Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop freezing


  • This topic is locked This topic is locked
11 replies to this topic

#1 kingscorpio

kingscorpio

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 03 January 2011 - 06:08 AM

Hi,

My laptop started freezing randomly since last couple of days. I have attached the required log files. Please help.

Thanks in advance.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Aministrator at 16:46:27.64 on 03/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1908.672 [GMT 5.5:30]

AV: Symantec AntiVirus Corporate Edition *Enabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ngvpnmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\program files\ibm\personal communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\IBM\Java60\jre\bin\jqs.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\notes\nsd.exe
c:\notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetClientSvc.exe
C:\PROGRA~1\CLIENT~1\BIN\omtsreco.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\Drivers\ldlcserv6.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\alg.exe
C:\program files\ibm\personal communications\tpam.exe
C:\Program Files\c4ebreg\isamtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\AT&T Network Client\NetClient.exe
C:\Program Files\AT&T Network Client\NetMsg.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\putty.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.ups.com:8080
uInternet Settings,ProxyOverride = *.ups.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\ibm\java60\jre\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\ibm\java60\jre\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\ibm\java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SODCPreLoad] c:\program files\ibm\lotus\symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe c:\docume~1\admini~1\ibm\lotus\symphony\.sodc\
uRun: [Greenshot] "c:\program files\greenshot\Greenshot.exe"
uRun: [NetSP - restore settings on power failure] "c:\program files\at&t network client\NetSP.exe" -show
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [stgclean] c:\sdwork\w32maing.exe /cleanup
mRun: [Tpam.exe] "c:\program files\ibm\personal communications\tpam.exe"
mRun: [ISSI Service] "c:\sdwork\issimsvc.exe"
mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q
mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe"
mRun: [IMSS] "c:\program files\intel\intel® management engine components\imss\PIconStartup.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~2\symant~2\VPTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pgptra~1.lnk - c:\windows\installer\{75ee34af-f9ec-4f6f-94dd-6a2371e4cffe}\Icon6560581611.exe
uPolicies-explorer: NoDevMgrUpdate = 1 (0x1)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228972592890
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257306949125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9519B2A2-6592-4E41-8290-D0298459270C} - hxxp://w3.ibm.com/bluepages/scripts/lnwebassist.cab
DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} - hxxp://w3.ibm.com/tools/print/plugin/gpwsx.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://
TCP: interfaces = 153.2.0.6,153.2.128.6
TCP: {2A09DE9D-A8A8-48C7-8439-C1B45C200A32} = 153.2.0.6,153.2.128.6
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\progra~1\quests~1\toadfo~1\RNetPin.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: pcsinst - pcsinst.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\p9mdzysh.default\
FF - prefs.js: browser.startup.homepage - hxxp://w3.ibm.com/
FF - prefs.js: network.proxy.ftp - proxy.ups.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - proxy.ups.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - proxy.ups.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.ups.com
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.ups.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\p9mdzysh.default\extensions\ibm-cck@firefox-extensions.ibm.com\platform\winnt_x86-msvc\plugins\npaddtonab.dll
FF - plugin: c:\notes\jvm\bin\npjpi160.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\NPJPI150.dll
FF - plugin: c:\program files\ibm\java50\jre\bin\npwebscl.dll
FF - plugin: c:\program files\ibm\java60\jre\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npcpsweb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - Ext: IBM CCK: IBM-cck@firefox-extensions.ibm.com - c:\program files\mozilla firefox\extensions\IBM-cck@firefox-extensions.ibm.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: IBM CCK: IBM-cck@firefox-extensions.ibm.com - %profile%\extensions\IBM-cck@firefox-extensions.ibm.com
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: CheckPlaces: checkplaces@andyhalford.com - %profile%\extensions\checkplaces@andyhalford.com
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

============= SERVICES / DRIVERS ===============

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-7-21 24304]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-7-21 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-7-21 46864]
R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2009-11-10 17968]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-7-19 202400]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-7-21 132456]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [2009-3-12 70656]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-7-21 45056]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-7-21 167080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-1-3 99176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-7-21 125696]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-7-21 235520]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060908.041\naveng.sys [2011-1-3 79240]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060908.041\navex15.sys [2011-1-3 828872]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\drivers\nglog.sys [2010-3-17 27208]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\drivers\ngvpn.sys [2010-3-17 79944]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-7-21 33552]
S2 artstartsvc;IBM Mobility Client Start Utility;c:\program files\ibm\mobility client\artstartsvc.exe [2010-7-21 11264]
S3 csrcmds;csrcmds;c:\program files\ibm\personal communications\csrcmds.exe [2009-3-12 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [2009-3-12 36864]
S3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [2010-7-20 6400]
S3 NgFilter;Aventail VPN Filter;c:\windows\system32\drivers\ngfilter.sys [2010-3-17 22600]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\drivers\ngwfp.sys [2010-3-17 25160]
S3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2010-7-21 816792]
S3 wcndis;Mobility Client Virtual Miniport;c:\windows\system32\drivers\wcndis.sys [2010-7-21 8704]

=============== Created Last 30 ================

2011-01-03 09:00:10 -------- d-----w- c:\program files\ESET
2011-01-03 07:05:25 48816 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-01-03 07:05:25 109744 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-01-03 06:27:36 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\AGNS
2011-01-03 06:25:18 -------- d-----w- c:\docume~1\alluse~1\applic~1\AGNS
2011-01-03 06:20:57 19328 ----a-w- c:\windows\agnwifi.sys
2010-12-31 10:59:13 472064 ----a-w- C:\RootRepeal.exe
2010-12-31 10:55:21 -------- d-----w- C:\MGtools
2010-12-31 10:32:12 -------- d-sha-r- C:\cmdcons
2010-12-31 10:26:44 98816 ----a-w- c:\windows\sed.exe
2010-12-31 10:26:44 89088 ----a-w- c:\windows\MBR.exe
2010-12-31 10:26:44 256512 ----a-w- c:\windows\PEV.exe
2010-12-31 10:26:44 161792 ----a-w- c:\windows\SWREG.exe
2010-12-31 10:20:41 2416795 ----a-w- C:\MGtools.exe
2010-12-30 08:13:50 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Google
2010-12-29 11:00:00 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-12-29 11:00:00 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-12-29 11:00:00 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-12-28 07:20:09 -------- d-sh--w- c:\windows\ftpcache
2010-12-23 06:17:14 -------- d-----w- c:\docume~1\admini~1\applic~1\TuneUp Software
2010-12-23 06:16:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2010-12-23 06:16:21 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-14 12:11:04 -------- d-----w- C:\Notes_Preferences_Backup
2010-12-09 06:37:32 291714 ----a-w- c:\windows\system32\WBDCC34I.DLL
2010-12-08 10:26:29 -------- d-----w- c:\program files\Ghostgum
2010-12-08 10:25:43 -------- d-----w- c:\program files\gs

==================== Find3M ====================

2010-10-21 20:14:09 68888 ----a-w- c:\windows\isamunin.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST9160412AS rev.0003LVM1 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xA4FE2000]<< >>UNKNOWN [0xF76B7000]<< >>UNKNOWN [0xF76A7000]<< >>UNKNOWN [0xF75A8000]<< >>UNKNOWN [0x806FF000]<< >>UNKNOWN [0xF7482000]<< >>UNKNOWN [0xF7A4F000]<< >>UNKNOWN [0xF7707000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
kernel: MBR read successfully
_asm { JMP 0x4a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0xF7489864
user & kernel MBR OK
copy of MBR has been found in sector 13 !

============= FINISH: 16:50:31.15 ===============

Attached Files


Edited by kingscorpio, 03 January 2011 - 06:30 AM.


BC AdBot (Login to Remove)

 


#2 kingscorpio

kingscorpio
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 05 January 2011 - 11:35 PM

Bump please

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 PM

Posted 09 January 2011 - 04:07 AM

Hello, and :welcome: to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :)

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold


    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Push the Posted Image button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 kingscorpio

kingscorpio
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 11 January 2011 - 12:10 AM

Thank you very much for taking the time to look into my problem. Here are the contents of both files that you requested.

