Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware log review - ART Laptop


  • Please log in to reply

#1
shippingman

shippingman

    New Member

  • Member
  • Pip
  • 3 posts
I have followed all instructions in the cleaning guide (http://www.geekstogo...uide-t2852.html) and the machine is working better, thanks. I would like help reviewing the logs to determine if any additional malware is present. I'm concerned about the following in RootRepeal: "Status: Hooked by "<unknown>" at address 0xfbf826f0". Also, I see a message in Extras: "The JbossService service failed to start". JBoss should have been uninstalled. Any advice to improve overall performance would be appreciated.

Malwarebytes' Anti-Malware 1.40
Database version: 2714
Windows 5.1.2600 Service Pack 2

8/31/2009 1:07:15 AM
mbam-log-2009-08-31 (01-07-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 586713
Time elapsed: 4 hour(s), 5 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/30 20:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xEB3BC000 Size: 876544 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC96D000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0xfbf826f0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xec8f7350

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xec8f7580

==EOF==


OTL logfile created on: 8/30/2009 8:55:08 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = F:\utilities\SpywareCleanup
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 97.96% Memory free
4.00 Gb Paging File | 3.87 Gb Available in Paging File | 96.64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 7.41 Gb Free Space | 7.95% Space Free | Partition Type: NTFS
Drive D: | 449.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 979.72 Mb Total Space | 377.09 Mb Free Space | 38.49% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM-3131ABEDCD3
Current User Name: artate
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/03/31 17:10:40 | 00,036,640 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\ibmpmsvc.exe
PRC - [2008/11/10 22:17:48 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/07/19 19:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/11/10 22:17:48 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/07/19 19:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
PRC - [2006/09/27 14:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
PRC - [2006/08/07 16:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
PRC - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\trcboot.exe
PRC - [2005/09/06 05:07:18 | 00,036,864 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
PRC - [2009/04/17 14:22:06 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2009/03/24 17:08:08 | 00,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\System32\acs.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 13:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/08 10:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
PRC - [2006/09/27 20:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
PRC - [2005/07/26 18:51:22 | 00,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
PRC - [2009/07/29 11:54:05 | 00,069,632 | ---- | M] () -- C:\Program Files\IBM\SDP70\runtimes\base_v61\bin\wasservice.exe
PRC - [2009/07/23 16:47:15 | 00,433,392 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe
PRC - [2009/06/01 09:40:00 | 00,242,928 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004/08/04 01:00:00 | 00,388,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
PRC - [2008/08/08 17:53:42 | 00,058,760 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe
PRC - [2008/10/09 13:31:02 | 00,562,456 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe
PRC - [2008/01/17 09:23:16 | 00,059,392 | ---- | M] (Web Meeting) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
PRC - [2006/09/27 20:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 20:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 14:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
PRC - [2005/06/20 08:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE
PRC - [2008/12/28 09:58:28 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe
PRC - [2009/04/16 13:41:28 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2006/11/24 05:29:56 | 00,043,752 | ---- | M] (IBM) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
PRC - [2007/06/13 06:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\ldlcserv.exe
PRC - [2009/04/17 14:22:12 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2004/08/04 01:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/08/18 19:45:42 | 00,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2009/04/17 14:23:28 | 00,163,840 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2009/07/23 16:47:35 | 00,281,840 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\isamtray.exe
PRC - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] () -- C:\Program Files\IBM\Personal Communications\tpam.exe
PRC - [2006/12/11 20:04:40 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/12/11 20:04:38 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/03/24 10:15:04 | 00,068,464 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/03/24 14:41:22 | 00,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2006/12/11 20:07:32 | 00,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
PRC - [2009/04/17 14:20:14 | 00,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2009/04/17 14:15:02 | 00,172,032 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2006/03/15 15:04:48 | 00,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\System32\TpShocks.exe
PRC - [2004/01/27 21:04:00 | 00,118,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\dla\tfswctrl.exe
PRC - [2006/07/19 19:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/09/27 20:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
PRC - [2009/03/13 05:00:40 | 00,184,371 | ---- | M] () -- C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.19\pmonmh.exe
