ins for Windows_is1" = Sonalksis Plug-Ins for Windows 1.28
"Sonic Foundry Noise Reduction" = Sonic Foundry Noise Reduction
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
"Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
"Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
"Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
"SoundToys Native Effects VST RTAS_is1" = SoundToys Native Effects VST RTAS v4.0.2
"Spektral Delay v1.52" = Spektral Delay v1.52
"SPL Analog Code DrumXchanger VST RTAS_is1" = SPL Analog Code DrumXchanger VST RTAS v1.0
"SPL Analog Code EQ Rangers Volume One VST RTAS_is1" = SPL Analog Code EQ Rangers Volume One VST RTAS v1.2
"SPL Analog Code MicroPlugs VST RTAS_is1" = SPL Analog Code MicroPlugs VST RTAS v1.1
"SPL Analog Code Transient Designer VST RTAS_is1" = SPL Analog Code Transient Designer VST RTAS v1.2
"SPL Analog Code TwinTube Processor VST RTAS_is1" = SPL Analog Code TwinTube Processor VST RTAS v1.2
"SPL Analog Code Vitalizer MK2-T VST RTAS_is1" = SPL Analog Code Vitalizer MK2-T VST RTAS v1.2
"STANDARDR" = Microsoft Office Standard 2007
"Steinberg Cubase SX v3.1.1.944" = Steinberg Cubase SX v3.1.1.944
"Steinberg Dcota v1.0" = Steinberg Dcota v1.0
"Steinberg Denoiser v1.51" = Steinberg Denoiser v1.51
"Steinberg HALion v2.0.3.5" = Steinberg HALion v2.0.3.5
"Steinberg Voice Designer v1.03" = Steinberg Voice Designer v1.03
"Steinberg VoiceMachine v1.0" = Steinberg VoiceMachine v1.0
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"TC Native Bundle v3.1" = TC Native Bundle v3.1
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TrackPoint" = ThinkPad TrackPoint Driver
"Trilogy_is1" = Trilogy
"Tweak UI 2.10" = Tweak UI
"VB:FFX-4 Rack" = VB:FFX-4 Rack
"Veoh Web Player Beta" = Veoh Web Player
"Virsyn CUBE v1.5" = Virsyn CUBE v1.5
"vis_BeatHarness.dllWinamp" = BeatHarness for Winamp 2x (remove only)
"VLC media player" = VLC media player 1.1.0
"VobSub" = VobSub v2.23 (Remove Only)
"VoxCiter_VST_2.02" = VoxCiter VST 2.02
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Warp VST V1.0" = Warp VST V1.0
"WaveLabPro" = WaveLab 6
"Waves Mercury Complete VST DX RTAS_is1" = Waves Mercury Complete VST DX RTAS v1.01
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Yamaha Pitch Fix VST v1.02" = Yamaha Pitch Fix VST v1.02

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4069033342-1913383472-2393234615-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BeyondCompare3_is1" = Beyond Compare Version 3.1.10
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Application Detect

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/07/2010 10:08:52 | Computer Name = GRATTITUDE | Source = MsiInstaller | ID = 11335
Description = Product: Adobe After Effects CS3 Third Party Content -- Error 1335.The
cabinet file 'AdobeAfterEffects8ProtectedAll1.cab' required for this installation
is corrupt and cannot be used. This could indicate a network error, an error reading
from the CD-ROM, or a problem with this package.

Error - 28/07/2010 10:12:44 | Computer Name = GRATTITUDE | Source = Application Error | ID = 1000
Description = Faulting application adobe premiere pro.exe, version 3.2.0.0, faulting
module sylenth1 peace won't be out.dll, version 2.2.0.2, fault address 0x0005a8f8.

Error - 28/07/2010 10:17:20 | Computer Name = GRATTITUDE | Source = Application Error | ID = 1000
Description = Faulting application cubase5.exe, version 5.1.0.105, faulting module
vstplugmanager.dll, version 2.0.0.87, fault address 0x000039b8.

Error - 03/08/2010 05:47:02 | Computer Name = GRATTITUDE | Source = PC-Doctor | ID = 1
Description =

Error - 03/08/2010 06:32:14 | Computer Name = GRATTITUDE | Source = Application Error | ID = 1000
Description = Faulting application cubase5.exe, version 5.1.0.105, faulting module
vstplugmanager.dll, version 2.0.0.87, fault address 0x000039b8.

Error - 04/08/2010 09:48:55 | Computer Name = GRATTITUDE | Source = MsiInstaller | ID = 11310
Description = Product: Adobe Reader 8.2.0 -- Error 1310.Error writing to file: C:\Config.Msi\21b602.rbf.
System error 5. Verify that you have access to that directory.

Error - 04/08/2010 09:51:24 | Computer Name = GRATTITUDE | Source = MsiInstaller | ID = 11304
Description = Product: Adobe Reader 9.3.3 -- Error 1304.Error writing to file C:\Config.Msi\PFCF.tmp.
Verify that you have access to that directory.

Error - 04/08/2010 09:51:30 | Computer Name = GRATTITUDE | Source = MsiInstaller | ID = 11304
Description = Product: Adobe Reader 9.3.3 -- Error 1304.Error writing to file C:\Config.Msi\PF124.tmp.
Verify that you have access to that directory.

Error - 04/08/2010 09:53:54 | Computer Name = GRATTITUDE | Source = Application Error | ID = 1000
Description = Faulting application cubase5.exe, version 5.1.0.105, faulting module
ntdll.dll, version 5.1.2600.3264, fault address 0x000109f9.

Error - 04/08/2010 16:27:03 | Computer Name = GRATTITUDE | Source = Application Error | ID = 1000
Description = Faulting application cubase5.exe, version 5.1.0.105, faulting module
cubase5.exe, version 5.1.0.105, fault address 0x00979fdf.

[ System Events ]
Error - 04/08/2010 09:10:21 | Computer Name = GRATTITUDE | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 04/08/2010 09:56:04 | Computer Name = GRATTITUDE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 04/08/2010 09:56:10 | Computer Name = GRATTITUDE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 04/08/2010 09:57:22 | Computer Name = GRATTITUDE | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%20

Error - 04/08/2010 09:57:22 | Computer Name = GRATTITUDE | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058

Error - 04/08/2010 17:15:01 | Computer Name = GRATTITUDE | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FIDPCIDRV\0000 disappeared from the system
without first being prepared for removal.

Error - 05/08/2010 04:38:14 | Computer Name = GRATTITUDE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 05/08/2010 04:38:18 | Computer Name = GRATTITUDE | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 05/08/2010 04:39:31 | Computer Name = GRATTITUDE | Source = Service Control Manager | ID = 7000
Description = The Nsynas32 service failed to start due to the following error: %%20

Error - 05/08/2010 04:39:31 | Computer Name = GRATTITUDE | Source = Service Control Manager | ID = 7001
Description = The Windows Service Pack Installer update service service depends
on the Security Accounts Manager service which failed to start because of the following
error: %%1058


< End of report >

***************

I'm having difficulties running GMER. I will try to run it from safe mode as you suggest & see what happens.....

Michael.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:09:20 AM

Posted 05 August 2010 - 09:48 AM

Hi Michael, your OTL log looks completely clean.

Of course that doesn't always mean there is no malware, so for me its important to know what actual problems you are still having.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:09:20 AM

Posted 16 August 2010 - 06:56 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
    •  
  • Gender:Female
  • Location:Romania
  • Local time:09:20 AM

Posted 30 August 2010 - 08:24 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·