OTL logfile created on: 11/01/2011 10:18:50 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 125.33 Gb Free Space | 84.09% Space Free | Partition Type: NTFS

Computer Name: UPSJUL2010 | User Name: Aministrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/11 10:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/12/10 12:06:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/22 01:44:04 | 000,294,168 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\isamtray.exe
PRC - [2010/10/22 01:43:37 | 000,490,776 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe
PRC - [2010/09/30 16:17:53 | 000,010,752 | ---- | M] (IBM Corp) -- C:\Notes\ntaskldr.exe
PRC - [2010/09/30 16:17:20 | 003,399,680 | ---- | M] (IBM Corp) -- c:\Notes\nsd.exe
PRC - [2010/09/22 14:18:46 | 001,463,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2010/09/22 14:18:46 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2010/09/22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/16 13:55:00 | 000,242,928 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2010/09/03 16:07:22 | 000,152,840 | ---- | M] (IBM) -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe
PRC - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files\Greenshot\Greenshot.exe
PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/05/12 16:47:18 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/05/12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/11 16:22:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2010/04/26 09:31:48 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2010/04/22 18:02:56 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/04/22 18:02:54 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/04/22 17:13:00 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/03/26 04:08:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2010/03/25 11:41:30 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/25 11:41:24 | 000,266,576 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/25 11:41:00 | 001,114,648 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/03/17 14:55:44 | 000,240,816 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/20 17:31:42 | 003,487,864 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
PRC - [2010/01/20 17:31:38 | 000,103,032 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPserv.exe
PRC - [2009/10/07 12:36:34 | 000,075,104 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetMsg.exe
PRC - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetClientSvc.exe
PRC - [2009/10/07 12:36:20 | 000,259,424 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetClient.exe
PRC - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe
PRC - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) -- c:\Notes\ntmulti.exe
PRC - [2009/09/29 11:27:56 | 001,676,680 | ---- | M] (IBM Corp) -- C:\Notes\nlnotes.exe
PRC - [2009/07/11 04:25:02 | 000,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
PRC - [2009/06/22 11:10:00 | 000,259,344 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2009/06/22 11:09:56 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/03/12 05:25:02 | 000,040,960 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv6.exe
PRC - [2009/03/12 05:25:02 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv.exe
PRC - [2009/03/12 05:24:58 | 000,032,768 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\trcboot.exe
PRC - [2009/03/12 05:16:42 | 000,028,672 | ---- | M] () -- C:\Program Files\IBM\personal communications\tpam.exe
PRC - [2009/03/12 05:00:38 | 000,036,864 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\personal communications\PCS_AGNT.EXE
PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/03/14 02:35:22 | 000,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe
PRC - [2007/03/09 14:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 13:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2006/09/27 14:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2006/09/27 14:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2006/09/06 16:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/08/15 17:46:14 | 000,057,616 | ---- | M] (Oracle Corporation) -- C:\Program Files\client_10G\BIN\omtsreco.exe


========== Modules (SafeList) ==========

MOD - [2011/01/11 10:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/09/22 14:18:56 | 000,099,688 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2010/09/22 14:18:56 | 000,075,112 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2010/01/20 17:31:38 | 000,050,808 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPhk.dll
MOD - [2009/06/22 11:10:02 | 000,398,608 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2007/01/25 15:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\C4ebreg\isamsmt.exe -- (ISAMsmt)
SRV - [2010/10/22 01:43:37 | 000,490,776 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\c4ebreg\c4ebreg.exe -- (ISAMSvc)
SRV - [2010/09/30 16:17:20 | 003,399,680 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2010/09/22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/16 13:55:00 | 000,242,928 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
SRV - [2010/09/03 16:07:22 | 000,152,840 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/05/12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/04/26 09:31:48 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo)
SRV - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/03/25 11:41:30 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/25 11:41:24 | 000,266,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/17 14:55:44 | 000,240,816 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/01/20 17:31:38 | 000,103,032 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\WINDOWS\system32\PGPserv.exe -- (PGPserv)
SRV - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\netcfgsvr.exe -- (NetCfgSvr)
SRV - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- c:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2009/06/22 11:09:56 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/03/12 05:25:14 | 000,032,768 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appnnode.exe -- (AppnNode)
SRV - [2009/03/12 05:25:04 | 000,036,864 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cstrcser.exe -- (cstrcser)
SRV - [2009/03/12 05:25:02 | 000,040,960 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv6.exe -- (ldlcserv6) IBM Enterprise Extender (IPv6)
SRV - [2009/03/12 05:25:02 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv.exe -- (ldlcserv) IBM Enterprise Extender (IPv4)
SRV - [2009/03/12 05:24:58 | 000,032,768 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\trcboot.exe -- (TrcBoot)
SRV - [2009/03/12 05:00:14 | 000,049,152 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\program files\ibm\personal communications\csrcmds.exe -- (csrcmds)
SRV - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/03/14 02:35:22 | 000,011,264 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe -- (artstartsvc)
SRV - [2007/03/14 02:32:12 | 000,073,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IBM\Mobility Client\artsvc.exe -- (ArtourService)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/27 14:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2006/09/27 14:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2006/08/25 17:30:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/11/14 06:36:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/15 17:46:14 | 000,057,616 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\client_10G\BIN\omtsreco.exe -- (OracleMTSRecoveryService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/01/03 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110103.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/03 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/03 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/03 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110103.001\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/23 09:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/16 19:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/07/21 15:58:16 | 000,006,400 | ---- | M] (IBM Corp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\isamfilter.sys -- (IsamFilter)
DRV - [2010/07/21 13:39:01 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxdrv.sys -- (pmxdrv)
DRV - [2010/07/20 23:47:03 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2010/05/12 01:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/05/12 01:25:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/04/16 16:22:04 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/04/05 11:03:20 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2010/03/30 17:58:18 | 001,756,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/03/26 05:15:54 | 001,988,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2010/03/26 04:08:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2010/03/17 14:55:14 | 000,025,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2010/03/17 14:55:06 | 000,022,600 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2010/03/17 14:54:58 | 000,079,944 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2010/03/17 14:53:24 | 000,027,208 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
DRV - [2010/01/29 10:27:12 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/20 17:31:42 | 000,246,392 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)
DRV - [2010/01/20 17:31:42 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV - [2010/01/20 17:31:38 | 000,215,672 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PGPwded.sys -- (PGPwded)
DRV - [2010/01/19 21:50:10 | 000,235,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2009/12/10 09:33:34 | 000,167,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/10/07 12:41:44 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2009/10/07 12:41:24 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2009/10/07 12:05:12 | 000,219,776 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2009/09/29 21:23:24 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2009/09/18 13:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/06/30 11:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 11:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 11:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/06/22 11:10:08 | 000,046,864 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/06/22 11:10:06 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/06/22 11:10:06 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/03/12 05:25:22 | 001,318,816 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\appn.sys -- (Appn)
DRV - [2009/03/12 05:25:18 | 000,208,928 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AppnBase.sys -- (AppnBase)
DRV - [2009/03/12 05:25:16 | 000,120,256 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\appnapi.sys -- (AppnApi)
DRV - [2009/03/12 05:25:16 | 000,038,280 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\anydlc.sys -- (Anydlc)
DRV - [2009/03/12 05:25:14 | 000,075,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnacom.sys -- (pdlnacom)
DRV - [2009/03/12 05:25:14 | 000,036,032 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnafac.sys -- (pdlnafac)
DRV - [2009/03/12 05:25:12 | 000,160,256 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncfwk.sys -- (pdlncfwk)
DRV - [2009/03/12 05:25:12 | 000,020,480 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatcm.sys -- (pdlnatcm)
DRV - [2009/03/12 05:25:12 | 000,018,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatdl.sys -- (pdlnatdl)
DRV - [2009/03/12 05:25:10 | 000,070,144 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndlpb.sys -- (pdlndlpb)
DRV - [2009/03/12 05:25:10 | 000,064,512 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlndldl.sys -- (pdlndldl) IBM Enterprise Extender (HPR/IPv4)
DRV - [2009/03/12 05:25:10 | 000,012,800 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndint.sys -- (pdlndint)
DRV - [2009/03/12 05:25:10 | 000,012,288 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlnctdl.sys -- (pdlnctdl)
DRV - [2009/03/12 05:25:10 | 000,006,768 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncbas.sys -- (pdlncbas)
DRV - [2009/03/12 05:25:08 | 000,067,168 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemap.sys -- (pdlnemap)
DRV - [2009/03/12 05:25:08 | 000,067,072 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndsdl.sys -- (pdlndsdl)
DRV - [2009/03/12 05:25:08 | 000,053,248 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndqll.sys -- (pdlndqll)
DRV - [2009/03/12 05:25:08 | 000,051,712 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndtdl.sys -- (pdlndtdl)
DRV - [2009/03/12 05:25:08 | 000,050,320 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnecfg.sys -- (pdlnecfg)
DRV - [2009/03/12 05:25:08 | 000,018,944 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndoem.sys -- (pdlndoem)
DRV - [2009/03/12 05:25:06 | 000,059,488 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnshay.sys -- (pdlnshay)
DRV - [2009/03/12 05:25:06 | 000,019,968 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnepkt.sys -- (pdlnepkt)
DRV - [2009/03/12 05:25:06 | 000,012,736 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemsg.sys -- (pdlnemsg)
DRV - [2009/03/12 05:25:06 | 000,008,592 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnebas.sys -- (pdlnebas)
DRV - [2009/03/12 05:25:04 | 000,101,696 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\llc2.sys -- (IBM_LLC2)
DRV - [2009/03/12 05:25:04 | 000,070,656 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlndldl6.sys -- (pdlndldl6) IBM Enterprise Extender (HPR/IPv6)
DRV - [2009/03/12 05:25:04 | 000,058,416 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsx25.sys -- (pdlnsx25)
DRV - [2009/03/12 05:25:04 | 000,054,400 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsv25.sys -- (pdlnsv25)
DRV - [2009/03/12 05:25:04 | 000,022,368 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnslea.sys -- (pdlnslea)
DRV - [2009/03/12 05:25:02 | 000,024,588 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klognt.sys -- (KLOGNT)
DRV - [2009/03/12 05:25:00 | 000,012,028 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nstrcnt.sys -- (NsTrcNT)
DRV - [2009/02/12 14:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/10/11 01:00:58 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2008/07/24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/06/01 02:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/02/19 11:26:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/10/23 10:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/08/07 16:02:18 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/08/07 16:02:14 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2006/08/07 16:02:02 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/08/07 16:01:56 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/02/14 20:18:22 | 000,200,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20060807.097\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2006/01/30 08:05:00 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wcndis.sys -- (wcndis)
DRV - [2005/10/12 17:37:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/06/13 21:21:24 | 000,086,528 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2005/04/27 14:46:46 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2004/05/06 21:42:10 | 000,114,688 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/08/29 03:00:00 | 000,006,515 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Questionmark\QS\ProcObsrv.sys -- (ProcObsrv)
DRV - [2001/08/17 19:37:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 19:37:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 19:37:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 19:37:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 19:37:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 19:22:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 19:22:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 19:22:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 19:22:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 19:22:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 19:22:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 19:22:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 19:21:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 19:21:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 19:21:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoproxy.au.ibm.com/in_pune.pac

