Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus + possible additional malware that prevents from Google services to load


  • This topic is locked This topic is locked
19 replies to this topic

#1 Ithacuse

Ithacuse

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:18 PM

Posted 19 August 2010 - 07:01 PM

Hello

Thank you in advance for your help!

Here is my situation...

Other than the known Google redirect problem (google results aren't what they seem to be) that I've been experiencing in the past few days, I also seem to have a problem with loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem. These Google services I've mentioned simply won't load for me. In Gmail, the login screen appears fine but when I enter my username and password, it takes me to the "Loading myaddress@gmail.com..." and just tries to load it for a very long time until finally it says that I have a network problem.
Also, I noticed that when I click the "Sign In" button on the Gmail login screen, the status bar on the bottom says: "Transferring data from secariadna.com..." which looks very suspicious to me (I can provide a screenshot of this if requested). The other services (maps, reader, translate) just won't load. For example, when I open a new tab and click on my google maps bookmark (for example) the window remains white and it keeps displaying: "Transferring data from maps.google.com" in the status bar. Sometimes after a long time of loading, the map would eventually manage to load. I also have to note that picasaweb loads without a problem in FF, although it also displays "Transferring data from secariadna.com..." in the status bar.
As I've already mentioned, all these services work perfectly fine in Chrome and IE. Firefox is my primary browser and is probably the one I caught this infection with cold.gif .
Now to the more technical details:
I have Windows XP SP3
So far I have used the following software to try clean my computer up:
Symantec Endpoint Protection
Malwarebytes' Anti-Malware
Emsisoft Anti-Malware
Spybot Search & Destroy

What do you think I should do to deal both with the Google redirect virus and with whatever is causing my other Google related problems?

Here's my DSS.txt log, other logs are attached.
--------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Veronica at 17:30:31.53 on Thu 08/19/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.2022.1044 [GMT -4:00]

AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SafeConnect\scManager.sys
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Gmail Notifier\gnotify.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\Java\SDK\jdk\bin\javaw.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Veronica\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ynet.co.il/
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\veronica\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [{7C059AEE-2E25-F3A7-9DA3-62B77234FF13}] "c:\documents and settings\veronica\application data\yply\suveu.exe"
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TpShocks] TpShocks.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\gmail notifier\gnotify.exe
mRun: [\\jeka\EPSON Stylus C48 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i091.exe /p30 "\\jeka\EPSON Stylus C48 Series" /O6 "USB001" /M "Stylus C48"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\veronica\startm~1\programs\startup\pidgin.lnk - c:\program files\pidgin\pidgin.exe
StartupFolder: c:\docume~1\veronica\startm~1\programs\startup\sdktra~1.lnk - c:\program files\java\sdk\jdk\bin\javaw.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxp://www-307.ibm.com/pc/support/IbmEgath.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
LSA: Notification Packages = scecli ACGina

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\veronica\applic~1\mozilla\firefox\profiles\7q545ey2.default\
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\veronica\application data\mozilla\firefox\profiles\7q545ey2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\veronica\application data\mozilla\firefox\profiles\7q545ey2.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - component: c:\documents and settings\veronica\application data\mozilla\firefox\profiles\7q545ey2.default\extensions\zoterowinwordintegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: c:\documents and settings\veronica\application data\mozilla\firefox\profiles\7q545ey2.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\veronica\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\veronica\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\veronica\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npsview.dll
FF - plugin: c:\program files\real\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {85D4C535-C0B1-4CA1-BD9D-6FE9F2C50E20} - c:\documents and settings\veronica\local settings\application data\{85D4C535-C0B1-4CA1-BD9D-6FE9F2C50E20}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2007-10-16 19504]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-8-18 1935656]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-4-29 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-4-29 108392]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-1-4 47640]
R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2008-4-29 2234296]
R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\lenovo\rescue and recovery\rrpservice.exe [2007-2-8 569344]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-8-18 71008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-5 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100819.003\NAVENG.SYS [2010-8-19 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100819.003\NAVEX15.SYS [2010-8-19 1362608]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2007-5-22 30336]
S2 gupdate1c9aa885bee94aa;Google Update Service (gupdate1c9aa885bee94aa);c:\program files\google\update\GoogleUpdate.exe [2009-3-21 133104]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\logmein\x86\rainfo.sys --> c:\program files\logmein\x86\RaInfo.sys [?]
S2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2008-12-15 46824]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-4-29 23888]
S3 PolyAnalyst6Server;PolyAnalyst 6.0 Server;c:\program files\megaputer intelligence\polyanalyst 6.0\bin\rServer.exe [2010-4-22 1402368]
S3 PolyAnalyst6ServerMonitor;PolyAnalyst 6 Server Monitor;c:\program files\megaputer intelligence\polyanalyst 6.0\bin\rserver-monitor.exe [2010-4-22 87040]
S3 Tomcat6;Apache Tomcat;c:\program files\apache software foundation\tomcat 6.0\bin\tomcat6.exe [2008-7-21 57344]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-08-19 03:45:18 1312 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-19 03:35:35 0 d-----w- c:\program files\common files\iS3
2010-08-19 03:35:34 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-08-18 20:24:02 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-08-18 19:14:25 0 d-----w- c:\docume~1\veronica\applic~1\Malwarebytes
2010-08-18 19:13:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-18 19:13:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-18 19:13:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-18 19:13:11 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 03:26:25 120 ----a-w- c:\windows\Rgoju.dat
2010-08-14 03:26:25 0 ----a-w- c:\windows\Mcetetekolasihi.bin
2010-08-06 04:01:46 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-06 04:01:46 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-08-06 04:00:37 0 d-----w- c:\program files\iPod
2010-08-06 04:00:25 0 d-----w- c:\program files\iTunes
2010-08-05 23:07:56 0 d-----w- c:\windows\system32\tempdir
2010-08-05 23:07:53 4369408 ----a-w- c:\windows\system32\pdftk.exe
2010-08-05 23:07:53 1503232 ----a-w- c:\windows\system32\ptj.exe
2010-08-05 23:07:53 1103360 ----a-w- c:\windows\system32\cidfont.dll
2010-08-05 23:07:52 235008 ----a-w- c:\windows\system32\office.exe
2010-08-05 23:07:52 0 d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free
2010-08-02 18:13:48 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-08-02 18:13:48 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-29 16:39:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-24 21:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 17:54:06 68052 ------w- c:\windows\system32\mlfcache.dat
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2010-06-03 02:41:44 3600384 ------w- c:\windows\system32\GPhotos.scr

============= FINISH: 17:31:56.21 ===============


Thank you for all your help,
Veronica

Attached Files


Edited by Ithacuse, 19 August 2010 - 08:15 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:18 PM

Posted 26 August 2010 - 07:12 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Ithacuse

Ithacuse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:18 PM

Posted 26 August 2010 - 09:54 AM

Hello myrti !!!

Thank you very much for your help!

I haven't done much since my first post and the problem still persists. As I said in my first post, my problem is mainly with FF, where I have a google redirect issue and problems loading google products/services such as Gmail, google maps, google reader, iGoogle, and google translate in Firefox. I don't know if the Google redirect virus is somehow related to this problem.

About a week ago (just before I posted my first post here) I ran the following tools:
Symantec Endpoint Protection
Malwarebytes' Anti-Malware
Emsisoft Anti-Malware
Spybot Search & Destroy
But I haven't run anything else ever since.

I am pasting the contents of OTL.txt and Extra.txt below. I wasn't sure if you needed me to post DSS.txt and Attach.txt again but just in case I ran DDS again this morning and have attached them to this message. I also tried running GMER again but got the "blue screen of death" somewhere in the middle of the process and decided to leave it alone for now. Please tell me if you need it.


Here are the reports:
OTL.txt:
-----------------------------------
OTL logfile created on: 8/26/2010 9:25:08 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Veronica\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.07 Gb Total Space | 49.16 Gb Free Space | 46.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VERONICALAPTOP
Current User Name: Veronica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/26 09:23:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veronica\Desktop\OTL.exe
PRC - [2010/08/17 21:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/07/30 10:29:05 | 000,174,432 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\scManager.sys
PRC - [2010/07/28 15:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/06/11 16:21:16 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/20 23:44:02 | 012,978,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2010/03/18 23:10:07 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/01/14 15:35:01 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2010/01/04 12:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe
PRC - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) -- C:\Program Files\Xobni\XobniService.exe
PRC - [2009/09/05 19:43:26 | 000,045,091 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe
PRC - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/06/09 22:08:37 | 000,053,346 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\SDK\jdk\bin\javaw.exe
PRC - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/05/26 15:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/24 17:08:08 | 000,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/04/29 16:11:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/29 16:11:28 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/04/29 16:11:26 | 001,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/04/29 16:11:24 | 002,475,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/04/29 16:11:24 | 002,234,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 11:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/11/29 14:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/11/22 18:09:26 | 000,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2007/10/16 21:33:00 | 000,037,424 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2007/09/06 21:27:44 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2007/08/03 19:35:38 | 002,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007/08/03 19:19:08 | 000,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/08/03 19:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 06:07:42 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/05/31 06:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/04/26 13:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2007/04/09 03:23:56 | 001,015,808 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/03/28 13:32:00 | 000,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2007/03/09 01:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 00:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/02/27 20:43:30 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007/02/27 20:41:50 | 001,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 16:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2007/02/08 16:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/28 22:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/03 21:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/26 13:45:04 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WISPTIS.EXE
PRC - [2006/09/06 03:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 19:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/02 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/15 17:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Gmail Notifier\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/08/26 09:23:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veronica\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/07/05 06:07:36 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2007/02/27 20:48:08 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2007/02/27 20:45:10 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2007/01/25 02:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/30 10:29:05 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Running] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2010/07/28 15:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/20 00:48:00 | 001,402,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Megaputer Intelligence\PolyAnalyst 6.0\Bin\rServer.exe -- (PolyAnalyst6Server)
SRV - [2010/03/19 22:40:06 | 000,087,040 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Megaputer Intelligence\PolyAnalyst 6.0\Bin\rserver-monitor.exe -- (PolyAnalyst6ServerMonitor)
SRV - [2010/03/01 13:18:40 | 000,243,048 | ---- | M] (Lenovo ) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/03/01 13:18:38 | 000,103,784 | ---- | M] (Lenovo ) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2009/11/13 14:09:34 | 000,046,824 | ---- | M] (Xobni Corporation) [Auto | Running] -- C:\Program Files\Xobni\XobniService.exe -- (XobniService)
SRV - [2009/06/12 10:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/05/26 15:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/03/24 17:08:08 | 000,475,220 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (acs)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/07/21 20:01:12 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2008/04/29 16:11:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/04/29 16:11:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/04/29 16:11:26 | 000,288,136 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/04/29 16:11:24 | 002,475,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/04/29 16:11:24 | 002,234,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/03/04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/10/16 21:33:00 | 000,037,424 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007/08/11 23:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2007/08/03 19:19:08 | 000,722,232 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/08/03 19:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/05/31 06:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/02/27 20:35:04 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2007/02/08 16:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 16:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/02/08 14:40:16 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/05/24 00:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/01/05 01:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/06 21:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\tvtpktfilter.sys -- (TVTPktFilter)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaInfo.sys -- (LMIInfo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211)
DRV - [2010/07/14 04:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100825.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/14 04:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100825.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/29 12:39:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/06/28 14:13:32 | 000,071,008 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/06/01 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/01 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/02 10:32:37 | 000,030,144 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2008/11/05 19:09:50 | 001,343,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/10/16 21:35:58 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/07/30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/24 19:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/01 04:47:45 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/06/24 19:12:28 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/06/24 19:11:29 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/04/29 16:11:30 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/04/29 16:11:30 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/04/29 16:11:30 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/04/29 16:11:18 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/04/29 16:11:18 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/04/29 16:11:16 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/08 09:46:36 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/12/06 12:22:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2007/11/29 14:04:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/10/16 21:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007/10/16 21:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2007/08/08 21:28:50 | 005,765,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/08/08 07:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/29 22:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/29 21:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/05 06:02:40 | 000,177,664 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/31 06:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/05/22 18:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/05/11 17:31:22 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/10 21:58:40 | 000,252,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/04/13 00:08:26 | 000,306,176 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/02/27 05:02:00 | 000,868,042 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/16 18:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/01/24 05:33:00 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/01/24 05:27:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/21 22:56:00 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 22:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 22:55:00 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/11/06 04:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/22 21:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/10/15 02:01:00 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2006/10/09 10:00:00 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/06/29 17:11:08 | 000,011,712 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2006/03/01 06:30:00 | 000,089,472 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2006/02/02 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 08:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/11/18 15:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 15:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/18 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/05/17 13:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/08/03 18:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 17:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 17:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 17:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 17:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 17:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 16:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 16:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 16:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 16:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 16:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 16:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 16:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 16:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 16:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 16:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 08:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3376925744-399821764-1557356031-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3376925744-399821764-1557356031-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/
IE - HKU\S-1-5-21-3376925744-399821764-1557356031-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3376925744-399821764-1557356031-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.8
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.3
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0a4
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.92.20100607
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.4
FF - prefs.js..extensions.enabledItems: {85D4C535-C0B1-4CA1-BD9D-6FE9F2C50E20}:1.9.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\browserrecord [2008/11/25 23:48:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 10:11:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{85D4C535-C0B1-4CA1-BD9D-6FE9F2C50E20}: C:\Documents and Settings\Veronica\Local Settings\Application Data\{85D4C535-C0B1-4CA1-BD9D-6FE9F2C50E20} [2010/08/13 23:26:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/18 19:06:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/18 18:39:25 | 000,000,000 | ---D | M]

