Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unsure of virus name

Started by SportsMomof3 , Jul 05 2009 10:09 AM

  • Please log in to reply

#1
SportsMomof3
Posted 05 July 2009 - 10:09 AM

SportsMomof3

    New Member

  • Member
  • Pip
  • 2 posts
I have read the Malware and Spyware cleaning guide. I have downloaded and ran all the cleaning tools in the guide and still unable to connect the computer to the internet. While at work Thursday, connected to the office network, the computer ran and installed Windows updates. It asked me to run a program to verify that the software was genuine software. After rebooting, I worked as normal for a few hours. The computer then began to freeze. I couldn't close, move or work in any screens. I did a hard reboot and could no longer log onto my computer. The error was something like Windows cannot log into the local user profile. After talking to a friend, i was advised to log on as admin and create a new profile. I lost some of the programs I had and couldn't connect to the internet at work or my wireless at home.

HERE ARE THE LOGS.
Malwarebytes' Anti-Malware 1.36Database version: 2046
Windows 5.1.2600 Service Pack 3

7/5/2009 11:20:50 AM
mbam-log-2009-07-05 (11-20-50).txt

Scan type: Quick Scan
Objects scanned: 111125
Time elapsed: 3 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Rooter.exe (v1.0.2) by Eric_71
.SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
.
C:\ [Fixed-NTFS] .. ( Total:89 Go - Free:45 Go )
D:\ [CD_Rom]
E:\ [Removable]
.
Scan : 11:29.52
Path : E:\Rooter.exe
User : Administrator ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (608)
______ \??\C:\WINNT\system32\csrss.exe (672)
______ \??\C:\WINNT\system32\winlogon.exe (704)
______ C:\WINNT\system32\services.exe (748)
______ C:\WINNT\system32\lsass.exe (760)
______ C:\WINNT\system32\ibmpmsvc.exe (948)
______ C:\WINNT\system32\svchost.exe (976)
______ C:\WINNT\system32\svchost.exe (1028)
______ C:\Program Files\Windows Defender\MsMpEng.exe (1068)
______ C:\WINNT\System32\svchost.exe (1108)
______ C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (1132)
______ C:\WINNT\system32\svchost.exe (1160)
______ C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (1336)
______ C:\WINNT\system32\svchost.exe (1420)
______ C:\WINNT\system32\svchost.exe (1452)
______ C:\WINNT\system32\spoolsv.exe (1620)
______ C:\WINNT\System32\SCardSvr.exe (1672)
______ C:\WINNT\system32\svchost.exe (1736)
______ C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (1780)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1820)
______ C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (1860)
______ C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe (1896)
______ C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (1924)
______ C:\Program Files\IBM\Ayudame Utility\ayudame.exe (1968)
______ C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateService.exe (1992)
______ C:\Program Files\IBM\Ayudame Utility\ayudame.exe (2004)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2032)
______ C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe (228)
______ C:\Program Files\McAfee\Common Framework\FrameworkService.exe (280)
______ C:\Program Files\Common Files\Motive\McciCMService.exe (476)
______ C:\Program Files\Network Associates\VirusScan\mcshield.exe (676)
______ C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (764)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1236)
______ C:\WINNT\system32\mfevtps.exe (1352)
______ C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (1376)
______ C:\Program Files\lotus\notes\ntmulti.exe (1520)
______ C:\WINNT\system32\nvsvc32.exe (1228)
______ C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (1908)
______ C:\WINNT\system32\svchost.exe (2208)
______ C:\WINNT\System32\TPHDEXLG.exe (2232)
______ C:\WINNT\system32\TpKmpSVC.exe (2252)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2324)
______ C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (2340)
______ C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateApp.exe (3080)
______ C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe (3104)
______ C:\WINNT\System32\alg.exe (3552)
______ C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (2116)
______ C:\WINNT\Explorer.EXE (1232)
______ C:\WINNT\system32\RUNDLL32.EXE (1288)
______ C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (1564)
______ C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (208)
______ C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (2920)
______ C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (2964)
______ C:\WINNT\system32\rundll32.exe (3396)
______ C:\Program Files\McAfee\Common Framework\udaterui.exe (3912)
______ C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (3980)
______ C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (3952)
______ C:\Program Files\Lenovo\Zoom\TpScrex.exe (3992)
______ C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (3828)
______ C:\Program Files\ATT-SST\McciTrayApp.exe (3788)
______ C:\Program Files\McAfee\Common Framework\McTray.exe (2816)
______ C:\Program Files\Windows Defender\MSASCui.exe (2412)
______ C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (2548)
______ C:\Program Files\iTunes\iTunesHelper.exe (580)
______ C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (2988)
______ C:\Program Files\iPod\bin\iPodService.exe (4164)
______ C:\Program Files\Registry Mechanic\RegMech.exe (4304)
______ C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (4380)
______ C:\Program Files\Digital Line Detect\DLG.exe (4516)
______ C:\Program Files\Windows Desktop Search\WindowsSearch.exe (4572)
______ C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (4632)
______ C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe (2148)
______ E:\Rooter.exe (5964)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:95725519360)
\Device\Harddisk0\Partition2 (Start_Offset:95725551616 | Length:4303355904)