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoproxy.au.ibm.com/in_pune.pac

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.ups.com;<local>
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ups.com:8080
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file:///Documents and Settings\Administrator\Application Data\Aventail\Aventail Smart Tunnel.pac

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.ups.com
IE - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ups.com:8080

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://w3.ibm.com/"
FF - prefs.js..extensions.enabledItems: IBM-cck@firefox-extensions.ibm.com:2.0.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.4.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.8.0.5
FF - prefs.js..network.proxy.backup.ftp: "proxy.ups.com"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.ups.com"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.ups.com"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.ups.com"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.ups.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.ups.com"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.ups.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.ups.com"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.ups.com"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff [2010/10/27 10:06:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/06 10:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 12:06:53 | 000,000,000 | ---D | M]

[2009/06/10 06:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/12/11 22:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\eclipse1\extensions
[2011/01/10 08:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions
[2010/12/29 19:38:54 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/03 12:46:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/05 12:46:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/27 11:20:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/04 11:14:44 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\checkplaces@andyhalford.com
[2010/10/01 16:49:42 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\foxmarks@kei.com
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\chrome
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\components
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\defaults
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\platform
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\searchplugins
[2011/01/10 08:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/10 06:10:39 | 000,000,000 | ---D | M] (IE Tab) -- C:\Program Files\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/10/18 16:14:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/10 06:10:40 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com
[2009/11/10 06:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\chrome
[2009/11/10 06:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\components
[2009/06/10 06:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\defaults
[2009/06/10 06:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\platform
[2009/11/10 06:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\searchplugins
[2010/10/27 10:06:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\IBM\JAVA60\JRE\LIB\DEPLOY\JQS\FF
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/10/24 01:56:50 | 000,114,688 | ---- | M] (IBM ) -- C:\Program Files\Mozilla Firefox\plugins\npcpsweb.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/12/31 16:12:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll (IBM)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [C4EBReg] C:\Program Files\c4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Isamtray] C:\Program Files\c4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [stgclean] c:\sdwork\w32maing.exe (IBM Corp.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [Tpam.exe] C:\program files\ibm\personal communications\tpam.exe ()
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe ()
O4 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk = C:\WINDOWS\Installer\{75EE34AF-F9EC-4F6F-94DD-6A2371E4CFFE}\Icon6560581611.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.5.0)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228972592890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257306949125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} http://w3.ibm.com/bluepages/scripts/lnwebassist.cab (LNWebAssist Class)
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} http://w3.ibm.com/tools/print/plugin/gpwsx.cab (gpwsx.plugin)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 9.182.181.77 9.184.192.240 9.182.98.13
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\System32\pcsinst.dll (IBM Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 23:14:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/01/11 10:17:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/10 08:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\smkits
[2011/01/06 10:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/01/06 10:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/01/04 12:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/04 12:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/04 12:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/04 12:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/03 18:44:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/03 14:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/03 12:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Client Security
[2011/01/03 12:35:25 | 000,109,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/03 12:35:25 | 000,048,816 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/03 11:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AGNS
[2011/01/03 11:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T Network Client
[2011/01/03 11:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2011/01/03 11:50:57 | 000,019,328 | ---- | C] (AT&T) -- C:\WINDOWS\agnwifi.sys
[2010/12/31 16:29:13 | 000,472,064 | ---- | C] ( ) -- C:\RootRepeal.exe
[2010/12/31 16:02:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/31 15:56:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/31 15:56:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/31 15:56:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/31 15:56:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/31 15:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/31 15:56:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/30 13:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/12/30 13:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/29 19:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/12/29 16:30:00 | 000,091,304 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btserial.sys
[2010/12/29 16:30:00 | 000,056,992 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwhid.sys
[2010/12/29 16:30:00 | 000,037,032 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwmodem.sys
[2010/12/28 12:50:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/12/23 11:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010/12/23 11:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/12/23 11:46:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/12/15 15:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ORADM
[2010/12/14 17:41:04 | 000,000,000 | ---D | C] -- C:\Notes_Preferences_Backup
[2010/12/14 13:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2010/07/21 15:53:53 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/11 10:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/11 10:01:20 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/01/10 08:57:26 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Network Client.lnk
[2011/01/07 19:46:31 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
[2011/01/07 19:45:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/07 19:45:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/07 19:44:51 | 2000,314,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/07 19:42:59 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2011/01/06 16:53:08 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2011/01/06 13:08:51 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TP errors.doc
[2011/01/06 10:30:05 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/01/03 11:57:34 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Network Client.lnk
[2010/12/31 16:50:11 | 000,000,015 | ---- | M] () -- C:\settings.dat
[2010/12/31 16:19:26 | 000,438,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/31 16:19:26 | 000,070,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/31 16:12:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/31 16:02:19 | 000,000,340 | RHS- | M] () -- C:\boot.ini
[2010/12/31 15:52:46 | 004,012,039 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/31 12:38:05 | 000,000,294 | ---- | M] () -- C:\Boot.bak
[2010/12/31 12:06:08 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/12/30 13:59:08 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/29 16:35:57 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\btsendto_lnagent.nsf
[2010/12/29 16:29:36 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/12/29 16:09:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/12/24 11:51:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/15 11:37:30 | 000,001,320 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lotus Notes 8.5 Basic.lnk
[2010/12/15 11:37:01 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2010/12/15 11:29:53 | 000,055,163 | ---- | M] () -- C:\Documents and Settings\Administrator\install.xml
[2010/12/14 13:25:41 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics Disk Defrag.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/06 10:30:05 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/01/03 15:29:29 | 2000,314,368 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/03 11:56:22 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AT&T Network Client.lnk
[2011/01/03 11:02:05 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TP errors.doc
[2010/12/31 16:29:18 | 000,000,015 | ---- | C] () -- C:\settings.dat
[2010/12/31 15:56:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/31 15:56:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/31 15:56:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/31 15:56:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/31 15:56:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/31 15:49:49 | 004,012,039 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/29 16:09:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/12/28 10:48:35 | 000,731,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/15 11:37:30 | 000,001,320 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lotus Notes 8.5 Basic.lnk
[2010/12/14 13:25:41 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics Disk Defrag.lnk
[2010/09/22 14:18:56 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010/09/14 16:06:30 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2010/09/10 18:06:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/09/10 15:16:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2010/09/01 12:15:38 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/08/30 11:36:43 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Questionmark Secure.INI
[2010/08/25 15:45:46 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 14:52:45 | 000,000,561 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/21 17:14:32 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2010/07/21 16:24:49 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\artutils.dll
[2010/07/21 16:24:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wecmgina.dll
[2010/07/21 16:24:49 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\artapi.dll
[2010/07/21 16:24:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\artapij.dll
[2010/07/21 16:24:49 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\wcndis.sys
[2010/07/21 16:01:17 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/07/21 16:00:03 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/07/21 15:49:25 | 000,816,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\pmxdrv.sys
[2010/07/21 14:09:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\End User Guide-Important Links.ini
[2010/03/17 14:58:08 | 000,127,664 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2010/03/10 05:27:30 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2010/01/20 17:31:38 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig
[2009/11/11 02:58:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/10/07 12:04:32 | 000,144,236 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/11/15 02:54:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdresrc.dll
[2008/11/15 02:54:04 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\pdclntif.dll
[2008/11/15 02:54:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\pdprDlg.dll
[2008/11/15 02:54:04 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\selnt.dll
[2008/11/15 02:54:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IBMMenu.dll
[2007/07/23 12:29:30 | 000,366,592 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab3.dll
[2007/07/23 12:29:28 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab1.dll
[2007/07/23 12:29:28 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab2.dll
[2007/07/23 12:29:28 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab.dll
[2007/07/23 12:29:28 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab5.dll
[2007/07/23 12:29:28 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab6.dll
[2007/07/23 12:29:28 | 000,208,384 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab8.dll
[2007/07/23 12:29:28 | 000,208,384 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab7.dll
[2007/07/23 12:29:26 | 000,384,000 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab4.dll
[2007/06/28 14:37:10 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\pwrpc32.dll
[2006/07/18 02:00:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/01/24 06:25:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/01/19 13:34:53 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2005/04/27 15:23:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2005/04/06 01:29:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2005/04/05 01:12:47 | 000,000,299 | RH-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/05 00:06:58 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/08 05:30:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[2003/04/08 05:30:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[2003/04/08 05:30:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[2003/04/08 05:30:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/10/01 05:30:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 05:30:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 05:30:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/08/03 17:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2010/11/18 10:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avaya
[2010/08/26 14:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aventail
[2010/08/04 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Centra
[2008/11/15 07:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/13 17:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Greenshot
[2010/09/08 14:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Helios
[2009/11/10 06:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2010/08/09 13:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2009/11/10 07:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lotus
[2010/09/23 13:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2010/08/03 16:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010/08/18 10:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PGP Corporation
[2010/10/06 13:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Quest Software
[2010/08/04 12:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Saba
[2011/01/10 08:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\smkits
[2010/09/14 15:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SQL Developer
[2010/12/23 11:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010/07/21 00:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinBatch
[2011/01/03 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2010/08/26 14:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2010/08/09 13:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/07/21 16:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2009/11/10 09:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IGS
[2009/11/10 07:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2010/08/18 10:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2010/07/21 16:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2010/09/14 16:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2010/09/14 16:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2011/01/07 19:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/23 12:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/12/23 11:46:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2008/07/11 03:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{ABCF2613-B074-49B8-8A4C-5EA193A250F6}
[2008/08/22 21:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\IBM
[2010/08/26 11:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PGP Corporation
[2010/12/09 10:47:21 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job
[2011/01/11 10:01:20 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >
[2009/08/13 11:14:18 | 000,472,064 | ---- | M] ( ) -- C:\RootRepeal.exe


< MD5 for: AGP440.SYS >
[2004/08/04 10:30:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/06/10 13:14:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 10:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
[2009/06/10 13:14:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 10:30:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/06/10 13:14:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 10:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2009/06/10 13:14:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/04/03 16:09:42 | 000,096,384 | ---- | M] () MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\RECYCLER\S-1-5-21-1672530451-1132425436-1860271005-500\Dc25\temp\NTSPU\atapi.sys
[2007/04/03 16:09:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] () MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-1672530451-1132425436-1860271005-500\Dc25\temp\ERDNT\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] () MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-1672530451-1132425436-1860271005-500\Dc25\temp\SPF\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 10:30:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtUninstallKB934205$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 10:30:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/11/15 09:37:52 | 000,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\Program Files\client_10G\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTOR.SYS >
[2005/10/12 17:37:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 10:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 10:30:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/06/13 21:21:24 | 000,086,528 | ---- | M] (LSI Logic) MD5=24A0901CAFCEE7343EE62565BCFB7C9A -- C:\WINDOWS\system32\drivers\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/04/05 00:04:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/04/05 00:04:03 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/04/05 00:04:03 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >

OTL Extras logfile created on: 11/01/2011 10:18:50 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 125.33 Gb Free Space | 84.09% Space Free | Partition Type: NTFS

Computer Name: UPSJUL2010 | User Name: Aministrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"IBMconfig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{0698CECB-9072-47B1-AEA1-94CA350989B8}" = Symantec Client Security
"{153E2FA0-F84F-46E3-86DC-282C04600C51}" = IBM Mobility Client
"{1CB76495-23DE-4642-B392-C78687804E47}" = IBM Tivoli Storage Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BF2C30-A7A3-47D8-9D22-F8BE72A4825B}" = Chordiant Marketing Director
"{388F6500-A541-44DB-AB89-AE9EBEE6D987}" = Lotus Notes 8.5.1
"{3FE002CF-E709-4CCB-82EF-966B6C911D6A}" = AT&T Network Client IBM
"{4004E7A9-C6AF-4A1C-A4D9-FE63F163964C}" = Questionmark Secure Browser
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44E666CF-764F-450F-93EC-BE0A824D115F}" = IBM Personal Communications
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)
"{53A93780-6073-4207-A729-A99A30AFDE40}" = AFP Workbench for Windows
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6928A265-9EED-4F8A-8016-483A4668016A}" = IBM Infoprint Select
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757debef-635e-4076-b82b-dac22feb3c9c}" = IBM Lotus Symphony
"{75E7FEE8-16B1-4B1D-82B4-9594A38EDF76}" = IBM 32-bit Runtime Environment for Java v6
"{75EE34AF-F9EC-4F6F-94DD-6A2371E4CFFE}" = PGP Desktop
"{7681A1A9-D865-4DC0-A319-41A49F5E78DB}" = Citrix online plug-in (PNA)
"{78E83B4F-7230-4F0B-B1AD-8DDF05473D6F}" = Intel® PROSet/Wireless WiFi Software
"{7D968F83-A23F-40F7-937C-A3B5A0C44048}" = My Help - Workstation Setup Wizard
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{836670E9-61EB-4D47-9EF8-CFE936C3FE32}" = Lotus Notes 8.5.1
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}" = IBM Lotus Sametime Connect 7.5.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BAC520D7-CE81-411D-A3A2-8D9C7F2DA3EF}" = Citrix online plug-in (SSON)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF8397F0-DBC9-4E14-846A-D6ECEDC79456}" = Oracle10g RunTime Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA96F3A1-F350-11D3-B354-002035C150E4}" = ILC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C757FF-2189-46C3-9528-8864B069B192}" = Toad for Oracle
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)
"{DEE232C7-A783-4E69-B5CF-3C87803762F2}" = Qualcomm Gobi 2000 Package for Lenovo
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFF415AC-3883-4338-9365-DDCB74A0CFBA}" = IBM My Help
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"082043363F1954BD06EC6A886B0B496E103B11EE" = Windows Driver Package - Intel (NETw5x32) net (03/18/2010 13.2.0.30)
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"CitrixOnlinePluginFull" = Citrix online plug-in
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CodeSite 3.0.1 Client Tools" = CodeSite 3.0.1 Client Tools
"CutePDF Writer Installation" = CutePDF Writer 2.8
"End User Guide-Important Links_is1" = End User Guide-Important Links
"ESET Online Scanner" = ESET Online Scanner v3
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"Greenshot_is1" = Greenshot
"GSview 4.9" = GSview 4.9
"IBM Ayudame" = IBM Ayudame
"IBM IGA Demo v1.0" = IBM IGA Demo v1.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{35BF2C30-A7A3-47D8-9D22-F8BE72A4825B}" = Chordiant Marketing Director
"InstallShield_{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"InstallShield_{75E7FEE8-16B1-4B1D-82B4-9594A38EDF76}" = IBM 32-bit Runtime Environment for Java v6
"ISSI" = IBM Standard Software Installer
"Knowledge Xpert for Oracle Administration V9.1.1" = Knowledge Xpert for Oracle Administration V9.1.1
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Notepad++" = Notepad++
"OnScreenDisplay" = On Screen Display
"P2P GUI" = IBM ISMA Peer-To-Peer
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"Quest Installer" = Quest Installer
"Recuva" = Recuva
"Snapshot Viewer" = Snapshot Viewer
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.1.2
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.9
"Workstation Security Tool_is1" = Workstation Security Tool 2.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/01/2011 06:06:14 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/01/2011 06:09:54 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 03/01/2011 06:09:54 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/01/2011 06:09:54 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/01/2011 06:36:30 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 03/01/2011 06:43:27 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 05/01/2011 00:40:59 | Computer Name = UPSJUL2010 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.ADH.2 in File: C:\Rajesh\work\Auto+Wecm+Script.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 05/01/2011 00:40:59 | Computer Name = UPSJUL2010 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.ADH.2 in File: C:\Rajesh\work\Auto+Wecm+Script.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 05/01/2011 00:41:10 | Computer Name = UPSJUL2010 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.ADH.2 in File: C:\Rajesh\work\Auto+Wecm+Script.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 06/01/2011 10:28:02 | Computer Name = UPSJUL2010 | Source = IBM Mobility Client | ID = 131338
Description = The password is not valid.

[ System Events ]
Error - 07/01/2011 06:43:51 | Computer Name = UPSJUL2010 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 07/01/2011 06:43:51 | Computer Name = UPSJUL2010 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 07/01/2011 07:50:24 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 08:14:27 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 09:26:33 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 09:38:33 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 10:02:33 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 10:12:32 | Computer Name = UPSJUL2010 | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 11/01/2011 00:50:22 | Computer Name = UPSJUL2010 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/01/2011 00:50:22 | Computer Name = UPSJUL2010 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

Thank you very much for taking the time to look into my problem. Here are the contents of both files that you requested.

OTL logfile created on: 11/01/2011 10:18:50 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 125.33 Gb Free Space | 84.09% Space Free | Partition Type: NTFS

Computer Name: UPSJUL2010 | User Name: Aministrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/11 10:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/12/10 12:06:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/22 01:44:04 | 000,294,168 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\isamtray.exe
PRC - [2010/10/22 01:43:37 | 000,490,776 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe
PRC - [2010/09/30 16:17:53 | 000,010,752 | ---- | M] (IBM Corp) -- C:\Notes\ntaskldr.exe
PRC - [2010/09/30 16:17:20 | 003,399,680 | ---- | M] (IBM Corp) -- c:\Notes\nsd.exe
PRC - [2010/09/22 14:18:46 | 001,463,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2010/09/22 14:18:46 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2010/09/22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/09/16 13:55:00 | 000,242,928 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2010/09/03 16:07:22 | 000,152,840 | ---- | M] (IBM) -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe
PRC - [2010/07/12 07:52:50 | 000,548,864 | ---- | M] () -- C:\Program Files\Greenshot\Greenshot.exe
PRC - [2010/05/12 17:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/05/12 17:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2010/05/12 16:47:18 | 000,071,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe
PRC - [2010/05/12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2010/05/11 16:22:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2010/04/26 09:31:48 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
PRC - [2010/04/22 18:02:56 | 000,181,608 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2010/04/22 18:02:54 | 000,431,464 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010/04/22 17:13:00 | 000,176,128 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2010/03/26 04:08:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2010/03/25 11:41:30 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/25 11:41:24 | 000,266,576 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/25 11:41:00 | 001,114,648 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/03/17 14:55:44 | 000,240,816 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\system32\ngvpnmgr.exe
PRC - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/01/20 17:31:42 | 003,487,864 | ---- | M] (PGP Corporation) -- C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
PRC - [2010/01/20 17:31:38 | 000,103,032 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPserv.exe
PRC - [2009/10/07 12:36:34 | 000,075,104 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetMsg.exe
PRC - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetClientSvc.exe
PRC - [2009/10/07 12:36:20 | 000,259,424 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\NetClient.exe
PRC - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe
PRC - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) -- c:\Notes\ntmulti.exe
PRC - [2009/09/29 11:27:56 | 001,676,680 | ---- | M] (IBM Corp) -- C:\Notes\nlnotes.exe
PRC - [2009/07/11 04:25:02 | 000,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
PRC - [2009/06/22 11:10:00 | 000,259,344 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2009/06/22 11:09:56 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2009/03/12 05:25:02 | 000,040,960 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv6.exe
PRC - [2009/03/12 05:25:02 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv.exe
PRC - [2009/03/12 05:24:58 | 000,032,768 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\trcboot.exe
PRC - [2009/03/12 05:16:42 | 000,028,672 | ---- | M] () -- C:\Program Files\IBM\personal communications\tpam.exe
PRC - [2009/03/12 05:00:38 | 000,036,864 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\personal communications\PCS_AGNT.EXE
PRC - [2008/04/14 05:42:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2007/03/14 02:35:22 | 000,011,264 | ---- | M] () -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe
PRC - [2007/03/09 14:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2007/03/08 13:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2006/09/27 14:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2006/09/27 14:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2006/09/06 16:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/08/15 17:46:14 | 000,057,616 | ---- | M] (Oracle Corporation) -- C:\Program Files\client_10G\BIN\omtsreco.exe


========== Modules (SafeList) ==========

MOD - [2011/01/11 10:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/09/22 14:18:56 | 000,099,688 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2010/09/22 14:18:56 | 000,075,112 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll
MOD - [2010/01/20 17:31:38 | 000,050,808 | ---- | M] (PGP Corporation) -- C:\WINDOWS\system32\PGPhk.dll
MOD - [2009/06/22 11:10:02 | 000,398,608 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2007/01/25 15:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\C4ebreg\isamsmt.exe -- (ISAMsmt)
SRV - [2010/10/22 01:43:37 | 000,490,776 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\c4ebreg\c4ebreg.exe -- (ISAMSvc)
SRV - [2010/09/30 16:17:20 | 003,399,680 | ---- | M] (IBM Corp) [Auto | Running] -- c:\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2010/09/22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/09/16 13:55:00 | 000,242,928 | ---- | M] (IBM Corp.) [Auto | Running] -- c:\sdwork\issimsvc.exe -- (ISSIMon)
SRV - [2010/09/03 16:07:22 | 000,152,840 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Java60\jre\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/05/12 01:25:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/05/12 01:25:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2010/04/26 09:31:48 | 000,331,512 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files\QUALCOMM\QDLService2k\QDLService2kLenovo.exe -- (QDLService2kLenovo) Qualcomm Gobi 2000 Download Service (Lenovo)
SRV - [2010/04/22 18:02:50 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2010/04/22 18:02:48 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010/03/25 11:41:30 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/25 11:41:24 | 000,266,576 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/17 14:55:44 | 000,240,816 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\system32\ngvpnmgr.exe -- (NgVpnMgr)
SRV - [2010/03/05 10:01:46 | 000,862,480 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2010/03/05 09:54:20 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2010/03/05 09:43:50 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2010/01/20 17:31:38 | 000,103,032 | ---- | M] (PGP Corporation) [Auto | Running] -- C:\WINDOWS\system32\PGPserv.exe -- (PGPserv)
SRV - [2009/10/07 12:36:20 | 000,263,520 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\NetClientSvc.exe -- (NetClientSvc)
SRV - [2009/10/07 12:36:18 | 000,619,872 | ---- | M] (AT&T) [Auto | Running] -- C:\Program Files\AT&T Network Client\netcfgsvr.exe -- (NetCfgSvr)
SRV - [2009/09/29 11:30:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- c:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2009/06/22 11:09:56 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2009/03/12 05:25:14 | 000,032,768 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appnnode.exe -- (AppnNode)
SRV - [2009/03/12 05:25:04 | 000,036,864 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cstrcser.exe -- (cstrcser)
SRV - [2009/03/12 05:25:02 | 000,040,960 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv6.exe -- (ldlcserv6) IBM Enterprise Extender (IPv6)
SRV - [2009/03/12 05:25:02 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv.exe -- (ldlcserv) IBM Enterprise Extender (IPv4)
SRV - [2009/03/12 05:24:58 | 000,032,768 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\trcboot.exe -- (TrcBoot)
SRV - [2009/03/12 05:00:14 | 000,049,152 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\program files\ibm\personal communications\csrcmds.exe -- (csrcmds)
SRV - [2007/06/01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/03/14 02:35:22 | 000,011,264 | ---- | M] () [Auto | Running] -- C:\Program Files\IBM\Mobility Client\artstartsvc.exe -- (artstartsvc)
SRV - [2007/03/14 02:32:12 | 000,073,728 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IBM\Mobility Client\artsvc.exe -- (ArtourService)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/27 14:15:56 | 000,173,744 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2006/09/27 14:14:44 | 000,087,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2006/08/25 17:30:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:10 | 000,202,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005/11/14 06:36:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/15 17:46:14 | 000,057,616 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\client_10G\BIN\omtsreco.exe -- (OracleMTSRecoveryService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2011/01/03 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110103.001\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/01/03 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/01/03 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/01/03 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110103.001\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/23 09:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/09/16 19:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/07/21 15:58:16 | 000,006,400 | ---- | M] (IBM Corp.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\isamfilter.sys -- (IsamFilter)
DRV - [2010/07/21 13:39:01 | 000,816,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pmxdrv.sys -- (pmxdrv)
DRV - [2010/07/20 23:47:03 | 000,013,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpm.sys -- (tpm)
DRV - [2010/05/12 01:25:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/05/12 01:25:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2010/04/16 16:22:04 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2010/04/05 11:03:20 | 006,601,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2010/03/30 17:58:18 | 001,756,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2010/03/26 05:15:54 | 001,988,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2010/03/26 04:08:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2010/03/17 14:55:14 | 000,025,160 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngwfp.sys -- (NgWfp)
DRV - [2010/03/17 14:55:06 | 000,022,600 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ngfilter.sys -- (NgFilter)
DRV - [2010/03/17 14:54:58 | 000,079,944 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ngvpn.sys -- (NgVpn)
DRV - [2010/03/17 14:53:24 | 000,027,208 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nglog.sys -- (NgLog)
DRV - [2010/01/29 10:27:12 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/20 17:31:42 | 000,246,392 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\PGPdisk.sys -- (PGPdisk)
DRV - [2010/01/20 17:31:42 | 000,040,568 | ---- | M] (PGP Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PGPsdk.sys -- (PGPsdkDriver)
DRV - [2010/01/20 17:31:38 | 000,215,672 | ---- | M] (PGP Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\PGPwded.sys -- (PGPwded)
DRV - [2010/01/19 21:50:10 | 000,235,520 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2009/12/10 09:33:34 | 000,167,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/10/07 12:41:44 | 000,019,328 | R--- | M] (AT&T) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\agnwifi.sys -- (agnwifi)
DRV - [2009/10/07 12:41:24 | 000,011,392 | R--- | M] (AT&T) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avpnnic.sys -- (avpnnic)
DRV - [2009/10/07 12:05:12 | 000,219,776 | ---- | M] (AT&T) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\agnfilt.sys -- (agnfilt)
DRV - [2009/09/29 21:23:24 | 000,017,968 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\vmscsi.sys -- (vmscsi)
DRV - [2009/09/18 13:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/08/10 01:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/06/30 11:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 11:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 11:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/06/22 11:10:08 | 000,046,864 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/06/22 11:10:06 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/06/22 11:10:06 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/03/12 05:25:22 | 001,318,816 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\appn.sys -- (Appn)
DRV - [2009/03/12 05:25:18 | 000,208,928 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AppnBase.sys -- (AppnBase)
DRV - [2009/03/12 05:25:16 | 000,120,256 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\appnapi.sys -- (AppnApi)
DRV - [2009/03/12 05:25:16 | 000,038,280 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\anydlc.sys -- (Anydlc)
DRV - [2009/03/12 05:25:14 | 000,075,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnacom.sys -- (pdlnacom)
DRV - [2009/03/12 05:25:14 | 000,036,032 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnafac.sys -- (pdlnafac)
DRV - [2009/03/12 05:25:12 | 000,160,256 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncfwk.sys -- (pdlncfwk)
DRV - [2009/03/12 05:25:12 | 000,020,480 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatcm.sys -- (pdlnatcm)
DRV - [2009/03/12 05:25:12 | 000,018,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnatdl.sys -- (pdlnatdl)
DRV - [2009/03/12 05:25:10 | 000,070,144 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndlpb.sys -- (pdlndlpb)
DRV - [2009/03/12 05:25:10 | 000,064,512 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlndldl.sys -- (pdlndldl) IBM Enterprise Extender (HPR/IPv4)
DRV - [2009/03/12 05:25:10 | 000,012,800 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndint.sys -- (pdlndint)
DRV - [2009/03/12 05:25:10 | 000,012,288 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlnctdl.sys -- (pdlnctdl)
DRV - [2009/03/12 05:25:10 | 000,006,768 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlncbas.sys -- (pdlncbas)
DRV - [2009/03/12 05:25:08 | 000,067,168 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemap.sys -- (pdlnemap)
DRV - [2009/03/12 05:25:08 | 000,067,072 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndsdl.sys -- (pdlndsdl)
DRV - [2009/03/12 05:25:08 | 000,053,248 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndqll.sys -- (pdlndqll)
DRV - [2009/03/12 05:25:08 | 000,051,712 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndtdl.sys -- (pdlndtdl)
DRV - [2009/03/12 05:25:08 | 000,050,320 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnecfg.sys -- (pdlnecfg)
DRV - [2009/03/12 05:25:08 | 000,018,944 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlndoem.sys -- (pdlndoem)
DRV - [2009/03/12 05:25:06 | 000,059,488 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnshay.sys -- (pdlnshay)
DRV - [2009/03/12 05:25:06 | 000,019,968 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnepkt.sys -- (pdlnepkt)
DRV - [2009/03/12 05:25:06 | 000,012,736 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnemsg.sys -- (pdlnemsg)
DRV - [2009/03/12 05:25:06 | 000,008,592 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnebas.sys -- (pdlnebas)
DRV - [2009/03/12 05:25:04 | 000,101,696 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\llc2.sys -- (IBM_LLC2)
DRV - [2009/03/12 05:25:04 | 000,070,656 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\pdlndldl6.sys -- (pdlndldl6) IBM Enterprise Extender (HPR/IPv6)
DRV - [2009/03/12 05:25:04 | 000,058,416 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsx25.sys -- (pdlnsx25)
DRV - [2009/03/12 05:25:04 | 000,054,400 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnsv25.sys -- (pdlnsv25)
DRV - [2009/03/12 05:25:04 | 000,022,368 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\pdlnslea.sys -- (pdlnslea)
DRV - [2009/03/12 05:25:02 | 000,024,588 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\klognt.sys -- (KLOGNT)
DRV - [2009/03/12 05:25:00 | 000,012,028 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\nstrcnt.sys -- (NsTrcNT)
DRV - [2009/02/12 14:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/10/11 01:00:58 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [2008/07/24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/12 20:22:04 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/06/01 02:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007/02/19 11:26:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/10/23 10:23:28 | 000,017,778 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/08/07 16:02:18 | 000,031,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006/08/07 16:02:14 | 000,028,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2006/08/07 16:02:02 | 000,110,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006/08/07 16:01:56 | 000,012,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/02/14 20:18:22 | 000,200,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20060807.097\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2006/01/30 08:05:00 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wcndis.sys -- (wcndis)
DRV - [2005/10/12 17:37:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\iaStor.sys -- (iastor)
DRV - [2005/09/28 17:07:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/06/13 21:21:24 | 000,086,528 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2005/04/27 14:46:46 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\egathdrv.sys -- (EGATHDRV)
DRV - [2004/05/06 21:42:10 | 000,114,688 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/08/29 03:00:00 | 000,006,515 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Questionmark\QS\ProcObsrv.sys -- (ProcObsrv)
DRV - [2001/08/17 19:37:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 19:37:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 19:37:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 19:37:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 19:37:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 19:22:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 19:22:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 19:22:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 19:22:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 19:22:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 19:22:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 19:22:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 19:21:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 19:21:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 19:21:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoproxy.au.ibm.com/in_pune.pac

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://autoproxy.au.ibm.com/in_pune.pac

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.ups.com;<local>
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ups.com:8080
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file:///Documents and Settings\Administrator\Application Data\Aventail\Aventail Smart Tunnel.pac

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.ups.com
IE - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ups.com:8080

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://w3.ibm.com/"
FF - prefs.js..extensions.enabledItems: IBM-cck@firefox-extensions.ibm.com:2.0.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: checkplaces@andyhalford.com:2.4.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.8.0.5
FF - prefs.js..network.proxy.backup.ftp: "proxy.ups.com"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "proxy.ups.com"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.ups.com"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.ups.com"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.ups.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy.ups.com"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy.ups.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.ups.com"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.ups.com"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ff [2010/10/27 10:06:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/06 10:37:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 12:06:53 | 000,000,000 | ---D | M]

[2009/06/10 06:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/12/11 22:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\eclipse1\extensions
[2011/01/10 08:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions
[2010/12/29 19:38:54 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/03 12:46:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/05 12:46:19 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/27 11:20:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/04 11:14:44 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\checkplaces@andyhalford.com
[2010/10/01 16:49:42 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\foxmarks@kei.com
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\chrome
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\components
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\defaults
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\platform
[2010/10/21 16:38:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\IBM-cck@firefox-extensions.ibm.com\searchplugins
[2011/01/10 08:55:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/10 06:10:39 | 000,000,000 | ---D | M] (IE Tab) -- C:\Program Files\Mozilla Firefox\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/10/18 16:14:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/10 06:10:40 | 000,000,000 | ---D | M] (IBM CCK) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com
[2009/11/10 06:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\chrome
[2009/11/10 06:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\components
[2009/06/10 06:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\defaults
[2009/06/10 06:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\platform
[2009/11/10 06:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\searchplugins
[2010/10/27 10:06:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\IBM\JAVA60\JRE\LIB\DEPLOY\JQS\FF
[2010/05/12 16:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2010/05/12 16:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2010/05/12 16:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2010/05/12 16:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2009/10/24 01:56:50 | 000,114,688 | ---- | M] (IBM ) -- C:\Program Files\Mozilla Firefox\plugins\npcpsweb.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/12 17:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2010/05/12 16:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2010/12/31 16:12:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll (IBM)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll (IBM)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\IBM\Java60\jre\lib\deploy\jqs\ie\jqs_plugin.dll (IBM)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [C4EBReg] C:\Program Files\c4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [Isamtray] C:\Program Files\c4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [stgclean] c:\sdwork\w32maing.exe (IBM Corp.)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [Tpam.exe] C:\program files\ibm\personal communications\tpam.exe ()
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500..\Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe ()
O4 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk = C:\WINDOWS\Installer\{75EE34AF-F9EC-4F6F-94DD-6A2371E4CFFE}\Icon6560581611.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\..Trusted Domains: skillport.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1672530451-1132425436-1860271005-500\..Trusted Domains: skillwsa.com ([]* in Trusted sites)
O16 - DPF: {1ACECAFE-0015-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.5.0)
O16 - DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228972592890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257306949125 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http:// (Java Plug-in 1.6.0)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} http://w3.ibm.com/bluepages/scripts/lnwebassist.cab (LNWebAssist Class)
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} http://w3.ibm.com/tools/print/plugin/gpwsx.cab (gpwsx.plugin)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http:// (Java Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http:// (Java Plug-in 1.6.0)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 9.182.181.77 9.184.192.240 9.182.98.13
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Quest Software\Toad for Oracle\RNetPin.dll ()
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\System32\pcsinst.dll (IBM Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 23:14:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2011/01/11 10:17:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/10 08:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\smkits
[2011/01/06 10:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Recuva
[2011/01/06 10:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/01/04 12:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/04 12:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/01/04 12:47:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/04 12:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/03 18:44:16 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/03 14:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/03 12:35:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Client Security
[2011/01/03 12:35:25 | 000,109,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/03 12:35:25 | 000,048,816 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/03 11:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AGNS
[2011/01/03 11:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AT&T Network Client
[2011/01/03 11:55:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2011/01/03 11:50:57 | 000,019,328 | ---- | C] (AT&T) -- C:\WINDOWS\agnwifi.sys
[2010/12/31 16:29:13 | 000,472,064 | ---- | C] ( ) -- C:\RootRepeal.exe
[2010/12/31 16:02:12 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/31 15:56:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/31 15:56:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/31 15:56:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/31 15:56:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/31 15:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/31 15:56:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/30 13:43:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/12/30 13:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/12/29 19:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/12/29 16:30:00 | 000,091,304 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btserial.sys
[2010/12/29 16:30:00 | 000,056,992 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwhid.sys
[2010/12/29 16:30:00 | 000,037,032 | ---- | C] (Broadcom Corporation.) -- C:\WINDOWS\System32\drivers\btwmodem.sys
[2010/12/28 12:50:09 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2010/12/23 11:47:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010/12/23 11:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/12/23 11:46:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/12/15 15:01:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ORADM
[2010/12/14 17:41:04 | 000,000,000 | ---D | C] -- C:\Notes_Preferences_Backup
[2010/12/14 13:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2010/07/21 15:53:53 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/11 10:17:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/01/11 10:01:20 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/01/10 08:57:26 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AT&T Network Client.lnk
[2011/01/07 19:46:31 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PGPtray.exe.lnk
[2011/01/07 19:45:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/07 19:45:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/07 19:44:51 | 2000,314,368 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/07 19:42:59 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2011/01/06 16:53:08 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2011/01/06 13:08:51 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TP errors.doc
[2011/01/06 10:30:05 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/01/03 11:57:34 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AT&T Network Client.lnk
[2010/12/31 16:50:11 | 000,000,015 | ---- | M] () -- C:\settings.dat
[2010/12/31 16:19:26 | 000,438,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/31 16:19:26 | 000,070,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/31 16:12:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/31 16:02:19 | 000,000,340 | RHS- | M] () -- C:\boot.ini
[2010/12/31 15:52:46 | 004,012,039 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/31 12:38:05 | 000,000,294 | ---- | M] () -- C:\Boot.bak
[2010/12/31 12:06:08 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/12/30 13:59:08 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/29 16:35:57 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\btsendto_lnagent.nsf
[2010/12/29 16:29:36 | 000,000,643 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2010/12/29 16:09:56 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/12/24 11:51:11 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/12/15 11:37:30 | 000,001,320 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Lotus Notes 8.5 Basic.lnk
[2010/12/15 11:37:01 | 000,001,558 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2010/12/15 11:29:53 | 000,055,163 | ---- | M] () -- C:\Documents and Settings\Administrator\install.xml
[2010/12/14 13:25:41 | 000,000,899 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics Disk Defrag.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/06 10:30:05 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Recuva.lnk
[2011/01/03 15:29:29 | 2000,314,368 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/03 11:56:22 | 000,002,271 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AT&T Network Client.lnk
[2011/01/03 11:02:05 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TP errors.doc
[2010/12/31 16:29:18 | 000,000,015 | ---- | C] () -- C:\settings.dat
[2010/12/31 15:56:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/31 15:56:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/31 15:56:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/31 15:56:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/31 15:56:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/31 15:49:49 | 004,012,039 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010/12/29 16:09:56 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/12/28 10:48:35 | 000,731,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/15 11:37:30 | 000,001,320 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Lotus Notes 8.5 Basic.lnk
[2010/12/14 13:25:41 | 000,000,899 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Auslogics Disk Defrag.lnk
[2010/09/22 14:18:56 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2010/09/14 16:06:30 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\KXauth.dll
[2010/09/10 18:06:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2010/09/10 15:16:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PUTTY.RND
[2010/09/01 12:15:38 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/08/30 11:36:43 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Questionmark Secure.INI
[2010/08/25 15:45:46 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/17 14:52:45 | 000,000,561 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/07/21 17:14:32 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2010/07/21 16:24:49 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\artutils.dll
[2010/07/21 16:24:49 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wecmgina.dll
[2010/07/21 16:24:49 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\artapi.dll
[2010/07/21 16:24:49 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\artapij.dll
[2010/07/21 16:24:49 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\wcndis.sys
[2010/07/21 16:01:17 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/07/21 16:00:03 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/07/21 15:49:25 | 000,816,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\pmxdrv.sys
[2010/07/21 14:09:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\End User Guide-Important Links.ini
[2010/03/17 14:58:08 | 000,127,664 | ---- | C] () -- C:\WINDOWS\ngmsi.dll
[2010/03/10 05:27:30 | 000,000,661 | ---- | C] () -- C:\WINDOWS\System32\VoipUpdate.ini
[2010/01/20 17:31:38 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\PGPsdk.dll.sig
[2009/11/11 02:58:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/10/07 12:04:32 | 000,144,236 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2008/11/15 02:54:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdresrc.dll
[2008/11/15 02:54:04 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\pdclntif.dll
[2008/11/15 02:54:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\pdprDlg.dll
[2008/11/15 02:54:04 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\selnt.dll
[2008/11/15 02:54:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IBMMenu.dll
[2007/07/23 12:29:30 | 000,366,592 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab3.dll
[2007/07/23 12:29:28 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab1.dll
[2007/07/23 12:29:28 | 000,378,880 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab2.dll
[2007/07/23 12:29:28 | 000,345,088 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab.dll
[2007/07/23 12:29:28 | 000,323,072 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab5.dll
[2007/07/23 12:29:28 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab6.dll
[2007/07/23 12:29:28 | 000,208,384 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab8.dll
[2007/07/23 12:29:28 | 000,208,384 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab7.dll
[2007/07/23 12:29:26 | 000,384,000 | ---- | C] () -- C:\WINDOWS\System32\PrStrTab4.dll
[2007/06/28 14:37:10 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\pwrpc32.dll
[2006/07/18 02:00:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/01/24 06:25:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/01/19 13:34:53 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2005/04/27 15:23:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2005/04/06 01:29:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2005/04/05 01:12:47 | 000,000,299 | RH-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/05 00:06:58 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/08 05:30:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[2003/04/08 05:30:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[2003/04/08 05:30:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[2003/04/08 05:30:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998/10/01 05:30:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 05:30:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 05:30:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/08/03 17:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2010/11/18 10:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avaya
[2010/08/26 14:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aventail
[2010/08/04 12:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Centra
[2008/11/15 07:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/13 17:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Greenshot
[2010/09/08 14:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Helios
[2009/11/10 06:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2010/08/09 13:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
[2009/11/10 07:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Lotus
[2010/09/23 13:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++
[2010/08/03 16:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010/08/18 10:45:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PGP Corporation
[2010/10/06 13:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Quest Software
[2010/08/04 12:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Saba
[2011/01/10 08:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\smkits
[2010/09/14 15:55:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SQL Developer
[2010/12/23 11:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2010/07/21 00:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinBatch
[2011/01/03 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2010/08/26 14:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2010/08/09 13:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/07/21 16:24:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2009/11/10 09:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IGS
[2009/11/10 07:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2010/08/18 10:44:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PGP Corporation
[2010/07/21 16:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QUALCOMM
[2010/09/14 16:04:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quest Software
[2010/09/14 16:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Raize
[2011/01/07 19:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/23 12:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/12/23 11:46:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2008/07/11 03:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{ABCF2613-B074-49B8-8A4C-5EA193A250F6}
[2008/08/22 21:16:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\IBM
[2010/08/26 11:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\PGP Corporation
[2010/12/09 10:47:21 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job
[2011/01/11 10:01:20 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >
[2009/08/13 11:14:18 | 000,472,064 | ---- | M] ( ) -- C:\RootRepeal.exe


< MD5 for: AGP440.SYS >
[2004/08/04 10:30:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/06/10 13:14:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 10:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys
[2009/06/10 13:14:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 00:06:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 10:30:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/06/10 13:14:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 10:30:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2009/06/10 13:14:20 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/04/03 16:09:42 | 000,096,384 | ---- | M] () MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\RECYCLER\S-1-5-21-1672530451-1132425436-1860271005-500\Dc25\temp\NTSPU\atapi.sys
[2007/04/03 16:09:42 | 000,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] () MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-1672530451-1132425436-1860271005-500\Dc25\temp\ERDNT\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] () MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\RECYCLER\S-1-5-21-1672530451-1132425436-1860271005-500\Dc25\temp\SPF\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:10:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 10:30:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtUninstallKB934205$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 10:30:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/11/15 09:37:52 | 000,028,672 | ---- | M] () MD5=9937F303C344C00849E8E5CA26CED439 -- C:\Program Files\client_10G\perl\site\5.8.3\lib\MSWin32-x86-multi-thread\auto\Win32\EventLog\EventLog.dll

< MD5 for: IASTOR.SYS >
[2005/10/12 17:37:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 05:42:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 10:30:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 10:30:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/06/13 21:21:24 | 000,086,528 | ---- | M] (LSI Logic) MD5=24A0901CAFCEE7343EE62565BCFB7C9A -- C:\WINDOWS\system32\drivers\symmpi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/04/05 00:04:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/04/05 00:04:03 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/04/05 00:04:03 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29

< End of report >

OTL Extras logfile created on: 11/01/2011 10:18:50 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 125.33 Gb Free Space | 84.09% Space Free | Partition Type: NTFS

Computer Name: UPSJUL2010 | User Name: Aministrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"IBMconfig" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.02.02.01
"{0698CECB-9072-47B1-AEA1-94CA350989B8}" = Symantec Client Security
"{153E2FA0-F84F-46E3-86DC-282C04600C51}" = IBM Mobility Client
"{1CB76495-23DE-4642-B392-C78687804E47}" = IBM Tivoli Storage Manager Client
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BF2C30-A7A3-47D8-9D22-F8BE72A4825B}" = Chordiant Marketing Director
"{388F6500-A541-44DB-AB89-AE9EBEE6D987}" = Lotus Notes 8.5.1
"{3FE002CF-E709-4CCB-82EF-966B6C911D6A}" = AT&T Network Client IBM
"{4004E7A9-C6AF-4A1C-A4D9-FE63F163964C}" = Questionmark Secure Browser
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44E666CF-764F-450F-93EC-BE0A824D115F}" = IBM Personal Communications
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix online plug-in (USB)
"{53A93780-6073-4207-A729-A99A30AFDE40}" = AFP Workbench for Windows
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6928A265-9EED-4F8A-8016-483A4668016A}" = IBM Infoprint Select
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757debef-635e-4076-b82b-dac22feb3c9c}" = IBM Lotus Symphony
"{75E7FEE8-16B1-4B1D-82B4-9594A38EDF76}" = IBM 32-bit Runtime Environment for Java v6
"{75EE34AF-F9EC-4F6F-94DD-6A2371E4CFFE}" = PGP Desktop
"{7681A1A9-D865-4DC0-A319-41A49F5E78DB}" = Citrix online plug-in (PNA)
"{78E83B4F-7230-4F0B-B1AD-8DDF05473D6F}" = Intel® PROSet/Wireless WiFi Software
"{7D968F83-A23F-40F7-937C-A3B5A0C44048}" = My Help - Workstation Setup Wizard
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{836670E9-61EB-4D47-9EF8-CFE936C3FE32}" = Lotus Notes 8.5.1
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}" = IBM Lotus Sametime Connect 7.5.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix online plug-in (Web)
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BAC520D7-CE81-411D-A3A2-8D9C7F2DA3EF}" = Citrix online plug-in (SSON)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF8397F0-DBC9-4E14-846A-D6ECEDC79456}" = Oracle10g RunTime Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA96F3A1-F350-11D3-B354-002035C150E4}" = ILC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C757FF-2189-46C3-9528-8864B069B192}" = Toad for Oracle
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix online plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix online plug-in (DV)
"{DEE232C7-A783-4E69-B5CF-3C87803762F2}" = Qualcomm Gobi 2000 Package for Lenovo
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{DFF415AC-3883-4338-9365-DDCB74A0CFBA}" = IBM My Help
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"082043363F1954BD06EC6A886B0B496E103B11EE" = Windows Driver Package - Intel (NETw5x32) net (03/18/2010 13.2.0.30)
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"CitrixOnlinePluginFull" = Citrix online plug-in
"CNXT_AUDIO_HDA" = Conexant 20585 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CodeSite 3.0.1 Client Tools" = CodeSite 3.0.1 Client Tools
"CutePDF Writer Installation" = CutePDF Writer 2.8
"End User Guide-Important Links_is1" = End User Guide-Important Links
"ESET Online Scanner" = ESET Online Scanner v3
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"Greenshot_is1" = Greenshot
"GSview 4.9" = GSview 4.9
"IBM Ayudame" = IBM Ayudame
"IBM IGA Demo v1.0" = IBM IGA Demo v1.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{35BF2C30-A7A3-47D8-9D22-F8BE72A4825B}" = Chordiant Marketing Director
"InstallShield_{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"InstallShield_{75E7FEE8-16B1-4B1D-82B4-9594A38EDF76}" = IBM 32-bit Runtime Environment for Java v6
"ISSI" = IBM Standard Software Installer
"Knowledge Xpert for Oracle Administration V9.1.1" = Knowledge Xpert for Oracle Administration V9.1.1
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Notepad++" = Notepad++
"OnScreenDisplay" = On Screen Display
"P2P GUI" = IBM ISMA Peer-To-Peer
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"Quest Installer" = Quest Installer
"Recuva" = Recuva
"Snapshot Viewer" = Snapshot Viewer
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.1.2
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.9
"Workstation Security Tool_is1" = Workstation Security Tool 2.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1672530451-1132425436-1860271005-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/01/2011 06:06:14 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/01/2011 06:09:54 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 03/01/2011 06:09:54 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/01/2011 06:09:54 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 03/01/2011 06:36:30 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 03/01/2011 06:43:27 | Computer Name = UPSJUL2010 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 05/01/2011 00:40:59 | Computer Name = UPSJUL2010 | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Trojan.ADH.2 in File: C:\Rajesh\work\Auto+Wecm+Script.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 05/01/2011 00:40:59 | Computer Name = UPSJUL2010 | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Trojan.ADH.2 in File: C:\Rajesh\work\Auto+Wecm+Script.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 05/01/2011 00:41:10 | Computer Name = UPSJUL2010 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Trojan.ADH.2 in File: C:\Rajesh\work\Auto+Wecm+Script.exe
by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error - 06/01/2011 10:28:02 | Computer Name = UPSJUL2010 | Source = IBM Mobility Client | ID = 131338
Description = The password is not valid.

[ System Events ]
Error - 07/01/2011 06:43:51 | Computer Name = UPSJUL2010 | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 07/01/2011 06:43:51 | Computer Name = UPSJUL2010 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 07/01/2011 07:50:24 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 08:14:27 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 09:26:33 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 09:38:33 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 10:02:33 | Computer Name = UPSJUL2010 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
VRS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{271896F9-0DFE-4D69-93.
The
master browser is stopping or an election is being forced.

Error - 07/01/2011 10:12:32 | Computer Name = UPSJUL2010 | Source = DCOM | ID = 10010
Description = The server {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C} did not register
with DCOM within the required timeout.

Error - 11/01/2011 00:50:22 | Computer Name = UPSJUL2010 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 11/01/2011 00:50:22 | Computer Name = UPSJUL2010 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 PM

Posted 12 January 2011 - 05:51 PM

Hello.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Blade


In your next reply, please include the following:
TDSSKiller Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 kingscorpio

kingscorpio
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 12 January 2011 - 11:54 PM

TDSSKiller Log as requested

2011/01/13 10:22:19.0968 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/13 10:22:19.0968 ================================================================================
2011/01/13 10:22:19.0968 SystemInfo:
2011/01/13 10:22:19.0968
2011/01/13 10:22:19.0968 OS Version: 5.1.2600 ServicePack: 3.0
2011/01/13 10:22:19.0968 Product type: Workstation
2011/01/13 10:22:19.0968 ComputerName: UPSJUL2010
2011/01/13 10:22:19.0968 UserName: Aministrator
2011/01/13 10:22:19.0968 Windows directory: C:\WINDOWS
2011/01/13 10:22:19.0968 System windows directory: C:\WINDOWS
2011/01/13 10:22:19.0968 Processor architecture: Intel x86
2011/01/13 10:22:19.0968 Number of processors: 4
2011/01/13 10:22:19.0968 Page size: 0x1000
2011/01/13 10:22:19.0968 Boot type: Normal boot
2011/01/13 10:22:19.0968 ================================================================================
2011/01/13 10:22:21.0171 Initialize success
2011/01/13 10:22:25.0406 ================================================================================
2011/01/13 10:22:25.0406 Scan started
2011/01/13 10:22:25.0406 Mode: Manual;
2011/01/13 10:22:25.0406 ================================================================================
2011/01/13 10:22:30.0656 ================================================================================
2011/01/13 10:22:30.0656 Scan finished
2011/01/13 10:22:30.0656 ================================================================================
2011/01/13 10:23:06.0093 Deinitialize success

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 PM

Posted 13 January 2011 - 03:12 PM

Hello.

Are you experiencing any other symptoms besides the periodic freezing? How often would you say the freezing occurs, and does it seem to occur while you are doing something in particular, or is it completely random?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 kingscorpio

kingscorpio
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 13 January 2011 - 11:33 PM

The freezing is random. Suddenly there will be a message like system is running low on resources and laptop hangs. If you see no infection, then I will have to look at software incompatibility issues.

Thanks again for your time.

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 PM

Posted 14 January 2011 - 04:53 AM

Hi.

Are you aware that your computer is configured to use a proxy? Is this intentional?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 kingscorpio

kingscorpio
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:02 PM

Posted 14 January 2011 - 06:38 AM

Yeah, I am using this for work.

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 PM

Posted 14 January 2011 - 06:40 AM

Hello.

In that case, I see no evidence of malware on your machine. For further assistance, you may start a new topic in the Windows XP Home and Professional forum.

Good Luck with your issue!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:02 PM

Posted 16 January 2011 - 05:40 PM

Since this issue appears to be resolved ... this Topic has been closed.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users