[2008/07/01 05:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Extensions
[2010/08/23 12:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions
[2010/07/21 17:35:11 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/05/06 18:07:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/11 15:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/08/01 22:03:26 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/07 17:36:46 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/07/07 17:36:30 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/07/07 17:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\ietab@ip.cn
[2010/07/07 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\twitternotifier@naan.net
[2010/05/06 18:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\zotero@chnm.gmu.edu
[2010/07/07 17:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\zoteroWinWordIntegration@zotero.org
[2010/01/21 20:58:02 | 000,002,172 | ---- | M] () -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\searchplugins\bing.xml
[2010/01/21 20:57:45 | 000,002,714 | ---- | M] () -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\searchplugins\cuil.xml
[2008/10/19 14:16:27 | 000,005,411 | ---- | M] () -- C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\searchplugins\i-search-u-pay.xml
[2010/08/19 19:58:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/15 16:30:03 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2006/01/10 12:24:48 | 000,626,688 | ---- | M] (SwiftView, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npsview.dll

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File not found
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [\\jeka\EPSON Stylus C48 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I091.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe File not found
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKU\S-1-5-21-3376925744-399821764-1557356031-1008..\Run: [{7C059AEE-2E25-F3A7-9DA3-62B77234FF13}] C:\Documents and Settings\Veronica\Application Data\Yply\suveu.exe File not found
O4 - HKU\S-1-5-21-3376925744-399821764-1557356031-1008..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
O4 - Startup: C:\Documents and Settings\Veronica\Start Menu\Programs\Startup\Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Documents and Settings\Veronica\Start Menu\Programs\Startup\SDK Tray Menu.lnk = C:\Program Files\Java\SDK\jdk\bin\javaw.exe (Sun Microsystems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3376925744-399821764-1557356031-1008\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3376925744-399821764-1557356031-1008\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3376925744-399821764-1557356031-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.com/pc/support/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Veronica\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 03:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2b09d952-4646-11df-bca6-001fe2d62751}\Shell\AutoRun\command - "" = wscript.exe Deploy\Scripts\BDD_AutoRun.wsf
O33 - MountPoints2\{9a2cd657-c212-11dd-bc22-001fe1bfa7f5}\Shell - "" = AutoRun
O33 - MountPoints2\{9a2cd657-c212-11dd-bc22-001fe1bfa7f5}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a2cd657-c212-11dd-bc22-001fe1bfa7f5}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Documents and Settings^Veronica^Start Menu^Programs^Startup^Bank Hapoalim Widget.lnk - C:\Program Files\bh\Bank Hapoalim Widget\Bank Hapoalim Widget.exe - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: ccEvtMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: ccSetMgr - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: Symantec Antivirus - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SafeBootMin: Symantec Antvirus - Service
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DB15EF13-C224-E422-CB1F-ADF8617BDA53} - Internet Explorer
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/26 09:23:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Veronica\Desktop\OTL.exe
[2010/08/18 23:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/08/18 16:24:02 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/08/18 16:24:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veronica\My Documents\Anti-Malware
[2010/08/18 15:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veronica\Application Data\Malwarebytes
[2010/08/18 15:13:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/18 15:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/18 15:13:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/18 15:13:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/13 23:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Veronica\Local Settings\Application Data\{85D4C535-C0B1-4CA1-BD9D-6FE9F2C50E20}
[2010/08/06 00:01:46 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/08/06 00:00:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/06 00:00:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/05 19:07:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tempdir
[2010/08/05 19:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\office Convert Pdf to Jpg Jpeg Tiff Free
[2010/08/02 14:13:48 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/06/24 18:53:19 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/06/24 18:53:19 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/26 09:23:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Veronica\Desktop\OTL.exe
[2010/08/26 09:15:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/25 23:15:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/25 22:57:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3376925744-399821764-1557356031-1008UA.job
[2010/08/25 16:54:42 | 000,011,462 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\הפועלים מקמ.xlsx
[2010/08/25 15:29:10 | 000,004,088 | ---- | M] () -- C:\WINDOWS\mozy.blk
[2010/08/25 15:29:10 | 000,001,304 | ---- | M] () -- C:\WINDOWS\mozy.flt
[2010/08/25 14:57:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3376925744-399821764-1557356031-1008Core.job
[2010/08/24 20:00:02 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2010/08/23 21:57:34 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\Veronica\Desktop\Google Chrome.lnk
[2010/08/23 13:50:54 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Veronica\NTUSER.DAT
[2010/08/20 11:28:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/19 19:16:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/19 19:16:08 | 000,025,312 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/08/19 19:11:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/08/19 19:10:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/19 19:10:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/19 19:10:27 | 2120,527,872 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 15:05:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Veronica\ntuser.ini
[2010/08/19 12:23:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Veronica\Desktop\dds.scr
[2010/08/18 23:45:30 | 000,001,312 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/18 18:39:28 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Veronica\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/18 18:39:28 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/18 16:24:20 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/08/18 15:42:23 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Rgoju.dat
[2010/08/18 15:32:43 | 000,000,198 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/08/18 15:13:58 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/18 11:58:24 | 000,182,784 | ---- | M] () -- C:\Documents and Settings\Veronica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/18 11:04:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Mcetetekolasihi.bin
[2010/08/13 16:09:21 | 000,271,360 | ---- | M] () -- C:\Documents and Settings\Veronica\Desktop\bscards08132010.pst
[2010/08/13 14:57:13 | 000,333,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 09:08:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 09:05:56 | 000,572,742 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 09:05:56 | 000,491,906 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 09:05:56 | 000,090,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/09 23:17:54 | 000,026,588 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\7 Reasons.docx
[2010/08/09 15:41:47 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\Graph.xls
[2010/08/08 21:00:00 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010/08/07 18:07:05 | 000,537,800 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\vlcsnap-16217895.png