.
----------------------\\ Scheduled Tasks
.
C:\WINNT\Tasks\AppleSoftwareUpdate.job
C:\WINNT\Tasks\desktop.ini
C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-1472859983-109138142-169162935-89756Core.job
C:\WINNT\Tasks\GoogleUpdateTaskUserS-1-5-21-1472859983-109138142-169162935-89756UA.job
C:\WINNT\Tasks\MP Scheduled Scan.job
C:\WINNT\Tasks\PMTask.job
C:\WINNT\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 11:29.53
.
C:\Rooter$\Rooter_1.txt - (05/07/2009 | 11:29.53)
---------------------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 7/5/2009 11:31:56 AM - Run 1OTL by OldTimer - Version 3.0.6.5 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 62.26% Memory free
3.81 Gb Paging File | 3.04 Gb Available in Paging File | 79.60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 89.15 Gb Total Space | 45.23 Gb Free Space | 50.73% Space Free | Partition Type: NTFS
Drive D: | 237.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.89 Gb Total Space | 1.48 Gb Free Space | 78.10% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USFLO-L-0070642
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINNT\System32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\IBM\Ayudame Utility\ayudame.exe ()
PRC - C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateService.exe (iPass, Inc.)
PRC - C:\Program Files\IBM\Ayudame Utility\ayudame.exe ()
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe ()
PRC - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (Network Associates, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINNT\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\naPrdMgr.exe (McAfee, Inc.)
PRC - C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
PRC - C:\WINNT\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINNT\System32\TPHDEXLG.exe (Lenovo.)
PRC - C:\WINNT\System32\TpKmpSVC.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateApp.exe (iPass, Inc.)
PRC - C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe (McAfee, Inc.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\WINNT\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Program Files\Lenovo\Zoom\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (McAfee, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
PRC - E:\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AcPrfMgrSvc [Auto | Running]) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (AcSvc [Auto | Running]) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Bonjour Service [Disabled | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CVPND [Auto | Running]) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (enterceptAgent [Auto | Running]) -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINNT\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Running]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hips [On_Demand | Running]) -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe (McAfee, Inc.)
SRV - (IBMFORTH [Auto | Running]) -- C:\Program Files\IBM\Ayudame Utility\ayudame.exe ()
SRV - (IBMPMSVC [Auto | Running]) -- C:\WINNT\System32\ibmpmsvc.exe (Lenovo)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPassConnectEngine [On_Demand | Stopped]) -- C:\Program Files\T-Online Business\Corporate Access\iPassConnectEngine.exe (iPass, Inc.)
SRV - (iPassPeriodicUpdateApp [On_Demand | Running]) -- C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateApp.exe (iPass, Inc.)
SRV - (iPassPeriodicUpdateService [Auto | Running]) -- C:\Program Files\T-Online Business\Corporate Access\iPassPeriodicUpdateService.exe (iPass, Inc.)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (lcfd [Auto | Running]) -- C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe ()
SRV - (McAfeeFramework [Auto | Running]) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (McShield [Auto | Running]) -- C:\Program Files\Network Associates\VirusScan\mcshield.exe (McAfee, Inc.)
SRV - (McTaskManager [Auto | Running]) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (Network Associates, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (mfevtp [Unknown | Running]) -- C:\WINNT\System32\mfevtps.exe (McAfee, Inc.)
SRV - (Multi-user Cleanup Service [Auto | Running]) -- C:\Program Files\lotus\notes\ntmulti.exe (IBM Corp)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINNT\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINNT\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SolidWorks Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (TPHDEXLGSVC [Auto | Running]) -- C:\WINNT\System32\TPHDEXLG.exe (Lenovo.)
SRV - (TpKmpSVC [Auto | Running]) -- C:\WINNT\System32\TpKmpSVC.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (ADIHdAudAddService [On_Demand | Running]) -- C:\WINNT\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (AEAudio [On_Demand | Running]) -- C:\WINNT\System32\drivers\AEAudio.sys (Andrea Electronics Corporation)
DRV - (AegisP [Auto | Running]) -- C:\WINNT\System32\DRIVERS\AegisP.sys (Cisco Systems, Inc.)
DRV - (ANC [System | Running]) -- C:\WINNT\System32\drivers\ANC.SYS (IBM Corp.)
DRV - (atmeltpm [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\atmeltpm.sys (Atmel, Inc.)
DRV - (btaudio [On_Demand | Stopped]) -- C:\WINNT\System32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINNT\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (CITMDRV [Auto | Running]) -- C:\WINNT\System32\drivers\CITMDRV.SYS ()
DRV - (CVirtA [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\CVirtA.sys (Cisco Systems, Inc.)
DRV - (CVPNDRVA [Auto | Running]) -- C:\WINNT\System32\Drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINNT\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINNT\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINNT\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINNT\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINNT\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINNT\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINNT\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINNT\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINNT\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DNE [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINNT\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINNT\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (e1express [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\e1e5132.sys (Intel Corporation)
DRV - (Firehk [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\firehk.sys (McAfee, Inc.)
DRV - (FirehkMP [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\firehk.sys (McAfee, Inc.)
DRV - (firelm01 [On_Demand | Running]) -- C:\WINNT\System32\drivers\firelm01.sys (McAfee, Inc.)
DRV - (FirePM [Boot | Running]) -- C:\WINNT\system32\Drivers\FirePM.sys (McAfee, Inc.)
DRV - (FireTDI [System | Running]) -- C:\WINNT\System32\Drivers\FireTDI.sys (McAfee, Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HIPK [On_Demand | Running]) -- C:\WINNT\System32\drivers\HIPK.sys (McAfee, Inc.)
DRV - (HIPPSK [On_Demand | Running]) -- C:\WINNT\System32\drivers\HIPPSK.sys (McAfee, Inc.)
DRV - (HIPQK [On_Demand | Running]) -- C:\WINNT\System32\drivers\HIPQK.sys (McAfee, Inc.)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (iaStor [Boot | Running]) -- C:\WINNT\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (IBMPMDRV [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ibmpmdrv.sys (Lenovo.)
DRV - (IBMTPCHK [System | Running]) -- C:\WINNT\System32\Drivers\IBMBLDID.sys ()
DRV - (iPassP [Auto | Running]) -- C:\WINNT\System32\DRIVERS\iPassP.sys (Cisco Systems, Inc.)
DRV - (LenovoRd [On_Demand | Running]) -- C:\WINNT\System32\Drivers\LenovoRd.sys (Lenovo)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINNT\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mfeapfk [On_Demand | Stopped]) -- C:\WINNT\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfehidk [Boot | Running]) -- C:\WINNT\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfetdik [System | Running]) -- C:\WINNT\System32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (motccgp [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\motccgp.sys (Motorola)
DRV - (motccgpfl [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\motccgpfl.sys (Motorola)
DRV - (MotDev [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\motodrv.sys (Motorola Inc)
DRV - (motmodem [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (motport [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\motport.sys (Motorola)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (NaiAvFilter1 [On_Demand | Running]) -- C:\WINNT\System32\drivers\naiavf5x.sys (McAfee Inc.)
DRV - (NaiAvTdi1 [System | Running]) -- C:\WINNT\System32\drivers\mvstdi5x.sys (McAfee Inc.)
DRV - (NETw4x32 [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\NETw4x32.sys (Intel Corporation)
DRV - (nm [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\NMnt.sys (Microsoft Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINNT\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rimmptsk [Auto | Running]) -- C:\WINNT\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\WINNT\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\WINNT\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (s24trans [Auto | Running]) -- C:\WINNT\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Shockprf [Boot | Running]) -- C:\WINNT\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (SynTP [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (TPDIGIMN [Boot | Running]) -- C:\WINNT\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (TPHKDRV [System | Running]) -- C:\WINNT\System32\DRIVERS\TPHKDRV.sys (Lenovo Group Limited)
DRV - (TPPWRIF [System | Running]) -- C:\WINNT\System32\drivers\Tppwrif.sys ()
DRV - (TSMAPIP [System | Running]) -- C:\WINNT\System32\drivers\TSMAPIP.SYS ()
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINNT\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbser [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (usbsermptxp [On_Demand | Stopped]) -- C:\WINNT\System32\DRIVERS\usbsermptxp.sys (Microsoft Corporation)
DRV - (vsdatant [On_Demand | Stopped]) -- C:\WINNT\System32\vsdatant.sys (Zone Labs LLC)
DRV - (wceusbsh [System | Stopped]) -- C:\WINNT\System32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - (WIBUKEY [Auto | Running]) -- C:\WINNT\System32\DRIVERS\Wibukey.sys (WIBU-SYSTEMS AG)
DRV - (winachsf [On_Demand | Running]) -- C:\WINNT\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.microsoft...mp;Ar=ie5update
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/09 08:00:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/28 19:58:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/02 15:42:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/21 18:16:48 | 00,000,000 | ---D | M]

[2009/06/11 06:53:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/01/08 22:42:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/28 19:58:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/09 08:00:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/03/28 19:58:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/03/28 19:58:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2007/09/16 02:35:01 | 00,066,408 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/09/16 02:35:02 | 00,054,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/09/16 02:35:02 | 00,034,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2007/09/16 02:35:03 | 00,046,456 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2007/09/16 02:35:04 | 00,171,880 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/01/09 08:00:03 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/01/16 02:28:50 | 00,155,648 | ---- | M] (Solidworks Corporation) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2007/09/16 02:35:05 | 00,022,400 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/20 00:55:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/20 00:55:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/20 00:55:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/20 00:55:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/20 00:55:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/20 00:55:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/20 00:55:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/09/14 21:14:20 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2007/09/14 21:14:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/09/14 21:14:20 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2007/09/14 21:14:20 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2007/09/14 21:14:20 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2007/09/14 21:14:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [ShStatEXE] File not found
O4 - HKLM..\Run: [SwdisUsrPCN.usflo-l-0070642] C:\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe ()
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINNT\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = ABB Minimum Security Baseline
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = Only ABB authorized personnel are permitted to access this machine
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1233033641734 (MUCatalogWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americas.abb.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINNT\System32\CSGina.dll ()
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (TivoliAP) - C:\WINNT\System32\TivoliAP.dll (IBM Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/20 09:16:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/21 13:36:26 | 00,000,079 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f92a6c82-68c7-11de-8217-00215c8c9c53}\Shell\AutoRun\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{f92a6c82-68c7-11de-8217-00215c8c9c53}\Shell\install\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{f92a6c82-68c7-11de-8217-00215c8c9c53}\Shell\usermanualEnglish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{f92a6c82-68c7-11de-8217-00215c8c9c53}\Shell\usermanualFrench\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O33 - MountPoints2\{f92a6c82-68c7-11de-8217-00215c8c9c53}\Shell\usermanualSpanish\command - "" = E:\rcaeasyrip_setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2049/12/31 16:00:00 | 00,123,989 | ---- | C] () -- C:\Data\sleepy.jpg
[2009/07/05 11:29:53 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/05 11:22:56 | 00,039,745 | ---- | C] () -- C:\WINNT\System32\api_hook_list.dat
[2009/07/05 11:22:52 | 00,038,016 | ---- | C] (McAfee, Inc.) -- C:\WINNT\System32\HIPIS0e0118e.dll
[2009/07/05 11:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/07/05 11:13:40 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/07/05 11:12:06 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/07/05 11:12:06 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/07/05 11:12:06 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/04 14:41:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2009/07/03 23:12:26 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/07/03 23:12:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/03 21:15:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2009/07/03 21:09:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/03 21:08:58 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/07/03 21:08:57 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\STKIT432.DLL
[2009/07/03 21:08:55 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/07/03 20:34:03 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/07/03 20:33:05 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/07/03 20:25:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/03 20:25:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/07/02 20:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/07/02 20:41:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ABB
[2009/07/02 20:02:01 | 00,000,636 | R--- | C] () -- C:\WINNT\swdis.bak
[2009/07/02 18:47:41 | 00,011,154 | ---- | C] () -- C:\Data\cc_20090702_184738.reg
[2009/07/02 18:28:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2009/07/02 18:28:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ATTTOOLBAR
[2009/07/02 18:15:41 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/07/02 18:01:50 | 21,289,16480 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/02 16:10:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Google
[2009/07/02 15:58:59 | 00,050,374 | ---- | C] () -- C:\Data\cc_20090702_155856.reg
[2009/07/02 15:23:43 | 00,000,000 | -HSD | C] -- C:\found.001
[2009/07/02 15:16:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2009/07/02 15:16:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2009/07/02 15:16:48 | 00,275,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/02 15:13:53 | 00,000,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2009/07/02 14:51:51 | 00,000,000 | -HSD | C] -- C:\found.000
[2009/07/01 08:50:03 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ieproxy.dll
[2009/07/01 08:50:03 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\xpshims.dll
[2009/07/01 08:38:16 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\mucltui.dll
[2009/07/01 08:38:16 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\muweb.dll
[2009/07/01 08:38:16 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\mucltui.dll.mui
[2009/06/30 23:08:25 | 00,000,986 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-1472859983-109138142-169162935-89756UA.job
[2009/06/30 23:08:25 | 00,000,934 | ---- | C] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-1472859983-109138142-169162935-89756Core.job
[2009/06/23 23:22:45 | 00,049,935 | ---- | C] () -- C:\Data\G-reg.jpg
[2009/06/23 13:31:46 | 00,010,752 | ---- | C] () -- C:\WINNT\System32\drivers\CITMDRV.SYS
[2009/06/23 12:18:17 | 00,117,024 | ---- | C] (McAfee Inc.) -- C:\WINNT\System32\drivers\naiavf5x.sys
[2009/06/23 12:18:17 | 00,059,904 | ---- | C] (McAfee Inc.) -- C:\WINNT\System32\drivers\mvstdi5x.sys
[2009/06/22 08:16:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/06/19 10:36:04 | 00,024,576 | ---- | C] () -- C:\Data\On June 12.doc
[2009/06/19 02:18:34 | 06,316,586 | ---- | C] () -- C:\Data\Drake feat. Lil' Wayne - Ransom .mp3
[2009/06/19 02:12:42 | 02,542,862 | ---- | C] () -- C:\Data\Drake_-_Brand_New.mp3
[2009/06/19 01:50:31 | 03,266,350 | ---- | C] () -- C:\Data\02)__Say_Whats_Real_Prod_by_Kanye_West.mp3
[2009/06/19 01:37:33 | 04,594,624 | ---- | C] () -- C:\Data\Beyonce_-_Ego_(Remix)_feat._Kanye_West_-_HotNewHipHop.com.mp3
[2009/06/18 12:12:19 | 00,000,000 | ---- | C] () -- C:\Data\suavee'.jpg
[2009/06/18 12:11:55 | 00,509,330 | ---- | C] () -- C:\Data\Instinct 023.jpg
[2009/06/18 12:09:16 | 00,010,022 | ---- | C] () -- C:\Data\Alpha '93.jpg
[2009/06/15 13:36:24 | 00,024,576 | ---- | C] () -- C:\Data\make2ofem.doc
[2009/06/11 00:44:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\3A3C8
[2009/06/11 00:44:53 | 00,000,000 | ---D | C] -- C:\Data\My Received Files
[2009/06/11 00:44:53 | 00,000,000 | ---D | C] -- C:\Data\iMesh
[2009/06/11 00:44:30 | 00,483,328 | ---- | C] (SoftShape Development) -- C:\WINNT\System32\actskn45.ocx
[2009/06/10 23:11:58 | 00,000,000 | ---D | C] -- C:\Program Files\GameTop.com
[2009/06/09 10:53:33 | 00,001,601 | ---- | C] () -- C:\Data\me.jpg
[2009/05/18 16:20:55 | 00,000,000 | ---- | C] () -- C:\WINNT\eDrawingOfficeAutomator.INI
[2009/03/15 23:07:06 | 00,000,062 | ---- | C] () -- C:\WINNT\PrintWorkShop2009.ini
[2009/02/09 23:53:09 | 00,077,895 | ---- | C] () -- C:\WINNT\System32\unibus_tcutil.dll
[2009/01/13 22:00:51 | 00,000,001 | ---- | C] () -- C:\WINNT\System32\medsrv32.dll
[2009/01/06 13:17:55 | 00,000,049 | ---- | C] () -- C:\WINNT\ccolwiz.ini
[2008/12/15 15:47:06 | 00,000,028 | ---- | C] () -- C:\WINNT\pdf995.ini
[2008/12/15 15:46:05 | 00,000,101 | ---- | C] () -- C:\WINNT\wpd99.drv
[2008/12/15 15:45:31 | 00,147,506 | ---- | C] () -- C:\WINNT\System32\pdfmona.dll
[2008/12/15 15:45:31 | 00,050,364 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll
[2008/12/09 16:18:47 | 00,014,147 | ---- | C] () -- C:\WINNT\SAPLOGON_20081209_1518.INI
[2008/12/09 13:41:03 | 00,639,052 | ---- | C] () -- C:\WINNT\System32\BBPDFPortMon.dll
[2008/12/09 10:33:16 | 00,000,072 | ---- | C] () -- C:\WINNT\webica.ini
[2008/12/05 13:30:48 | 00,014,147 | ---- | C] () -- C:\WINNT\SAPLOGON_20081205_1230.INI
[2008/12/02 10:49:38 | 00,000,636 | ---- | C] () -- C:\WINNT\swdis.ini
[2008/12/01 16:05:17 | 00,006,559 | ---- | C] () -- C:\WINNT\SAPLOGON_20081201_1505.INI
[2008/12/01 16:05:08 | 00,014,147 | ---- | C] () -- C:\WINNT\saplogon.ini
[2008/12/01 16:05:08 | 00,000,466 | ---- | C] () -- C:\WINNT\sapmsg.ini
[2008/12/01 15:44:30 | 00,000,280 | ---- | C] () -- C:\WINNT\System32\epoPGPsdk.dll.sig
[2008/03/26 07:57:59 | 00,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2008/03/20 17:07:10 | 00,000,620 | ---- | C] () -- C:\WINNT\win.ini
[2008/03/20 17:07:08 | 00,000,227 | ---- | C] () -- C:\WINNT\system.ini
[2008/03/20 10:36:47 | 00,000,041 | ---- | C] () -- C:\WINNT\CSERVE.INI
[2008/03/20 10:24:11 | 00,000,057 | ---- | C] () -- C:\WINNT\System32\oeminfo.ini
[2008/03/20 10:23:37 | 00,000,219 | ---- | C] () -- C:\WINNT\multi.ini
[2008/03/20 10:04:32 | 00,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2008/03/20 09:34:10 | 00,204,800 | ---- | C] () -- C:\WINNT\System32\IVIresizeW7.dll
[2008/03/20 09:34:10 | 00,200,704 | ---- | C] () -- C:\WINNT\System32\IVIresizeA6.dll
[2008/03/20 09:34:10 | 00,192,512 | ---- | C] () -- C:\WINNT\System32\IVIresizeP6.dll
[2008/03/20 09:34:10 | 00,192,512 | ---- | C] () -- C:\WINNT\System32\IVIresizeM6.dll
[2008/03/20 09:34:10 | 00,188,416 | ---- | C] () -- C:\WINNT\System32\IVIresizePX.dll
[2008/03/20 09:34:10 | 00,020,480 | ---- | C] () -- C:\WINNT\System32\IVIresize.dll
[2008/03/20 09:33:39 | 00,000,126 | ---- | C] () -- C:\WINNT\wininit.ini
[2008/03/20 09:31:21 | 00,007,168 | ---- | C] () -- C:\WINNT\System32\drivers\TSMAPIP.SYS
[2008/03/20 09:31:04 | 00,004,442 | ---- | C] () -- C:\WINNT\System32\drivers\TPPWRIF.SYS
[2008/03/20 09:27:35 | 00,016,480 | ---- | C] () -- C:\WINNT\System32\rixdicon.dll
[2008/03/20 09:26:49 | 00,077,824 | ---- | C] () -- C:\WINNT\System32\SynTPCoI.dll
[2008/03/20 09:26:38 | 00,004,224 | ---- | C] () -- C:\WINNT\System32\drivers\IBMBLDID.sys
[2008/03/20 08:50:52 | 01,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2008/03/20 08:50:51 | 01,703,936 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2008/03/20 08:50:50 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2008/03/20 08:50:49 | 01,474,560 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2008/02/13 14:02:40 | 00,015,872 | ---- | C] () -- C:\WINNT\System32\vtssm32.dll
[2008/02/13 14:02:12 | 01,064,960 | ---- | C] () -- C:\WINNT\System32\h5krnl32.dll
[2008/02/13 14:02:12 | 00,188,928 | ---- | C] () -- C:\WINNT\System32\h5icon32.dll
[2008/02/13 14:02:12 | 00,175,616 | ---- | C] () -- C:\WINNT\System32\h5menu32.dll
[2008/02/13 14:02:12 | 00,095,744 | ---- | C] () -- C:\WINNT\System32\h5rtf32.dll
[2008/02/13 14:02:12 | 00,051,200 | ---- | C] () -- C:\WINNT\System32\h5tool32.dll
[2007/11/26 11:56:04 | 02,842,624 | ---- | C] () -- C:\WINNT\System32\btwicons.dll
[2007/11/26 11:43:48 | 00,077,824 | ---- | C] () -- C:\WINNT\System32\btprn2k.dll
[2007/10/29 10:43:36 | 00,000,000 | ---- | C] () -- C:\WINNT\System32\px.ini
[2007/07/16 07:58:10 | 00,197,408 | ---- | C] () -- C:\WINNT\System32\vpnapi.dll
[2007/07/16 07:58:00 | 00,193,312 | ---- | C] () -- C:\WINNT\System32\CSGina.dll
[2005/02/17 07:41:32 | 00,000,603 | ---- | C] () -- C:\WINNT\System32\BTNeighborhood.dll.manifest
[2005/02/17 07:41:30 | 00,000,593 | ---- | C] () -- C:\WINNT\System32\btcss.dll.manifest
[2001/11/14 08:56:00 | 01,802,240 | ---- | C] () -- C:\WINNT\System32\lcppn21.dll
[2000/09/18 16:50:28 | 00,202,752 | ---- | C] () -- C:\WINNT\System32\zlib.dll

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 00,123,989 | ---- | M] () -- C:\Data\sleepy.jpg
[2009/07/05 11:25:36 | 00,000,330 | -H-- | M] () -- C:\WINNT\tasks\MP Scheduled Scan.job
[2009/07/05 11:24:19 | 00,002,443 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/07/05 11:24:03 | 00,000,636 | R--- | M] () -- C:\WINNT\swdis.bak
[2009/07/05 11:23:55 | 00,000,310 | ---- | M] () -- C:\WINNT\tasks\PMTask.job
[2009/07/05 11:23:46 | 00,002,278 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/07/05 11:22:56 | 00,039,745 | ---- | M] () -- C:\WINNT\System32\api_hook_list.dat
[2009/07/05 11:22:37 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/07/05 11:22:33 | 00,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2009/07/05 11:22:29 | 21,289,16480 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/05 11:13:14 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2009/07/05 11:13:14 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2009/07/05 11:13:00 | 00,000,986 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-1472859983-109138142-169162935-89756UA.job
[2009/07/03 23:13:00 | 00,000,934 | ---- | M] () -- C:\WINNT\tasks\GoogleUpdateTaskUserS-1-5-21-1472859983-109138142-169162935-89756Core.job
[2009/07/03 23:12:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/07/03 21:08:58 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/07/03 20:34:03 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2009/07/03 11:49:02 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2009/07/02 20:17:46 | 04,317,114 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/07/02 18:47:46 | 00,011,154 | ---- | M] () -- C:\Data\cc_20090702_184738.reg
[2009/07/02 15:59:06 | 00,050,374 | ---- | M] () -- C:\Data\cc_20090702_155856.reg
[2009/07/02 15:16:48 | 00,275,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/02 15:13:53 | 00,000,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk
[2009/07/02 10:17:14 | 00,000,072 | ---- | M] () -- C:\WINNT\webica.ini
[2009/07/02 09:19:44 | 00,715,152 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2009/07/01 14:32:06 | 00,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2009/06/30 22:46:41 | 00,000,664 | ---- | M] () -- C:\WINNT\System32\d3d9caps.dat
[2009/06/29 04:48:43 | 00,002,133 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/23 23:22:45 | 00,049,935 | ---- | M] () -- C:\Data\G-reg.jpg
[2009/06/19 10:43:21 | 00,024,576 | ---- | M] () -- C:\Data\On June 12.doc
[2009/06/19 02:18:34 | 06,316,586 | ---- | M] () -- C:\Data\Drake feat. Lil' Wayne - Ransom .mp3
[2009/06/19 01:50:33 | 03,266,350 | ---- | M] () -- C:\Data\02)__Say_Whats_Real_Prod_by_Kanye_West.mp3
[2009/06/19 01:37:33 | 04,594,624 | ---- | M] () -- C:\Data\Beyonce_-_Ego_(Remix)_feat._Kanye_West_-_HotNewHipHop.com.mp3
[2009/06/18 12:12:20 | 00,000,000 | ---- | M] () -- C:\Data\suavee'.jpg
[2009/06/18 12:11:58 | 00,509,330 | ---- | M] () -- C:\Data\Instinct 023.jpg
[2009/06/18 12:09:17 | 00,010,022 | ---- | M] () -- C:\Data\Alpha '93.jpg
[2009/06/15 13:36:24 | 00,024,576 | ---- | M] () -- C:\Data\make2ofem.doc
[2009/06/09 10:53:37 | 00,001,601 | ---- | M] () -- C:\Data\me.jpg
[2009/06/08 17:55:20 | 00,037,376 | ---- | M] () -- C:\Data\HARDWARE CONVERSION TABLE.xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
-----------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 7/5/2009 11:31:56 AM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.98 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 62.26% Memory free
3.81 Gb Paging File | 3.04 Gb Available in Paging File | 79.60% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 89.15 Gb Total Space | 45.23 Gb Free Space | 50.73% Space Free | Partition Type: NTFS
Drive D: | 237.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 1.89 Gb Total Space | 1.48 Gb Free Space | 78.10% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USFLO-L-0070642
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.scr [@ = AutoCADScriptFile] -- C:\WINNT\NOTEPAD.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service (McAfee, Inc.)
C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe:*:Enabled:lcfd ()
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Tivoli\lcf\dat\1\Mobile\mobile.exe:*:Enabled:mobile ()
C:\Tivoli\lcf\bin\w32-ix86\tools\jre\1.3.0\bin\java.exe:*:Enabled:java ()
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe:*:Enabled:lcfd ()
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh File not found
C:\Program Files\att-nap\McciBrowser.exe:*:Enabled:motivebrowser.exe (Motive Communications, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0FF56548-15FE-4CAF-BF0A-71929DA491FE}" = SAP INI Files 1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F3D7C3E-573E-4F6A-8A63-BC404E2A45CF}" = SolidWorks 2007 SP05
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{243E19C5-A134-480A-AAC8-FE1923CD1487}_is1" = PhotoManager
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2FDF57C2-7D7C-4952-8141-E561F9A80405}" = Print Workshop 2009
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CC64AE5-2B4C-4F34-BAA0-EFB905199898}" = ABB ScreenSaver Delay Program
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002
"{5864B49E-03FC-481E-89B7-A6664CC2ACB4}" = eDrawings 2008
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7E85840D-3E9C-456F-896A-417982F344D7}" = GIA
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{81B3BEF9-5D97-4096-86E9-5B48A5BC32D0}" = Motorola Driver Installation 3.4.0
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{881EA2C2-265F-4BAC-92FD-9314BB94820F}" = Intel® PRO Network Connections 12.0.41.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8CC5BF82-4DD4-11D4-A39F-00C04F05E3F0}" = Motorola PST
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{8F5F8B07-50AC-401F-A441-A37740851A5C}" = Citrix ICA Client
"{8F77C6E9-2D34-4A93-BE8C-0F283C422659}" = RSD_LITE_3_3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A163F878-A93B-4E19-A023-612F0244A444}" = IBM Ayudame
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC9E0FD0-260C-4C31-A805-0DFDDEA169EE}" = SAPGUI 7.1
"{AF4967C0-B0D8-11D4-95B5-000629B598DC}" = Tivoli Mobile Computing
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BE2E59E9-DB64-4E8C-938B-3A49A8B4B757}" = Lotus Notes 7.0.3
"{C0DB380B-97B5-4BB8-AC8D-1835E61439B6}" = Microsoft redistributable runtime DLLs VS2005(x86)
"{C1E26EED-CC8B-4371-9CC7-AD8A5814B4B2}" = IE5 Registration
"{C2CDE75C-CA51-4335-9C13-84C00E6093A5}" = Windows Media Player Enterprise Deployment
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8F728D0-C3F0-42EB-BBC2-C4A38A577CB1}" = Motorola Phone Tools
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F2969393-2D4D-4977-8166-B1251B08EF12}" = McAfee Agent
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F85B6E83-276C-4932-9B3C-F64F8D0576F9}" = IBM Lotus Sametime Connect 7.5
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ABB ScreenSaver" = ABB ScreenSaver
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATT-SST" = AT&T Self Support Tool
"ATTToolbar" = AT&T Toolbar
"Audacity_is1" = Audacity 1.2.6
"Canon iP2600 series User Registration" = Canon iP2600 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Free FLV Converter_is1" = Free FLV Converter V 5.9.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (2.0.0.7)" = Mozilla Firefox (2.0.0.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"Pdf995" = Pdf995
"PdfEdit995" = PdfEdit995
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel® PROSet/Wireless Software
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! IE Suggest" = Yahoo! Search Suggest Add-on for IE7
"Yahoo! Mail" = AT&T Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2009 11:09:49 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script AC.bat. The system cannot find
the file specified. .

Error - 7/5/2009 11:09:49 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script PCstartup.bat. The system cannot
find the file specified. .

Error - 7/5/2009 11:10:49 AM | Computer Name = USFLO-L-0070642 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4333d6d8, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.

Error - 7/5/2009 11:21:16 AM | Computer Name = USFLO-L-0070642 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/5/2009 11:21:26 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script RegFix.bat. The system cannot
find the file specified. .

Error - 7/5/2009 11:22:37 AM | Computer Name = USFLO-L-0070642 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/5/2009 11:22:38 AM | Computer Name = USFLO-L-0070642 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/5/2009 11:22:59 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script remove_setdns.bat. The system
cannot find the file specified. .

Error - 7/5/2009 11:22:59 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script AC.bat. The system cannot find
the file specified. .

Error - 7/5/2009 11:22:59 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script PCstartup.bat. The system cannot
find the file specified. .

[ Application Events ]
Error - 7/5/2009 11:09:49 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script AC.bat. The system cannot find
the file specified. .

Error - 7/5/2009 11:09:49 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script PCstartup.bat. The system cannot
find the file specified. .

Error - 7/5/2009 11:10:49 AM | Computer Name = USFLO-L-0070642 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 sysrestorepoint.exe, P2 1.3.0.0, P3 485da791,
P4 microsoft.visualbasic, P5 8.0.0.0, P6 4333d6d8, P7 5e, P8 1e1, P9 34ssps20bdj3nj0wmit5kamzhvglfzcc,
P10 NIL.

Error - 7/5/2009 11:21:16 AM | Computer Name = USFLO-L-0070642 | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 7/5/2009 11:21:26 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script RegFix.bat. The system cannot
find the file specified. .

Error - 7/5/2009 11:22:37 AM | Computer Name = USFLO-L-0070642 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 7/5/2009 11:22:38 AM | Computer Name = USFLO-L-0070642 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/5/2009 11:22:59 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script remove_setdns.bat. The system
cannot find the file specified. .

Error - 7/5/2009 11:22:59 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script AC.bat. The system cannot find
the file specified. .

Error - 7/5/2009 11:22:59 AM | Computer Name = USFLO-L-0070642 | Source = UserInit | ID = 1000
Description = Could not execute the following script PCstartup.bat. The system cannot
find the file specified. .

[ System Events ]
Error - 7/3/2009 9:00:53 PM | Computer Name = USFLO-L-0070642 | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 7/4/2009 2:10:51 PM | Computer Name = USFLO-L-0070642 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AMERICAS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/4/2009 2:11:44 PM | Computer Name = USFLO-L-0070642 | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 7/5/2009 10:43:53 AM | Computer Name = USFLO-L-0070642 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AMERICAS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/5/2009 10:44:44 AM | Computer Name = USFLO-L-0070642 | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 7/5/2009 11:09:26 AM | Computer Name = USFLO-L-0070642 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AMERICAS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/5/2009 11:10:16 AM | Computer Name = USFLO-L-0070642 | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.

Error - 7/5/2009 11:19:47 AM | Computer Name = USFLO-L-0070642 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/5/2009 11:22:37 AM | Computer Name = USFLO-L-0070642 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain AMERICAS due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 7/5/2009 11:23:27 AM | Computer Name = USFLO-L-0070642 | Source = DCOM | ID = 10010
Description = The server {204810B9-73B2-11D4-BF42-00B0D0118B56} did not register
with DCOM within the required timeout.


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP