Malwarebytes' Anti-Malware 1.40
Database version: 2714
Windows 5.1.2600 Service Pack 2
8/31/2009 1:07:15 AM
mbam-log-2009-08-31 (01-07-15).txt
Scan type: Full Scan (C:\|)
Objects scanned: 586713
Time elapsed: 4 hour(s), 5 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/30 20:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================
Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xEB3BC000 Size: 876544 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC96D000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0xfbf826f0
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xec8f7350
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xec8f7580
==EOF==
OTL logfile created on: 8/30/2009 8:55:08 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = F:\utilities\SpywareCleanup
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 97.96% Memory free
4.00 Gb Paging File | 3.87 Gb Available in Paging File | 96.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 7.41 Gb Free Space | 7.95% Space Free | Partition Type: NTFS
Drive D: | 449.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 979.72 Mb Total Space | 377.09 Mb Free Space | 38.49% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IBM-3131ABEDCD3
Current User Name: artate
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2008/03/31 17:10:40 | 00,036,640 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\ibmpmsvc.exe
PRC - [2008/11/10 22:17:48 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/07/19 19:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/11/10 22:17:48 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/07/19 19:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2006/09/27 14:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2006/08/07 16:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\trcboot.exe
PRC - [2005/09/06 05:07:18 | 00,036,864 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
PRC - [2009/04/17 14:22:06 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/03/24 17:08:08 | 00,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\System32\acs.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 13:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/08 10:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
PRC - [2006/09/27 20:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2005/07/26 18:51:22 | 00,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/07/29 11:54:05 | 00,069,632 | ---- | M] () -- C:\Program Files\IBM\SDP70\runtimes\base_v61\bin\wasservice.exe
PRC - [2009/07/23 16:47:15 | 00,433,392 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe
PRC - [2009/06/01 09:40:00 | 00,242,928 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004/08/04 01:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
PRC - [2008/08/08 17:53:42 | 00,058,760 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe
PRC - [2008/10/09 13:31:02 | 00,562,456 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe
PRC - [2008/01/17 09:23:16 | 00,059,392 | ---- | M] (Web Meeting) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
PRC - [2006/09/27 20:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 20:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 14:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2005/06/20 08:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE
PRC - [2008/12/28 09:58:28 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe
PRC - [2009/04/16 13:41:28 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2006/11/24 05:29:56 | 00,043,752 | ---- | M] (IBM) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\ldlcserv.exe
PRC - [2009/04/17 14:22:12 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2004/08/04 01:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/08/18 19:45:42 | 00,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2009/04/17 14:23:28 | 00,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/07/23 16:47:35 | 00,281,840 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\isamtray.exe
PRC - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] () -- C:\Program Files\IBM\Personal Communications\tpam.exe
PRC - [2006/12/11 20:04:40 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/12/11 20:04:38 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/24 10:15:04 | 00,068,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/03/24 14:41:22 | 00,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2006/12/11 20:07:32 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2009/04/17 14:20:14 | 00,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/04/17 14:15:02 | 00,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/03/15 15:04:48 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\System32\TpShocks.exe
PRC - [2004/01/27 21:04:00 | 00,118,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2006/07/19 19:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/09/27 20:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2009/03/13 05:00:40 | 00,184,371 | ---- | M] () -- C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.19\pmonmh.exe
PRC - [2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2005/05/20 09:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/07/28 16:10:48 | 00,087,592 | ---- | M] (IBM) -- C:\Program Files\IBM\SDP70\runtimes\base_v61\java\bin\java.exe
PRC - [2009/04/16 04:04:00 | 00,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/12/27 12:33:09 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/16 09:02:11 | 00,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
PRC - [2008/08/18 19:45:42 | 00,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007/10/03 09:57:28 | 03,863,296 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/03 09:57:26 | 00,430,848 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/03/13 05:02:48 | 00,057,344 | ---- | M] () -- C:\Program Files\IBM\My Help\MyHelp.exe
PRC - [2008/07/30 16:24:48 | 00,088,544 | ---- | M] (IBM) -- C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe
PRC - [2004/08/04 01:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2004/08/04 01:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/08/04 01:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2009/06/30 09:55:40 | 02,329,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe
PRC - File not found -- C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.06_
PRC - File not found -- C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.03_
PRC - [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009/08/30 20:38:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- F:\utilities\SpywareCleanup\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2009/04/17 14:22:06 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
SRV - [2009/03/24 17:08:08 | 00,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\System32\acs.exe -- (acs [Auto | Running])
SRV - [2009/04/17 14:22:12 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/06 05:07:18 | 00,032,768 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\appnnode.exe -- (AppnNode [On_Demand | Stopped])
SRV - File not found -- -- (artstartsvc [Auto | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/11/10 22:17:48 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - File not found -- -- (BCSApache [Auto | Stopped])
SRV - [2008/12/12 13:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/08/18 19:45:42 | 00,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2006/07/19 19:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/07/19 19:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])
SRV - [2006/07/19 19:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/08 10:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe -- (DCDClient-ISSI [Auto | Running])
SRV - [2006/09/27 20:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2005/07/26 18:51:22 | 00,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2009/03/24 09:39:04 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 01:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/31 17:10:40 | 00,036,640 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2009/07/29 11:54:05 | 00,069,632 | ---- | M] () -- C:\Program Files\IBM\SDP70\runtimes\base_v61\bin\wasservice.exe -- (IBMWAS61Service - IBM-3131ABEDCD3Node01 [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/03 20:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - File not found -- -- (ISAMsmt [Auto | Stopped])
SRV - [2009/07/23 16:47:15 | 00,433,392 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc [Auto | Running])
SRV - [2009/06/01 09:40:00 | 00,242,928 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe -- (ISSIMon [Auto | Running])
SRV - [2006/09/27 14:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - File not found -- -- (JbossService [Auto | Stopped])
SRV - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\ldlcserv.exe -- (ldlcserv [Auto | Running])
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2005/09/23 08:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2008/08/08 17:53:42 | 00,058,760 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe -- (Multi-user Cleanup Service [Auto | Running])
SRV - [2008/02/28 13:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/10/09 13:31:02 | 00,562,456 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe -- (netcfgsvr [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 07:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/02/28 13:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/04/16 13:41:28 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service [Auto | Running])
SRV - [2008/01/17 09:23:16 | 00,059,392 | ---- | M] (Web Meeting) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe -- (RDIConverterPrintHelper [Auto | Running])
SRV - [2006/09/27 20:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - [2006/08/07 16:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
SRV - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2006/09/27 20:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2006/09/27 14:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto | Running])
SRV - [2005/06/20 08:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE -- (TPHDEXLGSVC [Auto | Running])
SRV - [2008/12/28 09:58:28 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])
SRV - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\trcboot.exe -- (TrcBoot [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;<local>
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.no_proxies_on: ";"
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/12/22 14:26:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/07 11:39:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 09:32:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 09:32:57 | 00,000,000 | ---D | M]
[2008/08/27 14:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Extensions
[2008/08/27 14:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/15 19:43:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\eclipse\extensions
[2007/08/20 15:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\eclipse1\extensions
[2009/08/30 20:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions
[2009/07/10 09:54:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\{de6baed3-43f9-4709-98f9-3978ba7e1c7e}(2)
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]\chrome
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]\components
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]\defaults
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]\platform
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]\searchplugins
[2009/04/01 09:45:36 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\artate\Application Data\Mozilla\FireFox\Profiles\qa2n2p8y.default\searchplugins\dogear-search.xml
[2009/08/30 20:43:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 09:32:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/07 11:40:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/29 02:59:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\chrome
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\components
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\defaults
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\platform