[2010/08/07 18:01:20 | 001,342,387 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\IMG_1208.JPG
[2010/08/07 17:52:47 | 001,907,367 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\IMG_1284.JPG
[2010/08/06 00:01:53 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/05 19:15:50 | 000,019,432 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\Signature - Veronica.jpg
[2010/08/05 19:07:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Veronica\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2010/08/01 14:42:25 | 000,027,474 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\2010-08-JennyMaidelScholarshipLetter.docx
[2010/08/01 12:28:09 | 000,361,112 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\Video call snapshot 6.png
[2010/08/01 10:33:24 | 000,021,352 | ---- | M] () -- C:\Documents and Settings\Veronica\My Documents\Dear Rzepka.docx
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/19 17:33:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Veronica\Desktop\gmer.exe
[2010/08/19 17:30:28 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Veronica\Desktop\dds.scr
[2010/08/18 23:45:18 | 000,001,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2010/08/18 18:39:28 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\Veronica\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/18 18:39:28 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/18 16:24:20 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/08/18 15:13:58 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/13 23:26:25 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Rgoju.dat
[2010/08/13 23:26:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mcetetekolasihi.bin
[2010/08/13 16:03:03 | 000,271,360 | ---- | C] () -- C:\Documents and Settings\Veronica\Desktop\bscards08132010.pst
[2010/08/09 23:06:51 | 000,026,588 | ---- | C] () -- C:\Documents and Settings\Veronica\My Documents\7 Reasons.docx
[2010/08/07 18:06:33 | 000,537,800 | ---- | C] () -- C:\Documents and Settings\Veronica\My Documents\vlcsnap-16217895.png
[2010/08/07 18:00:13 | 001,342,387 | ---- | C] () -- C:\Documents and Settings\Veronica\My Documents\IMG_1208.JPG
[2010/08/07 17:51:22 | 001,907,367 | ---- | C] () -- C:\Documents and Settings\Veronica\My Documents\IMG_1284.JPG
[2010/08/06 00:01:53 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/05 19:07:57 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Veronica\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2010/08/05 19:07:53 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/08/05 19:07:53 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/08/05 19:07:53 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/08/05 19:07:52 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe
[2010/08/05 13:48:13 | 000,019,432 | ---- | C] () -- C:\Documents and Settings\Veronica\My Documents\Signature - Veronica.jpg
[2010/08/03 10:18:59 | 000,099,840 | ---- | C] () -- C:\Documents and Settings\Veronica\My Documents\Graph.xls
[2010/08/01 14:34:06 | 000,027,474 | ---- | C] () -- C:\Documents and Settings\Veronica\My Documents\2010-08-JennyMaidelScholarshipLetter.docx
[2010/08/01 12:27:48 | 000,361,112 | ---- | C] () -- C:\Documents and Settings\Veronica\My Documents\Video call snapshot 6.png
[2010/08/01 10:33:23 | 000,021,352 | ---- | C] () -- C:\Documents and Settings\Veronica\My Documents\Dear Rzepka.docx
[2010/07/06 19:54:42 | 000,038,510 | ---- | C] () -- C:\Documents and Settings\Veronica\Application Data\Comma Separated Values (Windows).ADR
[2010/06/29 12:39:29 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/04/15 00:12:51 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2010/04/15 00:12:50 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/04/15 00:12:50 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/04/12 00:04:38 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2009/12/05 07:10:04 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\xobni_installer_updater.log
[2009/10/08 09:06:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/07/15 18:43:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2009/07/09 18:27:37 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Veronica\Local Settings\Application Data\fusioncache.dat
[2009/06/09 21:31:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/03/30 20:27:53 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/30 20:27:53 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/30 20:27:53 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDIFOFilter.dll
[2009/03/15 13:28:55 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/03/15 13:28:55 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/02/13 23:20:23 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\Veronica\Application Data\xobni_install.log
[2008/12/29 12:53:36 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/29 19:45:57 | 000,000,103 | ---- | C] () -- C:\WINDOWS\pro.INI
[2008/08/29 21:58:11 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Veronica\Application Data\$_hpcst$.hpc
[2008/08/26 11:30:54 | 000,000,014 | ---- | C] () -- C:\WINDOWS\hpmssnpjt.ini
[2008/08/24 21:22:43 | 000,000,114 | ---- | C] () -- C:\WINDOWS\sview.ini
[2008/08/24 21:22:26 | 000,131,072 | -H-- | C] () -- C:\Documents and Settings\Veronica\Application Data\svfiles.log
[2008/08/20 11:36:05 | 000,011,340 | ---- | C] () -- C:\WINDOWS\System32\notepad.ini
[2008/08/02 15:42:42 | 000,182,784 | ---- | C] () -- C:\Documents and Settings\Veronica\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/24 19:32:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/24 19:04:40 | 000,000,198 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/24 19:04:00 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/06/24 19:04:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/06/24 19:04:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/06/24 19:04:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/06/24 19:04:00 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/06/24 19:04:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/06/24 18:56:44 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/06/24 18:56:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4860.dll
[2008/06/24 18:54:56 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/06/24 18:53:20 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/06/24 18:53:20 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2008/06/24 18:53:07 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008/06/24 18:51:51 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2007/07/27 02:37:40 | 000,025,312 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/07/27 02:37:29 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/05/11 16:12:54 | 000,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/02/27 20:48:38 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/02/27 20:29:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/01/16 11:12:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/05 17:20:36 | 000,079,400 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 03:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 03:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/17 14:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 14:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 15:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/31 14:14:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/31 14:14:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 02:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/31 14:14:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/31 14:14:49 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/04/03 06:39:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009/05/24 13:21:06 | 000,028,797 | R--- | M] () MD5=B892CA7A130D249704E61391C4948073 -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2007/02/12 00:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[2009/03/07 16:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/07 16:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/08/17 11:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[2008/04/29 16:11:34 | 000,048,000 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2008/04/29 16:11:34 | 000,107,904 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/06/29 12:39:30 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2008/04/29 16:11:28 | 000,038,632 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WGX.SYS

< %systemroot%\System32\config\*.sav >
[2006/04/29 20:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/29 20:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/29 20:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/06/29 12:39:30 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys
[2010/06/21 11:27:11 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys

========== Files - Unicode (All) ==========
[2010/04/30 12:21:16 | 000,400,896 | ---- | C] ()(C:\Documents and Settings\Veronica\My Documents\? ??? ??? ??? ? 6 ???????.doc) -- C:\Documents and Settings\Veronica\My Documents\И так нам год и 6 месяцев.doc
[2010/04/30 12:21:10 | 000,400,896 | ---- | M] ()(C:\Documents and Settings\Veronica\My Documents\? ??? ??? ??? ? 6 ???????.doc) -- C:\Documents and Settings\Veronica\My Documents\И так нам год и 6 месяцев.doc
[2010/04/28 10:50:24 | 000,179,712 | ---- | M] ()(C:\Documents and Settings\Veronica\My Documents\? ??? ??? ??? ? 3 ??????.doc) -- C:\Documents and Settings\Veronica\My Documents\И так нам год и 3 месяца.doc
[2010/04/28 10:50:21 | 000,179,712 | ---- | C] ()(C:\Documents and Settings\Veronica\My Documents\? ??? ??? ??? ? 3 ??????.doc) -- C:\Documents and Settings\Veronica\My Documents\И так нам год и 3 месяца.doc
< End of report >

Extras.txt:
------------------------------------------------------
OTL Extras logfile created on: 8/26/2010 9:25:08 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Veronica\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.07 Gb Total Space | 49.16 Gb Free Space | 46.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VERONICALAPTOP
Current User Name: Veronica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3376925744-399821764-1557356031-1008\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"2799:UDP" = 2799:UDP:*:Enabled:Altova License Metering Port (UDP)
"2799:TCP" = 2799:TCP:*:Enabled:Altova License Metering Port (TCP)
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe" = C:\Program Files\Reallusion\CrazyTalk for Skype\CT4Skype.exe:*:Enabled:CrazyTalk -- File not found
"C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Veronica\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- File not found
"C:\Program Files\SPSSInc\Statistics17\statistics.exe" = C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe -- File not found
"C:\Program Files\SPSSInc\Statistics17\statistics.com" = C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com -- File not found
"C:\Documents and Settings\Veronica\Local Settings\Temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe" = C:\Documents and Settings\Veronica\Local Settings\Temp\java_ee_sdk-5_01-windows.exe2\package\jre\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\SDK\jdk\bin\java.exe" = C:\Program Files\Java\SDK\jdk\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\VideoLAN\vlc.exe" = C:\Program Files\VideoLAN\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe" = C:\Program Files\Sprite Software\Sprite Backup\spriteservice.exe:*:Enabled:Sprite PC Service -- File not found
"C:\Program Files\StationRipper\StationRipperConsole.exe" = C:\Program Files\StationRipper\StationRipperConsole.exe:*:Enabled:StationRipperConsole -- File not found
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.com:*:Disabled:Statistics18:com -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe" = C:\Program Files\SPSSInc\PASWStatistics18\paswstat.exe:*:Disabled:Statistics18:exe -- (SPSS Inc.)
"C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe" = C:\Program Files\SPSSInc\PASWStatistics18\WinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor -- (SPSS Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01D76D8E-A496-4870-8357-87C6D2B5E807}" = MySQL Server 5.1
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup
"{896A28CF-169C-4028-9968-E236ED4D3904}" = PolyAnalyst 6.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC069E7-893C-41E1-9442-DE89FEC33371}" = Xobni Core
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F70C2B4F-B6BF-4BB0-B67A-7ECD589181C5}" = MySQL Tools for 5.0
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FD025150-EEA0-4CAC-BED1-B9837783FCC8}" = ActivePerl 5.10.0 Build 1005
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alligator Flash Designer 6" = Alligator Flash Designer 6 (6.0.0.2)
"Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only)
"Audacity_is1" = Audacity 1.2.6
"AwayTask" = Maintenance Manager
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"doPDF 6 printer_is1" = doPDF 6.1 printer
"E.M. Magic Swf2Avi 2008_is1" = E.M. Magic Swf2Avi 2008 build 5.0.7.1225
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.0.1
"Foxit Reader" = Foxit Reader
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GSview 4.9" = GSview 4.9
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Java Platform, Enterprise Edition 5 SDK" = Java Platform, Enterprise Edition 5 SDK
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"LIWC2007_is1" = LIWC2007 version 1.08
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"nbi-nb-base-6.7.1.0.0" = NetBeans IDE 6.7.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"OnScreenDisplay" = On Screen Display
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer
"Remove Multimedia Center" = Remove Multimedia Center
"SafeConnect" = SafeConnect
"Skype™ for Pocket PC_is1" = Skype™ for Pocket PC 2.1
"SQLyog Community" = SQLyog Community 7.15
"SwiftView" = SwiftView Viewer
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Tipard Video Converter_is1" = Tipard Video Converter
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"VLC media player" = VLC media player 1.0.5
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"XobniMain" = Xobni

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3376925744-399821764-1557356031-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Lemur" = Lemur
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2010 11:43:59 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17609

Error - 8/25/2010 11:44:01 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2010 11:44:01 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19563

Error - 8/25/2010 11:44:01 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19563

Error - 8/25/2010 11:44:03 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2010 11:44:03 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21516

Error - 8/25/2010 11:44:03 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21516

Error - 8/25/2010 11:44:05 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/25/2010 11:44:05 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23500

Error - 8/25/2010 11:44:05 PM | Computer Name = VERONICALAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23500

[ Lenovo-Message Center Plus/Admin Events ]
Error - 3/24/2010 1:38:19 AM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 4/27/2010 12:58:17 PM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 4/27/2010 5:47:11 PM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 4/27/2010 9:48:44 PM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 4/28/2010 8:24:12 AM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 4/28/2010 12:25:15 PM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 4/28/2010 4:27:11 PM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 4/28/2010 8:39:29 PM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 2
Description = Object reference not set to an instance of an object. -> Exception
message: Object reference not set to an instance of an object.

Error - 8/3/2010 10:48:48 PM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
file size of the file on the server

Error - 8/3/2010 10:48:49 PM | Computer Name = VERONICALAPTOP | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\access.do
does not have a Lenovo Digital Signature. The file will be deleted

[ OSession Events ]
Error - 11/3/2008 12:09:29 AM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 308996
seconds with 3540 seconds of active time. This session ended with a crash.

Error - 12/1/2008 12:34:54 AM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 208450
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 1/23/2009 1:13:19 PM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 271256
seconds with 10320 seconds of active time. This session ended with a crash.

Error - 2/23/2009 12:23:56 PM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8912
seconds with 1620 seconds of active time. This session ended with a crash.

Error - 3/22/2009 11:22:27 PM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 382296
seconds with 14580 seconds of active time. This session ended with a crash.

Error - 10/8/2009 12:15:33 PM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 101846
seconds with 6300 seconds of active time. This session ended with a crash.

Error - 10/20/2009 9:55:10 AM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 345023
seconds with 3180 seconds of active time. This session ended with a crash.

Error - 11/27/2009 3:12:00 AM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 87935
seconds with 180 seconds of active time. This session ended with a crash.

Error - 12/11/2009 4:29:19 AM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94741
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 4/22/2010 2:34:26 PM | Computer Name = VERONICALAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/22/2010 9:24:40 PM | Computer Name = VERONICALAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.109 on
the Network Card with network address 001FE2D62751.

Error - 8/23/2010 11:56:59 AM | Computer Name = VERONICALAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.109 for the Network Card with network
address 001FE2D62751 has been denied by the DHCP server 149.119.192.1 (The DHCP
Server sent a DHCPNACK message).

Error - 8/23/2010 4:48:28 PM | Computer Name = VERONICALAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 149.119.221.252
on the Network Card with network address 001FE2D62751.

Error - 8/23/2010 4:50:02 PM | Computer Name = VERONICALAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 8/24/2010 9:08:00 AM | Computer Name = VERONICALAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 8/25/2010 9:51:06 AM | Computer Name = VERONICALAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 8/25/2010 9:51:46 AM | Computer Name = VERONICALAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 8/26/2010 9:08:46 AM | Computer Name = VERONICALAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 8/26/2010 9:09:25 AM | Computer Name = VERONICALAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.

Error - 8/26/2010 9:09:55 AM | Computer Name = VERONICALAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Symantec AntiVirus service.


< End of report >

Thank you again for all your help and please let me know what else I can do to assist in the process.
Veronica

Attached Files



#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:18 PM

Posted 26 August 2010 - 10:20 AM

Hi,

since gmer won't run let's try rootkit unhooker instead.

First of all please disable sptd by running defogger:
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Then run Rootkit Unhooker:

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Ithacuse

Ithacuse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:18 PM

Posted 26 August 2010 - 10:41 AM

Hello myrti

Here's the report generated by Rootkit Unhooker:


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x9D75B000 C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 9601024 bytes (-, USB2.0 PC Camera driver)
0xB77B6000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5767168 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1F2000 C:\WINDOWS\System32\igxpdx32.DLL 2732032 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1720320 bytes (Intel Corporation, Component GHAL Driver)
0x99C9C000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.002\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0xB75CC000 C:\WINDOWS\system32\DRIVERS\athw.sys 1347584 bytes (Atheros Communications, Inc., Driver for Atheros AR5008 Wireless Network Adapter)
0xA347A000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB7422000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 851968 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0x9C511000 C:\WINDOWS\System32\Drivers\dump_iaStor.sys 778240 bytes
0xB9E2F000 iaStor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xA33C7000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D43000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB6B5E000 C:\WINDOWS\system32\drivers\btaudio.sys 524288 bytes (Broadcom Corporation., Bluetooth Audio Device)
0x9C64A000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9C6E5000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 430080 bytes (Symantec Corporation, SPBBC Driver)
0x9C5EC000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB6CA9000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x9C80C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x9BBE3000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB7541000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xA3689000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 319488 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x99DE8000 C:\WINDOWS\System32\Drivers\SRTSP.SYS 299008 bytes (Symantec Corporation, Symantec AutoProtect)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB7761000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 5.2 deserialized driver)
0x9A8D3000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA356C000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB6D07000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x9C7DE000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 188416 bytes (Symantec Corporation, Network Dispatch Driver)
0x9C1E5000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D16000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB7515000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 180224 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x9C6BA000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB7715000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x9C790000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x9C7B8000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x9C8BF000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xB6AF6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB773D000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB74F2000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x9C76E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E0F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x9C5CF000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9CFA000 Apsx86.sys 114688 bytes (Lenovo., Shockproof Disk Driver)
0xB9CE0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA3671000 C:\WINDOWS\system32\drivers\AEAudio.sys 98304 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0x9C4E3000 C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 98304 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DD0000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB7030000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x9C4FB000 C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0x9C4CD000 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DE7000 DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)
0x9C378000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0x99C88000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100826.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB7593000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB75B8000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB77A2000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9C865000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0x9C898000 C:\WINDOWS\system32\DRIVERS\mozy.sys 77824 bytes (Mozy, Inc., Mozy Change Monitor Filter Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DFD000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB701F000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB75A7000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0xB7DC6000 C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys 65536 bytes (Emsi Software GmbH, Emsisoft Anti-Malware File Guard)
0xB7DB6000 C:\WINDOWS\System32\Drivers\btwusb.sys 65536 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices)
0xA2424000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB8BE2000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA138000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA108000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xA602E000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA218000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB8BD2000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0x9D0B9000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xA596E000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA1D8000 C:\WINDOWS\system32\DRIVERS\wsimd.sys 61440 bytes (Atheros Communications, Inc., Wireless Intermediate Miniport Driver)
0xBA118000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA0E8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB8C02000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB7D76000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xA51CF000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB7D56000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9D3C2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB8BF2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB7D66000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9CC54000 C:\WINDOWS\System32\Drivers\DRVNDDM.SYS 40960 bytes (Sonic Solutions, Device Driver Manager)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0x9C242000 C:\WINDOWS\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0xBA258000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA2C8000 C:\WINDOWS\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA198000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA0D8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA603E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB8C12000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA51EF000 C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)
0xB7D46000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA23B4000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x99B48000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xBA0F8000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x9CC64000 C:\WINDOWS\system32\DRIVERS\tvtfilter.sys 36864 bytes (Lenovo, Rescue and Recovery filter driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 ApsHM86.sys 32768 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xBA450000 C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 32768 bytes (Atmel, Inc., Atmel TPM Driver)
0xA60DB000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xA2046000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA4B0000 C:\WINDOWS\system32\DRIVERS\Tvti2c.sys 32768 bytes (Lenovo (United States) Inc., SMBUS Driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA358000 C:\WINDOWS\system32\DRIVERS\btport.sys 28672 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xA16DF000 C:\WINDOWS\System32\DLA\DLABOIOM.SYS 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA3C0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA16A7000 C:\WINDOWS\system32\DRIVERS\PROCDD.SYS 28672 bytes (Lenovo Group Limited, IPS Helper Driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\sncduvc.SYS 28672 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)
0xA4D57000 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 24576 bytes (Sonic Solutions, Shared Driver Component)
0xBA458000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA440000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA448000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0xA60E3000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0xBA3E0000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 24576 bytes
0xBA430000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA3087000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA3067000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA498000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA3077000 C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 20480 bytes (IBM Corporation, ThinkPad Hotkey Driver)
0x9CA5A000 C:\WINDOWS\System32\drivers\Tppwrif.sys 20480 bytes
0xBA370000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB950F000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA5F9E000 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB950B000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 16384 bytes (Lenovo., ThinkPad Power Management Driver)
0x9C1C5000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB9CBC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9E21D000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xA102C000 C:\WINDOWS\System32\drivers\ANC.SYS 12288 bytes (IBM Corp., IBM Access Connections - ANC)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB6911000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA5F7E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB9C0E000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0x9F3E4000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA58C000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA37ED000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA588000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xBA644000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5F6000 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA65E000 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5D4000 C:\WINDOWS\system32\EGATHDRV.SYS 8192 bytes (IBM Corporation, IBM eGatherer Kernel Module)
0x9CF0B000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5E4000 C:\WINDOWS\system32\Drivers\IBMBLDID.sys 8192 bytes
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA656000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5E6000 C:\WINDOWS\System32\drivers\pmemnt.sys 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xBA65A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5F4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA7EA000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA6DD000 C:\WINDOWS\System32\DLA\DLADResN.SYS 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA7FD000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7E9000 C:\WINDOWS\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
0x9CBB5000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Thank you in advance,
Veronica


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:18 PM

Posted 26 August 2010 - 10:48 AM

Hi,

this is looking surprisingly clean. Please run a scan with MBRCheck next:
Please download MBRCheck.exe to your desktop.
  1. Double click to run it
  2. It will prompt you with some text
  3. Left click on title bar (where program name and path is written)
  4. From menu chose Edit -> Select All
  5. Now just click Enter key on keyboard to copy selected text
  6. Now paste that text here for me.

Do you access the internet through a router? Do the redirects occurr in all browsers or only in a specific one?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Ithacuse

Ithacuse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:18 PM

Posted 26 August 2010 - 11:03 AM

Here are the MBRCheck results:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000014

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 35014F88481905DB5519FA1DBE034AFAC7A43612


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

I do use a router, but my Google related problems occur only in Firefox (not in Chrome or IE) and all the other computers that connect to the same router haven't had any problems at all.


[Edit]: Eventually I've managed to run GMER successfully so I'm attaching the log (ark.txt) to this post. Hope this helps. Please let me know what else you'd like me to do.

Thank you,
Veronica

Attached Files

  • Attached File  ark.txt   13.05KB   4 downloads

Edited by Ithacuse, 26 August 2010 - 01:50 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:18 PM

Posted 27 August 2010 - 01:46 AM

Hi,

we need to take a closer look at your MBR:
  • Please download mbr.exe and save it to C:\windows <- (Important!).
  • Open NOTEPAD and copy/paste the text in the quotebox below into it:
    CODE
    @ECHO OFF
    CD "%~DP0"
    MBR -c 0 1 backup_mbr.zip
    DEL %0

  • Save this as mbrlook.bat. Choose to "Save type as - All Files" and save it to your Desktop.
    It should look like this:
  • Double click the mbrlook.bat to run it.
  • A file named mbr.zip will be created on your desktop. Please attach that to your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Ithacuse

Ithacuse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:18 PM

Posted 27 August 2010 - 07:49 AM

Hello myrti

It created a file named backup_mbr.zip
I'm attaching it to this post.

Thank you,
Veronica

Attached Files



#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:18 PM

Posted 27 August 2010 - 08:00 AM

Hi,

thanks. smile.gif

Please run gooredfix next:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 Ithacuse

Ithacuse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:18 PM

Posted 27 August 2010 - 08:10 AM

Hey!

Here's the log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 09:07 on 27/08/2010 (Veronica)
Firefox version 3.6.8 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{85D4C535-C0B1-4CA1-BD9D-6FE9F2C50E20} -> Success!
Deleting C:\Documents and Settings\Veronica\Local Settings\Application Data\{85D4C535-C0B1-4CA1-BD9D-6FE9F2C50E20} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:39 18/08/2010]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [17:17 18/03/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [19:11 31/03/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [09:07 09/10/2009]

C:\Documents and Settings\Veronica\Application Data\Mozilla\Firefox\Profiles\7q545ey2.default\extensions\
ietab@ip.cn [21:36 07/07/2010]
twitternotifier@naan.net [21:36 07/07/2010]
zotero@chnm.gmu.edu [22:07 06/05/2010]
zoteroWinWordIntegration@zotero.org [21:36 07/07/2010]
{1280606b-2510-4fe0-97ef-9b5a22eafe30} [21:35 21/07/2010]
{20a82645-c095-46ed-80e3-08825760534b} [22:07 06/05/2010]
{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} [19:40 11/02/2010]
{3112ca9c-de6d-4884-a869-9855de68056c} [02:03 02/08/2010]
{d37dc5d0-431d-44e5-8c91-49419370caa1} [21:36 07/07/2010]
{DDC359D1-844A-42a7-9AA1-88A850A938A8} [21:36 07/07/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\browserrecord" [03:48 26/11/2008]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [12:44 07/08/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [17:17 18/03/2009]
"{000a9d1c-beef-4f90-9363-039d445309b8}"="C:\Program Files\Google\Google Gears\Firefox\" [14:11 06/03/2010]

-=E.O.F=-

Thank you,
Veronica

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:18 PM

Posted 27 August 2010 - 08:22 AM

Hi,

can you please try and let me know if the redirects have stopped. Could you please also give me the exact make of your PC.

regards myrti

Edited by myrti, 27 August 2010 - 08:23 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Ithacuse

Ithacuse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:18 PM

Posted 27 August 2010 - 08:37 AM

Thank you, myrti!
It's difficult to check the redirect because it would usually happen every now and then and not all the time, but so far Google and all its services seem to work fine.
My computer is Lenovo T61 (7658-CTO). Do you need anything more specific than that?

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:18 PM

Posted 27 August 2010 - 10:19 AM

Hi,

please do some testing and let me know if the redirects come back.

Please run a scan with Eset to check for leftovers:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Ithacuse

Ithacuse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:04:18 PM

Posted 27 August 2010 - 06:01 PM

Hello myrti,

With the testing I've done so far it looks like all my google results are clean. Hopefully this will persist.

I ran the ESET Online scanner and it didn't find anything, the scan results indicated "No threats found" with 0 infected files and therefore there was no report.
Looks like I'm clean! clapping.gif

Thank you so much, myrti!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users