PRC - [2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2005/05/20 09:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2009/07/28 16:10:48 | 00,087,592 | ---- | M] (IBM) -- C:\Program Files\IBM\SDP70\runtimes\base_v61\java\bin\java.exe
PRC - [2009/04/16 04:04:00 | 00,061,728 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2007/12/27 12:33:09 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/16 09:02:11 | 00,872,518 | ---- | M] () -- C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\soffice.exe
PRC - [2008/08/18 19:45:42 | 00,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2007/10/03 09:57:28 | 03,863,296 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/03 09:57:26 | 00,430,848 | ---- | M] (World Community Grid) -- C:\Program Files\BOINC\boinc.exe
PRC - [2009/03/13 05:02:48 | 00,057,344 | ---- | M] () -- C:\Program Files\IBM\My Help\MyHelp.exe
PRC - [2008/07/30 16:24:48 | 00,088,544 | ---- | M] (IBM) -- C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe
PRC - [2004/08/04 01:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2004/08/04 01:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/08/04 01:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cidaemon.exe
PRC - [2009/06/30 09:55:40 | 02,329,224 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe
PRC - File not found -- C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.06_
PRC - File not found -- C:\Program Files\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.03_
PRC - [2004/08/04 01:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2009/08/30 20:38:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- F:\utilities\SpywareCleanup\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/04/17 14:22:06 | 00,098,304 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
SRV - [2009/03/24 17:08:08 | 00,475,220 | ---- | M] (Atheros) -- C:\WINDOWS\System32\acs.exe -- (acs [Auto | Running])
SRV - [2009/04/17 14:22:12 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/06 05:07:18 | 00,032,768 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\appnnode.exe -- (AppnNode [On_Demand | Stopped])
SRV - File not found -- -- (artstartsvc [Auto | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/11/10 22:17:48 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - File not found -- -- (BCSApache [Auto | Stopped])
SRV - [2008/12/12 13:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/08/18 19:45:42 | 00,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2006/07/19 19:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/07/19 19:26:10 | 00,202,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy [Auto | Running])
SRV - [2006/07/19 19:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/08 10:53:21 | 00,053,248 | ---- | M] () -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe -- (DCDClient-ISSI [Auto | Running])
SRV - [2006/09/27 20:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2005/07/26 18:51:22 | 00,606,316 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [Auto | Running])
SRV - [2009/03/24 09:39:04 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2004/08/04 01:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/31 17:10:40 | 00,036,640 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC [Auto | Running])
SRV - [2009/07/29 11:54:05 | 00,069,632 | ---- | M] () -- C:\Program Files\IBM\SDP70\runtimes\base_v61\bin\wasservice.exe -- (IBMWAS61Service - IBM-3131ABEDCD3Node01 [Auto | Running])
SRV - [2004/10/22 04:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2004/08/03 20:56:44 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - File not found -- -- (ISAMsmt [Auto | Stopped])
SRV - [2009/07/23 16:47:15 | 00,433,392 | ---- | M] (IBM Corp.) -- C:\Program Files\C4ebreg\c4ebreg.exe -- (ISAMSvc [Auto | Running])
SRV - [2009/06/01 09:40:00 | 00,242,928 | ---- | M] (IBM Corp.) -- c:\sdwork\issimsvc.exe -- (ISSIMon [Auto | Running])
SRV - [2006/09/27 14:14:44 | 00,087,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe -- (ISSVC [Auto | Running])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - File not found -- -- (JbossService [Auto | Stopped])
SRV - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\ldlcserv.exe -- (ldlcserv [Auto | Running])
SRV - [2006/02/23 11:41:02 | 02,045,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2005/09/23 08:01:16 | 02,799,808 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80 [Disabled | Stopped])
SRV - [2008/08/08 17:53:42 | 00,058,760 | ---- | M] (IBM Corp) -- C:\notes\ntmulti.exe -- (Multi-user Cleanup Service [Auto | Running])
SRV - [2008/02/28 13:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/10/09 13:31:02 | 00,562,456 | ---- | M] (AT&T) -- C:\Program Files\AT&T Network Client\netcfgsvr.exe -- (netcfgsvr [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 07:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/02/28 13:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2009/04/16 13:41:28 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service [Auto | Running])
SRV - [2008/01/17 09:23:16 | 00,059,392 | ---- | M] (Web Meeting) -- C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe -- (RDIConverterPrintHelper [Auto | Running])
SRV - [2006/09/27 20:33:38 | 00,116,464 | ---- | M] (symantec) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - [2006/08/07 16:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [Auto | Running])
SRV - [2006/04/11 17:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2006/09/27 20:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2006/09/27 14:15:56 | 00,173,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe -- (SymSecurePort [Auto | Running])
SRV - [2005/06/20 08:15:00 | 00,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.EXE -- (TPHDEXLGSVC [Auto | Running])
SRV - [2008/12/28 09:58:28 | 00,032,768 | ---- | M] () -- C:\WINDOWS\System32\TpKmpSVC.exe -- (TpKmpSVC [Auto | Running])
SRV - [2005/09/06 05:07:18 | 00,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\System32\Drivers\trcboot.exe -- (TrcBoot [Auto | Running])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..network.proxy.no_proxies_on: ";"