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\searchplugins
[2009/08/05 09:32:46 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 09:32:46 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/07/31 07:47:04 | 00,186,880 | ---- | M] (IBM) -- C:\Program Files\mozilla firefox\plugins\npcpsweb.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 16:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/05 09:32:48 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 21:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 23:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/15 11:41:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/10/07 21:28:31 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/04/30 14:34:10 | 00,238,944 | ---- | M] (IBM ) -- C:\Program Files\mozilla firefox\plugins\npwdplugin.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (747 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [C4EBReg] C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISAMTray] C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe ()
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.19\pmonmh.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20080827-1548\preload.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [stgclean] c:\sdwork\w32main2.exe (IBM Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\tp4ex.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Tpam.exe] C:\Program Files\IBM\Personal Communications\tpam.exe ()
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\artate\Start Menu\Programs\Startup\World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://www-1.ibm.com/qp2.cab (QuickPlace Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229972323828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1229972311234 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} http://w3.ibm.com/bl...lnwebassist.cab (LNWebAssist Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http:// (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\atmgrtok: DllName - atmgrtok.dll - C:\Program Files\IBM\Personal Communications\atmgrtok.dll (IBM Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\System32\pcsinst.dll (IBM Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 13:44:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2009/08/30 19:59:18 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/08/30 10:27:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/08/30 10:00:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/29 22:11:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\artate\Application Data\Malwarebytes
[2009/08/29 22:11:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/29 22:11:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/29 22:11:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/29 22:11:39 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/29 22:11:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/29 21:54:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/29 21:53:53 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\artate\Desktop\NTREGOPT.lnk
[2009/08/29 21:53:53 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\artate\Desktop\ERUNT.lnk
[2009/08/29 21:53:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/29 09:28:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\artate\Application Data\IObit
[2009/08/29 09:28:32 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/08/29 09:01:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\artate\Desktop\HijackThis.lnk
[2009/08/29 09:01:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/28 17:31:47 | 00,000,000 | ---D | C] -- C:\Perl
[2009/08/28 17:29:45 | 18,489,584 | ---- | C] () -- C:\Documents and Settings\artate\Desktop\ActivePerl-5.10.1.1006-MSWin32-x86-291086.msi
========== Files - Modified Within 14 Days ==========
[2009/08/30 19:59:18 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/08/30 12:46:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/30 09:57:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/30 09:56:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/30 09:56:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/30 09:55:32 | 00,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2009/08/30 04:02:54 | 00,000,292 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2009/08/29 22:11:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/29 21:53:53 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\artate\Desktop\NTREGOPT.lnk
[2009/08/29 21:53:53 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\artate\Desktop\ERUNT.lnk
[2009/08/29 17:28:43 | 00,144,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/29 09:01:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\artate\Desktop\HijackThis.lnk
[2009/08/28 17:30:01 | 18,489,584 | ---- | M] () -- C:\Documents and Settings\artate\Desktop\ActivePerl-5.10.1.1006-MSWin32-x86-291086.msi
[2009/08/28 16:56:49 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\artate\Local Settings\Application Data\PUTTY.RND
[2009/08/28 15:00:01 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for artate.job
[2009/08/27 10:21:29 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\artate\Application Data\winscp.rnd
[2009/08/26 10:54:00 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/08/26 10:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/25 13:10:04 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\artate\Application Data\mcs.rma
[2009/08/25 13:10:04 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\artate\Application Data\A3764B
========== LOP Check ==========
[2009/08/29 22:11:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/18 12:02:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/08 11:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/06 10:39:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2009/02/04 12:56:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/07/16 13:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/12/25 00:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2007/10/16 15:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2007/05/07 14:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2006/12/11 14:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IGS
[2008/12/15 19:34:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2009/06/11 11:20:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/06/24 09:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/01/24 21:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/29 22:11:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\artate\Application Data
[2009/01/26 12:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Aptana
[2009/07/16 13:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\ATI
[2009/02/11 19:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Avaya
[2007/11/15 13:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Centra
[2008/12/21 15:11:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Download Manager
[2009/07/16 11:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Elluminate
[2009/07/10 10:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Feedreader
[2009/01/14 14:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Helios
[2007/08/22 09:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\IBM
[2007/05/07 14:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\IBMERS
[2007/11/10 22:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\InterVideo
[2009/08/29 09:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\IObit
[2008/03/10 17:05:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Leadertech
[2008/12/15 19:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Lotus
[2007/12/21 19:01:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Passlogix
[2007/10/26 12:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Raindance
[2007/05/10 12:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Rational
[2007/12/25 09:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\RTPlayer
[2007/11/15 13:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Saba
[2009/01/14 20:46:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\tunebite
[2009/05/05 13:31:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Voice Suite
[2009/07/31 16:03:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\WDPlugin
[2009/05/01 12:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Web Meeting
[2009/08/26 10:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 01:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/30 12:46:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/08/03 11:59:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job
[2009/08/28 15:00:01 | 00,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for artate.job
[2009/07/30 22:28:51 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/08/30 09:56:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
[2002/09/17 19:30:03 | 00,000,037 | ---- | M] () -- C:\cebWXP.exe
< %systemroot%\system32\eventlog.dll >
[2004/08/04 01:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
< %systemroot%\system32\scecli.dll >
[2004/08/04 01:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Alternate Data Streams ==========
@Alternate Data Stream - 160 bytes -> C:\WINDOWS\System32\TpKmpSVC.exe:SummaryInformation
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 8/30/2009 8:42:32 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = F:\utilities\SpywareCleanup
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 94.64% Memory free
4.00 Gb Paging File | 3.82 Gb Available in Paging File | 95.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 7.41 Gb Free Space | 7.95% Space Free | Partition Type: NTFS
Drive D: | 449.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 979.72 Mb Total Space | 377.16 Mb Free Space | 38.50% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: IBM-3131ABEDCD3
Current User Name: artate
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"IBMconfig" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" OMS Client(DEV) " =
" OMS Client(INT) " =
" OMS Client(SYS) " =
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{062831CB-A028-FA27-482B-35B935569892}" = CCC Help Spanish
"{0698CECB-9072-47B1-AEA1-94CA350989B8}" = Symantec Client Security
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0940BBAB-2C46-E877-69CE-1A1B8100C6F3}" = Catalyst Control Center Localization Japanese
"{09672BC4-148F-3FCC-E1A9-A019453D9A4A}" = CCC Help Chinese Standard
"{0F03AD68-3716-DC9C-45E3-72B519D0B64E}" = CCC Help Dutch
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18982526-9FE8-42A3-A950-369C5E7C8821}" = IBM System Migration Assistant 4.2
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1ED554BA-058A-9664-2BA8-F6F2A68DE15E}" = Catalyst Control Center Localization Swedish
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 15
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E64DF28-426C-9E02-8295-485AB959225C}" = Catalyst Control Center Localization Spanish
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35431808-8D7E-345D-127B-BFC92CAA2352}" = CCC Help English
"{372853A4-796F-7042-4B26-AB2F8D780136}" = CCC Help Japanese
"{37C22E24-B794-4265-A38E-711BBF1C637A}" = IBM Personal Communications
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3AEF318B-5987-09AF-949A-3D42837684D8}" = Catalyst Control Center Localization Italian
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{46CD7295-6B85-E6D1-9774-0C584F6497CB}" = Catalyst Control Center Graphics Full Existing
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{533557D5-E468-4F96-BD95-C81D0A2A8181}" = IBM Lotus Sametime Connect 8.0.1
"{53A93780-6073-4207-A729-A99A30AFDE40}" = AFP Workbench for Windows
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{66463B76-A188-C603-BF2F-AF6088F18012}" = CCC Help Italian
"{679DEB4F-FCC2-F5D7-2F23-EDF82D2CB76A}" = Catalyst Control Center Localization Korean
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2C675E-8040-431B-99C4-137DF4FBF75A}" = Thermal Analysis Tool
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{757debef-635e-4076-b82b-dac22feb3c9c}" = IBM Lotus Symphony
"{7596AEAB-2884-E87D-FD0B-BB02763998FB}" = ccc-utility
"{76EF79CA-A6A8-41C4-AE49-E49BA075FA51}" = Diskeeper Professional Edition
"{795AF20A-51C5-4BAF-9EF5-AA38105C6141}" = Norton Security Scan
"{795B7252-3FA5-20CA-D039-8E62DC590A10}" = Catalyst Control Center Graphics Light
"{7A62B557-7A4F-CDB1-F6E5-E7AB5625ED16}" = ccc-core-preinstall
"{7D968F83-A23F-40F7-937C-A3B5A0C44048}" = My Help - Workstation Setup Wizard
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7F87DF1C-6B8F-49F4-8EEF-7600128D99AE}" = IBM Tivoli Storage Manager Client
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{83E1D91E-6B79-8850-7CBB-3098BDD1D4C7}" = CCC Help Korean
"{83FEAEA2-0BAE-1E00-7264-C88A1BD55CE8}" = Catalyst Control Center Localization French
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{86E8B3EA-8D79-4078-AD8B-6FB73E4BA8B4}" = ISMA Migration Summary
"{883ADBAF-997E-4F82-9601-A50141DF2FDA}" = ISMA P2P Transfer Tool
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A59CF7D-58AB-A28D-F02D-8473A4431A28}" = Skins
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{901D0904-83D1-46D1-BECF-954FF779A9C0}" = InterCall Web Meeting
"{903A0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Standard 2002
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A398B998-D540-A3D0-A35B-84A5549E1C5B}" = CCC Help Swedish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5E81ECB-C322-35EF-E9B9-2CFE17BB1A28}" = CCC Help German
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA36483F-5D79-4EFD-ACA7-161EE2474E17}" = IBM Infoprint Select
"{ABAD4282-5D79-93D6-5687-5657BC74DC51}" = Catalyst Control Center Localization German
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{ADB68E57-C344-3C48-10B1-51B5959F4EA3}" = Catalyst Control Center Core Implementation
"{ADFAA190-E063-EB64-42A6-C5E8A1DA0A79}" = Catalyst Control Center Localization Dutch
"{AEA7DB99-E310-741E-D005-02BDF09E5AB3}" = CCC Help Portuguese
"{AEBDAEFE-DE1E-8622-C8DC-B7F8008E1925}" = CCC Help French
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BB8B979E-E336-47E7-96BC-1031C1B94561}" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5243A59-B2DD-EC07-23D2-D9CD9689B193}" = Catalyst Control Center Graphics Full New
"{C73D0E75-D147-CD6B-29F2-C5A1C8C6579C}" = ccc-core-static
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA96F3A1-F350-11D3-B354-002035C150E4}" = ILC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" =
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" =
"{D52140C4-3CBD-1ED0-1CAA-7C4EAF5F75E1}" = Catalyst Control Center Localization Chinese Standard
"{D671062E-44AF-4DC6-AD89-92921D1E1779}" = Lotus Notes 8.0.2
"{D8482C8C-B0D9-EAF3-43DC-9770D3C7DB88}" = Catalyst Control Center Localization Chinese Traditional
"{DC5A471E-3DF2-4FC5-B1C8-6096F6FE3C6B}" = World Community Grid - BOINC Agent
"{DDFC5759-D6BC-FE35-D423-EE93B562B2CD}" = CCC Help Chinese Traditional
"{DE6BA179-15B7-40EE-962C-B363CCAE8B5A}" = AT&T Global Network Client Managed VPN Premium Edition
"{DFF415AC-3883-4338-9365-DDCB74A0CFBA}" = IBM My Help
"{E05A9720-36C5-11D2-8960-0020AFFA5563}" = Lotus® Sametime® Unyte® For IBM Meetings
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F91040C8-F3F6-BBA5-2762-EB720EA4B556}" = Catalyst Control Center Localization Portuguese
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"ab25de0789344f96ec2c253fd2dda3c1" = IBM Rational ClearCase Remote Client V7.0.1
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" =
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"AT&T Network Client {C:,PROGRA~1,AT&TNE~1,}" =
"ATI Display Driver" = ATI Display Driver
"CentraClient" = Centra Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Connection Manager" =
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DirectAnimation" =
"DirectDrawEx" =
"dlatray.exe" =
"DXM_Runtime" =
"e1a339b53cefb3e28839b7c7cab09e18" = IBM Rational Method Composer
"ERUNT_is1" = ERUNT 1.1j
"fe29d7d6aaf324b1964e31be6d7ce1981815068445" = IBM Dynamic Content Delivery (DCDClient-ISSI)
"FileZilla" = FileZilla (remove only)
"Fontcore" =
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IBM Ayudame" = IBM Ayudame
"IBM Installation Manager" = IBM Installation Manager
"IBM_HostCD" = IBM Software Uninstall
"IBM_values_installer" = IBM_values_installer Screen Saver
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"IEData" =
"IM-IBM Rational" = IBM Rational
"IM-IBM Rational Team Concert" = IBM Rational Team Concert
"IM-IBM Rational Team Concert_2" = IBM Rational Team Concert_2
"IM-IBM Rational Team Concert_3" = IBM Rational Team Concert_3
"IM-IBM Software Delivery Platform" = IBM Software Delivery Platform
"IM-IBM Software Development Platform" = IBM Software Development Platform
"InstallShield Uninstall Information" =
"InstallShield_{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Log4j Chainsaw v2" =
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" =
"MobileOptionPack" =
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MsJavaVM" =
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{795AF20A-51C5-4BAF-9EF5-AA38105C6141}" = Norton Security Scan (Symantec Corporation)
"OnScreenDisplay" = On Screen Display
"OutlookExpress" =
"P2P GUI" = IBM ISMA Peer-To-Peer
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"PDF to Image Converter_is1" = PDF to Image Converter 2.00
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"RecordNow.exe" =
"Rhapsody" = Rhapsody
"SchedulingAgent" =
"Sevinst" =
"Snapshot Viewer" = Snapshot Viewer
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TightVNC_is1" = TightVNC 1.3.10
"Tunebite_is1" = Tunebite 4.1.0.34
"WAMRstor" = IBM ISMA Restore
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"winscp3_is1" = WinSCP 4.1.9
"WMFDist11" = Windows Media Format 11 runtime
"Workstation Security Tool_is1" = Workstation Security Tool 2.4
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OMS Client(DEV)" = OMS Client(DEV)
"OMS Client(sys)" = OMS Client(sys)
"OMS Client(uat)" = OMS Client(uat)
"WSBAA61UPDI" = IBM Update Installer for WebSphere software V7.0
"WSBAA61UPDI (3)" = IBM Update Installer for WebSphere software V6.1 (3)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/3/2009 6:55:50 AM | Computer Name = IBM-3131ABEDCD3 | Source = Diskeeper | ID = 6
Description = Diskeeper Control Center - ERROR Diskeeper was not able to initialize
RPC.
Error - 8/3/2009 6:55:50 AM | Computer Name = IBM-3131ABEDCD3 | Source = JavaQuickStarterService | ID = 1
Description =
Error - 8/3/2009 6:57:02 AM | Computer Name = IBM-3131ABEDCD3 | Source = Symantec AntiVirus | ID = 16711742
Description = Symantec AntiVirus communications layer failed to initialize. Remote
manageability has been disabled. An error occurred while initializing SSL-based
communication. Error code: 0x20000081.
Error - 8/3/2009 6:58:27 AM | Computer Name = IBM-3131ABEDCD3 | Source = IBMWAS61Service - IBM-3131ABEDCD3Node01 | ID = 109
Description = Could not determine the process id of the java process. Changing the
IBMWAS61Service - IBM-3131ABEDCD3Node01 service status to the "stopped" state. To
prevent this error, try recreating this service with the -logRoot parameter. The
value of the logRoot parameter should be the directory in which the server's .pid
file is created.
Error - 8/3/2009 6:58:29 AM | Computer Name = IBM-3131ABEDCD3 | Source = Symantec AntiVirus | ID = 16711742
Description = Symantec AntiVirus communications layer failed to initialize. Remote
manageability has been disabled. An error occurred while initializing SSL-based
communication. Error code: 0x20000081.
Error - 8/3/2009 1:02:38 PM | Computer Name = IBM-3131ABEDCD3 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8237.0, stamp 48eff681,
faulting module sthelper.dll, version 8.0.1.3, stamp 4890e57c, debug? 0, fault
address 0x0001d771.
Error - 8/3/2009 7:39:52 PM | Computer Name = IBM-3131ABEDCD3 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in boinc.exe [4864]. Just-In-Time
debugging this exception failed with the following error: Insufficient system resources
exist to complete the requested service. Check the documentation index for 'Just-in-time
debugging, errors' for more information.
Error - 8/16/2009 5:12:28 PM | Computer Name = IBM-3131ABEDCD3 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).
Error - 8/16/2009 5:12:28 PM | Computer Name = IBM-3131ABEDCD3 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.
Error - 8/19/2009 10:40:55 AM | Computer Name = IBM-3131ABEDCD3 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8237.0, stamp 48eff681,
faulting module sthelper.dll, version 8.0.1.3, stamp 4890e57c, debug? 0, fault
address 0x0001d771.
[ Cisco AnyConnect VPN Client Events ]
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED
[ IBM Events ]
Error - 4/6/2009 9:14:46 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
Error - 4/6/2009 2:37:06 PM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
Error - 4/9/2009 10:36:01 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
Error - 4/16/2009 9:44:50 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
Error - 5/13/2009 4:01:00 PM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
Error - 5/14/2009 9:05:50 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
Error - 6/15/2009 10:17:24 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
Error - 6/22/2009 12:12:06 PM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
Error - 7/15/2009 11:20:54 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
Error - 8/3/2009 1:02:34 PM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =
[ System Events ]
Error - 8/29/2009 9:31:05 PM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The IBM Mobility Client Start Utility service failed to start due
to the following error: %%2
Error - 8/29/2009 9:31:05 PM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The BCSApache service failed to start due to the following error:
%%3
Error - 8/29/2009 9:31:05 PM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The JbossService service failed to start due to the following error:
%%3
Error - 8/29/2009 9:31:05 PM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2
Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The IBM Mobility Client Start Utility service failed to start due
to the following error: %%2
Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The BCSApache service failed to start due to the following error:
%%3
Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The JbossService service failed to start due to the following error:
%%3
Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 8/30/2009 10:38:36 AM | Computer Name = IBM-3131ABEDCD3 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
LUANNECOMPUTER that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{21EF5A72-A79D. The master browser is stopping or an election is being
forced.
< End of report >