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/12/22 14:26:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/07 11:39:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 09:32:57 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 09:32:57 | 00,000,000 | ---D | M]

[2008/08/27 14:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Extensions
[2008/08/27 14:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2008/12/15 19:43:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\eclipse\extensions
[2007/08/20 15:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\eclipse1\extensions
[2009/08/30 20:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions
[2009/07/10 09:54:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\{de6baed3-43f9-4709-98f9-3978ba7e1c7e}(2)
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]\chrome
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]\components
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\IBM-[email protected]\defaults
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]\platform
[2008/03/29 13:50:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\mozilla\Firefox\Profiles\qa2n2p8y.default\extensions\[email protected]\searchplugins
[2009/04/01 09:45:36 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\artate\Application Data\Mozilla\FireFox\Profiles\qa2n2p8y.default\searchplugins\dogear-search.xml
[2009/08/30 20:43:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 09:32:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/07 11:40:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/29 02:59:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\chrome
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\components
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\defaults
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\platform
[2007/05/07 11:26:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]\searchplugins
[2009/08/05 09:32:46 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 09:32:46 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2007/07/31 07:47:04 | 00,186,880 | ---- | M] (IBM) -- C:\Program Files\mozilla firefox\plugins\npcpsweb.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/10/11 16:17:50 | 01,435,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/05 09:32:48 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 21:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/10/14 23:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/15 11:41:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/15 11:41:38 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/10/07 21:28:31 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2005/08/09 14:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/04/30 14:34:10 | 00,238,944 | ---- | M] (IBM ) -- C:\Program Files\mozilla firefox\plugins\npwdplugin.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (747 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [C4EBReg] C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISAMTray] C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe ()
O4 - HKLM..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe (PC Pitstop, LLC.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.19\pmonmh.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20080827-1548\preload.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [stgclean] c:\sdwork\w32main2.exe (IBM Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\tp4ex.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Tpam.exe] C:\Program Files\IBM\Personal Communications\tpam.exe ()
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090605-2002\preload.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\artate\Start Menu\Programs\Startup\World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} https://www-1.ibm.com/qp2.cab (QuickPlace Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229972323828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1229972311234 (MUWebControl Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} http://w3.ibm.com/bl...lnwebassist.cab (LNWebAssist Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...all-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http:// (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\atmgrtok: DllName - atmgrtok.dll - C:\Program Files\IBM\Personal Communications\atmgrtok.dll (IBM Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\System32\pcsinst.dll (IBM Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 13:44:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/30 19:59:18 | 00,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/08/30 10:27:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/08/30 10:00:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/29 22:11:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\artate\Application Data\Malwarebytes
[2009/08/29 22:11:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/29 22:11:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/29 22:11:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/29 22:11:39 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/29 22:11:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/29 21:54:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/29 21:53:53 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\artate\Desktop\NTREGOPT.lnk
[2009/08/29 21:53:53 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\artate\Desktop\ERUNT.lnk
[2009/08/29 21:53:52 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/29 09:28:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\artate\Application Data\IObit
[2009/08/29 09:28:32 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/08/29 09:01:29 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\artate\Desktop\HijackThis.lnk
[2009/08/29 09:01:28 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/28 17:31:47 | 00,000,000 | ---D | C] -- C:\Perl
[2009/08/28 17:29:45 | 18,489,584 | ---- | C] () -- C:\Documents and Settings\artate\Desktop\ActivePerl-5.10.1.1006-MSWin32-x86-291086.msi

========== Files - Modified Within 14 Days ==========

[2009/08/30 19:59:18 | 00,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/08/30 12:46:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/30 09:57:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/30 09:56:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/30 09:56:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/30 09:55:32 | 00,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2009/08/30 04:02:54 | 00,000,292 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr
[2009/08/29 22:11:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/29 21:53:53 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\artate\Desktop\NTREGOPT.lnk
[2009/08/29 21:53:53 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\artate\Desktop\ERUNT.lnk
[2009/08/29 17:28:43 | 00,144,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/29 09:01:29 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\artate\Desktop\HijackThis.lnk
[2009/08/28 17:30:01 | 18,489,584 | ---- | M] () -- C:\Documents and Settings\artate\Desktop\ActivePerl-5.10.1.1006-MSWin32-x86-291086.msi
[2009/08/28 16:56:49 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\artate\Local Settings\Application Data\PUTTY.RND
[2009/08/28 15:00:01 | 00,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for artate.job
[2009/08/27 10:21:29 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\artate\Application Data\winscp.rnd
[2009/08/26 10:54:00 | 00,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2009/08/26 10:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/25 13:10:04 | 00,870,128 | ---- | M] () -- C:\Documents and Settings\artate\Application Data\mcs.rma
[2009/08/25 13:10:04 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\artate\Application Data\A3764B

========== LOP Check ==========

[2009/08/29 22:11:40 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/18 12:02:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/08 11:34:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/06 10:39:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2009/02/04 12:56:42 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2009/07/16 13:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/12/25 00:40:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2007/10/16 15:15:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2007/05/07 14:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2006/12/11 14:18:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IGS
[2008/12/15 19:34:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2009/06/11 11:20:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2009/06/24 09:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/01/24 21:22:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/29 22:11:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\artate\Application Data
[2009/01/26 12:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Aptana
[2009/07/16 13:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\ATI
[2009/02/11 19:58:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Avaya
[2007/11/15 13:33:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Centra
[2008/12/21 15:11:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Download Manager
[2009/07/16 11:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Elluminate
[2009/07/10 10:00:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Feedreader
[2009/01/14 14:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Helios
[2007/08/22 09:33:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\IBM
[2007/05/07 14:59:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\IBMERS
[2007/11/10 22:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\InterVideo
[2009/08/29 09:28:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\IObit
[2008/03/10 17:05:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Leadertech
[2008/12/15 19:28:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Lotus
[2007/12/21 19:01:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Passlogix
[2007/10/26 12:07:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Raindance
[2007/05/10 12:21:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Rational
[2007/12/25 09:02:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\RTPlayer
[2007/11/15 13:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Saba
[2009/01/14 20:46:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\tunebite
[2009/05/05 13:31:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Voice Suite
[2009/07/31 16:03:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\WDPlugin
[2009/05/01 12:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\artate\Application Data\Web Meeting
[2009/08/26 10:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 01:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/30 12:46:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/08/03 11:59:00 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job
[2009/08/28 15:00:01 | 00,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\Norton Security Scan for artate.job
[2009/07/30 22:28:51 | 00,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2009/08/30 09:56:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2002/09/17 19:30:03 | 00,000,037 | ---- | M] () -- C:\cebWXP.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/04 01:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2004/08/04 01:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\WINDOWS\System32\TpKmpSVC.exe:SummaryInformation
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

OTL Extras logfile created on: 8/30/2009 8:42:32 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = F:\utilities\SpywareCleanup
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 94.64% Memory free
4.00 Gb Paging File | 3.82 Gb Available in Paging File | 95.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 7.41 Gb Free Space | 7.95% Space Free | Partition Type: NTFS
Drive D: | 449.39 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 979.72 Mb Total Space | 377.16 Mb Free Space | 38.50% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IBM-3131ABEDCD3
Current User Name: artate
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"IBMconfig" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" OMS Client(DEV) " =
" OMS Client(INT) " =
" OMS Client(SYS) " =
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{062831CB-A028-FA27-482B-35B935569892}" = CCC Help Spanish
"{0698CECB-9072-47B1-AEA1-94CA350989B8}" = Symantec Client Security
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0940BBAB-2C46-E877-69CE-1A1B8100C6F3}" = Catalyst Control Center Localization Japanese
"{09672BC4-148F-3FCC-E1A9-A019453D9A4A}" = CCC Help Chinese Standard
"{0F03AD68-3716-DC9C-45E3-72B519D0B64E}" = CCC Help Dutch
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18982526-9FE8-42A3-A950-369C5E7C8821}" = IBM System Migration Assistant 4.2
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1ED554BA-058A-9664-2BA8-F6F2A68DE15E}" = Catalyst Control Center Localization Swedish
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E64DF28-426C-9E02-8295-485AB959225C}" = Catalyst Control Center Localization Spanish
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35431808-8D7E-345D-127B-BFC92CAA2352}" = CCC Help English
"{372853A4-796F-7042-4B26-AB2F8D780136}" = CCC Help Japanese
"{37C22E24-B794-4265-A38E-711BBF1C637A}" = IBM Personal Communications
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3AEF318B-5987-09AF-949A-3D42837684D8}" = Catalyst Control Center Localization Italian
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{46CD7295-6B85-E6D1-9774-0C584F6497CB}" = Catalyst Control Center Graphics Full Existing
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{533557D5-E468-4F96-BD95-C81D0A2A8181}" = IBM Lotus Sametime Connect 8.0.1
"{53A93780-6073-4207-A729-A99A30AFDE40}" = AFP Workbench for Windows
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{66463B76-A188-C603-BF2F-AF6088F18012}" = CCC Help Italian
"{679DEB4F-FCC2-F5D7-2F23-EDF82D2CB76A}" = Catalyst Control Center Localization Korean
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2C675E-8040-431B-99C4-137DF4FBF75A}" = Thermal Analysis Tool
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{757debef-635e-4076-b82b-dac22feb3c9c}" = IBM Lotus Symphony
"{7596AEAB-2884-E87D-FD0B-BB02763998FB}" = ccc-utility
"{76EF79CA-A6A8-41C4-AE49-E49BA075FA51}" = Diskeeper Professional Edition
"{795AF20A-51C5-4BAF-9EF5-AA38105C6141}" = Norton Security Scan
"{795B7252-3FA5-20CA-D039-8E62DC590A10}" = Catalyst Control Center Graphics Light
"{7A62B557-7A4F-CDB1-F6E5-E7AB5625ED16}" = ccc-core-preinstall
"{7D968F83-A23F-40F7-937C-A3B5A0C44048}" = My Help - Workstation Setup Wizard
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7F87DF1C-6B8F-49F4-8EEF-7600128D99AE}" = IBM Tivoli Storage Manager Client
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{83E1D91E-6B79-8850-7CBB-3098BDD1D4C7}" = CCC Help Korean
"{83FEAEA2-0BAE-1E00-7264-C88A1BD55CE8}" = Catalyst Control Center Localization French
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{86E8B3EA-8D79-4078-AD8B-6FB73E4BA8B4}" = ISMA Migration Summary
"{883ADBAF-997E-4F82-9601-A50141DF2FDA}" = ISMA P2P Transfer Tool
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A59CF7D-58AB-A28D-F02D-8473A4431A28}" = Skins
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{901D0904-83D1-46D1-BECF-954FF779A9C0}" = InterCall Web Meeting
"{903A0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Project Standard 2002
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
"{9FCE66F0-EE03-43BD-916E-66EDF0DBC18C}" = Catalyst Control Center - Branding
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A398B998-D540-A3D0-A35B-84A5549E1C5B}" = CCC Help Swedish
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5E81ECB-C322-35EF-E9B9-2CFE17BB1A28}" = CCC Help German
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA36483F-5D79-4EFD-ACA7-161EE2474E17}" = IBM Infoprint Select
"{ABAD4282-5D79-93D6-5687-5657BC74DC51}" = Catalyst Control Center Localization German
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{ADB68E57-C344-3C48-10B1-51B5959F4EA3}" = Catalyst Control Center Core Implementation
"{ADFAA190-E063-EB64-42A6-C5E8A1DA0A79}" = Catalyst Control Center Localization Dutch
"{AEA7DB99-E310-741E-D005-02BDF09E5AB3}" = CCC Help Portuguese
"{AEBDAEFE-DE1E-8622-C8DC-B7F8008E1925}" = CCC Help French
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Windows Live Sign-in Assistant
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BB8B979E-E336-47E7-96BC-1031C1B94561}" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5243A59-B2DD-EC07-23D2-D9CD9689B193}" = Catalyst Control Center Graphics Full New
"{C73D0E75-D147-CD6B-29F2-C5A1C8C6579C}" = ccc-core-static
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA96F3A1-F350-11D3-B354-002035C150E4}" = ILC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" =
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" =
"{D52140C4-3CBD-1ED0-1CAA-7C4EAF5F75E1}" = Catalyst Control Center Localization Chinese Standard
"{D671062E-44AF-4DC6-AD89-92921D1E1779}" = Lotus Notes 8.0.2
"{D8482C8C-B0D9-EAF3-43DC-9770D3C7DB88}" = Catalyst Control Center Localization Chinese Traditional
"{DC5A471E-3DF2-4FC5-B1C8-6096F6FE3C6B}" = World Community Grid - BOINC Agent
"{DDFC5759-D6BC-FE35-D423-EE93B562B2CD}" = CCC Help Chinese Traditional
"{DE6BA179-15B7-40EE-962C-B363CCAE8B5A}" = AT&T Global Network Client Managed VPN Premium Edition
"{DFF415AC-3883-4338-9365-DDCB74A0CFBA}" = IBM My Help
"{E05A9720-36C5-11D2-8960-0020AFFA5563}" = Lotus® Sametime® Unyte® For IBM Meetings
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F91040C8-F3F6-BBA5-2762-EB720EA4B556}" = Catalyst Control Center Localization Portuguese
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"ab25de0789344f96ec2c253fd2dda3c1" = IBM Rational ClearCase Remote Client V7.0.1
"AddressBook" =
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" =
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"AT&T Network Client {C:,PROGRA~1,AT&TNE~1,}" =
"ATI Display Driver" = ATI Display Driver
"CentraClient" = Centra Client
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Connection Manager" =
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DirectAnimation" =
"DirectDrawEx" =
"dlatray.exe" =
"DXM_Runtime" =
"e1a339b53cefb3e28839b7c7cab09e18" = IBM Rational Method Composer
"ERUNT_is1" = ERUNT 1.1j
"fe29d7d6aaf324b1964e31be6d7ce1981815068445" = IBM Dynamic Content Delivery (DCDClient-ISSI)
"FileZilla" = FileZilla (remove only)
"Fontcore" =
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IBM Ayudame" = IBM Ayudame
"IBM Installation Manager" = IBM Installation Manager
"IBM_HostCD" = IBM Software Uninstall
"IBM_values_installer" = IBM_values_installer Screen Saver
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"IEData" =
"IM-IBM Rational" = IBM Rational
"IM-IBM Rational Team Concert" = IBM Rational Team Concert
"IM-IBM Rational Team Concert_2" = IBM Rational Team Concert_2
"IM-IBM Rational Team Concert_3" = IBM Rational Team Concert_3
"IM-IBM Software Delivery Platform" = IBM Software Delivery Platform
"IM-IBM Software Development Platform" = IBM Software Development Platform
"InstallShield Uninstall Information" =
"InstallShield_{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Log4j Chainsaw v2" =
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" =
"MobileOptionPack" =
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MsJavaVM" =
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSSSetup.{795AF20A-51C5-4BAF-9EF5-AA38105C6141}" = Norton Security Scan (Symantec Corporation)
"OnScreenDisplay" = On Screen Display
"OutlookExpress" =
"P2P GUI" = IBM ISMA Peer-To-Peer
"PC Pitstop Optimize_is1" = PC Pitstop Optimize 1.5
"PCHealth" =
"PDF to Image Converter_is1" = PDF to Image Converter 2.00
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel® PRO Network Connections Drivers
"RecordNow.exe" =
"Rhapsody" = Rhapsody
"SchedulingAgent" =
"Sevinst" =
"Snapshot Viewer" = Snapshot Viewer
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TightVNC_is1" = TightVNC 1.3.10
"Tunebite_is1" = Tunebite 4.1.0.34
"WAMRstor" = IBM ISMA Restore
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"winscp3_is1" = WinSCP 4.1.9
"WMFDist11" = Windows Media Format 11 runtime
"Workstation Security Tool_is1" = Workstation Security Tool 2.4
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OMS Client(DEV)" = OMS Client(DEV)
"OMS Client(sys)" = OMS Client(sys)
"OMS Client(uat)" = OMS Client(uat)
"WSBAA61UPDI" = IBM Update Installer for WebSphere software V7.0
"WSBAA61UPDI (3)" = IBM Update Installer for WebSphere software V6.1 (3)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2009 6:55:50 AM | Computer Name = IBM-3131ABEDCD3 | Source = Diskeeper | ID = 6
Description = Diskeeper Control Center - ERROR Diskeeper was not able to initialize
RPC.

Error - 8/3/2009 6:55:50 AM | Computer Name = IBM-3131ABEDCD3 | Source = JavaQuickStarterService | ID = 1
Description =

Error - 8/3/2009 6:57:02 AM | Computer Name = IBM-3131ABEDCD3 | Source = Symantec AntiVirus | ID = 16711742
Description = Symantec AntiVirus communications layer failed to initialize. Remote
manageability has been disabled. An error occurred while initializing SSL-based
communication. Error code: 0x20000081.

Error - 8/3/2009 6:58:27 AM | Computer Name = IBM-3131ABEDCD3 | Source = IBMWAS61Service - IBM-3131ABEDCD3Node01 | ID = 109
Description = Could not determine the process id of the java process. Changing the
IBMWAS61Service - IBM-3131ABEDCD3Node01 service status to the "stopped" state. To
prevent this error, try recreating this service with the -logRoot parameter. The
value of the logRoot parameter should be the directory in which the server's .pid
file is created.

Error - 8/3/2009 6:58:29 AM | Computer Name = IBM-3131ABEDCD3 | Source = Symantec AntiVirus | ID = 16711742
Description = Symantec AntiVirus communications layer failed to initialize. Remote
manageability has been disabled. An error occurred while initializing SSL-based
communication. Error code: 0x20000081.

Error - 8/3/2009 1:02:38 PM | Computer Name = IBM-3131ABEDCD3 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8237.0, stamp 48eff681,
faulting module sthelper.dll, version 8.0.1.3, stamp 4890e57c, debug? 0, fault
address 0x0001d771.

Error - 8/3/2009 7:39:52 PM | Computer Name = IBM-3131ABEDCD3 | Source = VsJITDebugger | ID = 4096
Description = An unhandled win32 exception occurred in boinc.exe [4864]. Just-In-Time
debugging this exception failed with the following error: Insufficient system resources
exist to complete the requested service. Check the documentation index for 'Just-in-time
debugging, errors' for more information.

Error - 8/16/2009 5:12:28 PM | Computer Name = IBM-3131ABEDCD3 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 8/16/2009 5:12:28 PM | Computer Name = IBM-3131ABEDCD3 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 8/19/2009 10:40:55 AM | Computer Name = IBM-3131ABEDCD3 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application winword.exe, version 11.0.8237.0, stamp 48eff681,
faulting module sthelper.dll, version 8.0.1.3, stamp 4890e57c, debug? 0, fault
address 0x0001d771.

[ Cisco AnyConnect VPN Client Events ]
Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

Error - 11/25/2008 10:55:50 PM | Computer Name = IBM-3131ABEDCD3 | Source = vpnagent | ID = 50331649
Description = Function: DeleteRoute Return code: 0xFE07000E File: .\ChangeRouteHelper.cpp
Line:
389 Description: ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED

[ IBM Events ]
Error - 4/6/2009 9:14:46 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

Error - 4/6/2009 2:37:06 PM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

Error - 4/9/2009 10:36:01 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

Error - 4/16/2009 9:44:50 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

Error - 5/13/2009 4:01:00 PM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

Error - 5/14/2009 9:05:50 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

Error - 6/15/2009 10:17:24 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

Error - 6/22/2009 12:12:06 PM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

Error - 7/15/2009 11:20:54 AM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

Error - 8/3/2009 1:02:34 PM | Computer Name = IBM-3131ABEDCD3 | Source = STOI | ID = 1
Description =

[ System Events ]
Error - 8/29/2009 9:31:05 PM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The IBM Mobility Client Start Utility service failed to start due
to the following error: %%2

Error - 8/29/2009 9:31:05 PM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The BCSApache service failed to start due to the following error:
%%3

Error - 8/29/2009 9:31:05 PM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The JbossService service failed to start due to the following error:
%%3

Error - 8/29/2009 9:31:05 PM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The IBM Mobility Client Start Utility service failed to start due
to the following error: %%2

Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The BCSApache service failed to start due to the following error:
%%3

Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The JbossService service failed to start due to the following error:
%%3

Error - 8/30/2009 9:57:43 AM | Computer Name = IBM-3131ABEDCD3 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/30/2009 10:38:36 AM | Computer Name = IBM-3131ABEDCD3 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
LUANNECOMPUTER that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{21EF5A72-A79D. The master browser is stopping or an election is being
forced.


< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP