I believe I have the Alureon Trojan. I read many of the removal guides for it and noticed it's not a simple removal, so I'm creating a new post for some help with this.
Background: I went to a url that hosted malware by accident and my computer got infected. Very slow performance and certain programs would not load. I googled the url and found out that it hosts the Alureon Win32 Trojan (http://www.malwareur...main=asd9867.cn). I ran Avast 4.8 Home edition free and it caught something but I'm not sure whether it got everything. The PC is still slow and has the same problems.
I followed the Malware and Spyware Cleaning Guide and could use some help cleaning whatever is left on my machine.
Here are the MBAM, RootRepeal and OTL Logs.
Mark.
MBAM LOG:
Malwarebytes' Anti-Malware 1.41
Database version: 3221
Windows 5.1.2600 Service Pack 3
24/11/2009 9:04:26 AM
mbam-log-2009-11-24 (09-04-26).txt
Scan type: Quick Scan
Objects scanned: 124182
Time elapsed: 2 hour(s), 1 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ROOTREPEAL LOG:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/24 09:26
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\windows\System32\Drivers\dump_iaStor.sys
Address: 0xA7EED000 Size: 897024 File Visible: No Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9DB3000 Size: 92928 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D26000 Size: 574976 File Visible: - Signed: -
Status: Hidden from the Windows API!
Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xA4ACD000 Size: 49152 File Visible: No Signed: -
Status: -
==EOF==
OTL LOG:
OTL logfile created on: 24/11/2009 9:31:05 AM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Mark\Desktop\VIRUS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.98 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.59% Memory free
3.83 Gb Paging File | 3.28 Gb Available in Paging File | 85.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.45 Gb Total Space | 11.24 Gb Free Space | 13.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: Q
Current User Name: Mark
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/11/23 23:58:49 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\VIRUS\OTL.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/27 21:09:36 | 00,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/01/14 16:37:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/21 11:04:18 | 00,462,848 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\PWMUIAux.EXE
PRC - [2008/11/21 10:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2008/10/27 10:03:52 | 00,090,112 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2008/10/27 10:03:32 | 00,135,168 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2008/10/27 10:02:30 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2008/10/27 10:00:40 | 00,425,984 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2008/10/27 09:56:38 | 00,143,360 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2008/10/24 15:29:38 | 00,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2008/10/09 16:05:16 | 00,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe
PRC - [2008/09/30 16:37:28 | 00,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2008/09/29 10:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2008/08/20 23:04:56 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/08/20 23:04:52 | 01,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2008/08/20 16:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/08/20 16:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/08/20 16:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/08/18 18:45:42 | 01,448,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2008/08/18 18:45:42 | 00,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2008/08/18 18:45:42 | 00,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008/06/09 03:00:00 | 00,165,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2008/06/09 03:00:00 | 00,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/06/06 18:21:04 | 00,181,536 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2008/06/05 02:36:00 | 00,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008/05/14 16:32:28 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2008/05/14 16:25:12 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2008/05/14 16:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2008/05/14 16:09:34 | 00,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2008/05/14 16:07:04 | 00,057,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\launcheg.exe
PRC - [2008/05/02 01:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:42:18 | 00,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\LBTWiz.exe
PRC - [2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
PRC - [2008/05/02 01:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/25 15:25:20 | 00,787,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
PRC - [2008/04/25 15:25:12 | 00,191,752 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
PRC - [2008/04/24 17:53:24 | 01,036,288 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/04/13 19:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/24 14:41:22 | 00,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2007/11/29 13:04:00 | 00,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/08/03 18:35:38 | 02,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007/08/03 18:19:08 | 00,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2007/08/03 18:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/08/03 18:03:20 | 00,032,768 | ---- | M] ( ) -- C:\Program Files\Common Files\Lenovo\InvAgent\IA.exe
PRC - [2007/07/05 05:07:42 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2007/07/05 05:07:14 | 00,512,000 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/02/08 13:40:16 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2007/01/29 22:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/10/18 19:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/10/12 20:27:40 | 00,257,536 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2006/10/12 20:27:20 | 00,304,640 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2006/05/23 23:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/18 18:24:06 | 00,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/02/02 07:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004/07/27 18:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
========== Modules (SafeList) ==========
MOD - [2009/11/23 23:58:49 | 00,529,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\VIRUS\OTL.exe
MOD - [2009/07/12 01:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/01/14 16:37:00 | 01,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2009/01/14 16:37:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2008/08/18 18:44:04 | 00,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008/05/02 01:42:50 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/04/13 19:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 19:12:00 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mslbui.dll
MOD - [2008/04/13 19:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\framedyn.dll
MOD - [2007/07/05 05:07:36 | 00,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2006/10/12 20:26:26 | 00,198,144 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2005/06/10 11:30:56 | 00,002,560 | ---- | M] (Realtime Soft) -- C:\Program Files\UltraMon\Resources\en\RTSUltraMonHookRes.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/05/29 12:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/04/02 11:47:04 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/01/14 16:37:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/21 10:56:20 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2008/10/27 10:03:52 | 00,090,112 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2008/10/27 10:02:30 | 00,217,088 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2008/10/20 10:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2008/10/09 16:05:16 | 00,360,448 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\UpdateMonitor.exe -- (TVT_UpdateMonitor)
SRV - [2008/09/29 10:17:54 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2008/08/20 23:04:52 | 01,155,072 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2008/08/20 16:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/08/20 16:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/08/20 16:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/08/18 18:45:42 | 00,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2008/05/14 16:32:28 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2008/05/14 16:25:12 | 00,520,192 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2008/05/14 16:21:16 | 00,037,416 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2008/05/02 01:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/01/11 19:50:16 | 00,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/03 18:19:08 | 00,722,232 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2007/08/03 18:10:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/02/08 13:40:16 | 00,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2007/01/29 22:05:02 | 00,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/03 20:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)
SRV - [2006/05/23 23:08:06 | 00,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/11/14 03:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.2
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 02:00:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/17 13:50:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 06:47:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 06:47:29 | 00,000,000 | ---D | M]
[2008/08/30 20:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions
[2008/08/30 20:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/23 15:52:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\fc7vephb.default\extensions
[2009/06/24 08:59:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\fc7vephb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/24 09:29:27 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/07 06:47:29 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/05 22:26:00 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008/07/27 16:15:44 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/11/27 17:50:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009/03/17 13:50:57 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/07 10:21:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/22 17:29:39 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/04 18:59:50 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/03 21:37:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009/08/15 10:45:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/11/07 06:47:23 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/07 06:47:23 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2008/06/27 15:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/07 06:47:25 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/10/03 00:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2008/09/10 14:56:44 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2009/09/16 15:23:55 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/09/16 15:23:56 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/09/16 15:23:56 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/09/16 15:23:56 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/09/16 15:23:56 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/09/16 15:23:56 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/09/16 15:23:56 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/09/10 14:37:54 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/10/29 01:08:06 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/10/29 01:08:06 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2008/08/21 14:05:34 | 00,000,926 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\conduit.xml
[2009/10/29 01:08:06 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/10/29 01:08:06 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/10/29 01:08:06 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/10/29 01:08:06 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/10/29 01:08:06 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (GreenTree Applications, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto Serenity on QUARK] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\windows\System32\nwiz.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TpShocks] C:\windows\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [UltraMon] C:\Program Files\UltraMon\UltraMon.exe (Realtime Soft)
O4 - HKCU..\Run: [Simplify Media] C:\Program Files\Simplify Media\SimplifyMedia.exe (Simplify Media, Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1211426563171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\intu-qt2008 {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - C:\Program Files\Lenovo\HOTKEY\tphklock.dll - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/03/21 18:14:31 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (0)
========== Files/Folders - Created Within 14 Days ==========
[2009/11/24 09:19:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/11/24 09:18:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/11/24 09:18:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/11/24 09:18:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/11/24 09:18:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/24 09:18:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/11/24 00:36:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Application Data\Malwarebytes
[2009/11/24 00:34:43 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2009/11/24 00:34:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2009/11/24 00:34:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/24 00:27:31 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
[2009/11/24 00:26:29 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/24 00:09:28 | 00,000,000 | ---D | C] -- C:\LogiShrd
[2009/11/23 23:59:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\VIRUS
[2009/11/17 10:34:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\Reciepts
[2009/11/17 10:34:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Desktop\iFinance
[2008/03/21 18:39:58 | 00,167,936 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2008/03/21 18:39:58 | 00,053,248 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll
========== Files - Modified Within 14 Days ==========
[2009/11/24 09:31:00 | 00,000,260 | ---- | M] () -- C:\windows\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/24 09:20:56 | 05,505,024 | -H-- | M] () -- C:\Documents and Settings\Mark\NTUSER.DAT
[2009/11/24 09:19:23 | 00,025,269 | ---- | M] () -- C:\windows\System32\PROCDB.INI
[2009/11/24 09:19:22 | 00,126,856 | ---- | M] () -- C:\windows\System32\nvModes.001
[2009/11/24 09:19:17 | 00,000,298 | ---- | M] () -- C:\windows\tasks\PMTask.job
[2009/11/24 09:19:12 | 00,002,278 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/11/24 09:18:28 | 00,184,156 | ---- | M] () -- C:\windows\System32\nvapps.xml
[2009/11/24 09:18:05 | 00,000,380 | ---- | M] () -- C:\windows\System32\IPSCtrl.INI
[2009/11/24 09:17:56 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/11/24 09:17:54 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/11/24 09:17:51 | 21,289,16480 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/24 00:05:57 | 00,002,577 | ---- | M] () -- C:\windows\System32\CONFIG.NT
[2009/11/23 19:11:04 | 00,009,662 | ---- | M] () -- C:\windows\EPISME00.SWB
[2009/11/22 20:35:38 | 00,238,080 | ---- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/21 10:36:37 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Mark\ntuser.ini
[2009/11/19 19:02:59 | 00,000,280 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/11/19 13:01:22 | 00,053,760 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Resume - Mark Vesely.doc
[2009/11/19 13:01:06 | 00,053,760 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Resume - Mark Vesely - Nov.doc
[2009/11/17 17:36:11 | 00,392,192 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\THE MESSUAGE COMPLETE final draft.doc
[2009/11/11 18:39:54 | 00,267,800 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2009/11/10 13:32:17 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Mark\Desktop\Resume - Mark Vesely - Oct.doc
========== Files Created - No Company Name ==========
[2009/11/10 10:44:59 | 00,053,760 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Resume - Mark Vesely - Nov.doc
[2009/11/10 10:44:48 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\Mark\Desktop\Resume - Mark Vesely - Oct.doc
[2009/09/30 12:26:38 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\setup_ldm.iss
[2009/04/19 11:17:57 | 00,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2009/01/07 11:14:30 | 00,069,464 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\GDIPFONTCACHEV1.DAT
[2008/08/18 18:45:44 | 00,028,675 | ---- | C] () -- C:\windows\System32\re2iinh.dll
[2008/08/18 18:44:34 | 02,854,912 | ---- | C] () -- C:\windows\System32\btwicons.dll
[2008/07/27 16:14:06 | 00,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2008/07/13 21:22:05 | 00,238,080 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/06 10:11:43 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/06/14 08:31:39 | 04,813,030 | -H-- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\IconCache.db
[2008/06/14 08:31:39 | 00,069,464 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/14 08:31:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Mark\Application Data\desktop.ini
[2008/03/21 19:18:30 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2008/03/21 18:58:52 | 00,004,224 | ---- | C] () -- C:\windows\System32\drivers\IBMBLDID.sys
[2008/03/21 18:57:55 | 00,028,672 | ---- | C] () -- C:\windows\System32\eglowin.dll
[2008/03/21 18:53:21 | 00,000,126 | ---- | C] () -- C:\windows\wininit.ini
[2008/03/21 18:51:51 | 00,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008/03/21 18:51:51 | 00,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008/03/21 18:51:51 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008/03/21 18:51:51 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008/03/21 18:51:51 | 00,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008/03/21 18:51:51 | 00,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008/03/21 18:45:02 | 01,703,936 | ---- | C] () -- C:\windows\System32\nvwdmcpl.dll
[2008/03/21 18:45:02 | 01,019,904 | ---- | C] () -- C:\windows\System32\nvwimg.dll
[2008/03/21 18:45:02 | 00,466,944 | ---- | C] () -- C:\windows\System32\nvshell.dll
[2008/03/21 18:45:01 | 01,486,848 | ---- | C] () -- C:\windows\System32\nview.dll
[2008/03/21 18:41:41 | 00,007,168 | ---- | C] () -- C:\windows\System32\drivers\TSMAPIP.SYS
[2008/03/21 18:39:58 | 09,598,080 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2008/03/21 18:39:58 | 00,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008/03/21 18:38:58 | 00,077,824 | ---- | C] () -- C:\windows\System32\SynTPCoI.dll
[2008/03/21 18:37:43 | 00,004,442 | ---- | C] () -- C:\windows\System32\drivers\TPPWRIF.SYS
[2007/07/27 01:37:40 | 00,025,269 | ---- | C] () -- C:\windows\System32\PROCDB.INI
[2007/07/27 01:37:29 | 00,000,380 | ---- | C] () -- C:\windows\System32\IPSCtrl.INI
[2007/01/16 10:12:12 | 00,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2006/09/05 16:20:36 | 00,079,400 | ---- | C] () -- C:\windows\System32\DEVMAN.DLL
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/30 02:31:51 | 00,004,670 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2006/04/30 02:22:10 | 00,000,791 | ---- | C] () -- C:\windows\orun32.ini
[2006/04/30 02:13:35 | 00,000,000 | ---- | C] () -- C:\windows\control.ini
[2006/04/30 02:09:54 | 00,000,063 | ---- | C] () -- C:\windows\vbaddin.ini
[2006/04/30 02:09:54 | 00,000,036 | ---- | C] () -- C:\windows\vb.ini
[2006/04/30 02:09:23 | 00,013,223 | ---- | C] () -- C:\windows\System32\tslabels.ini
[2006/04/30 02:09:23 | 00,001,931 | ---- | C] () -- C:\windows\System32\msdtcprf.ini
[2006/04/30 01:56:30 | 00,004,126 | ---- | C] () -- C:\windows\System32\msdxmlc.dll
[2006/04/30 01:56:29 | 00,498,742 | ---- | C] () -- C:\windows\System32\dxmasf.dll
[2006/04/30 01:56:09 | 00,013,312 | ---- | C] () -- C:\windows\System32\win87em.dll
[2006/04/30 01:56:08 | 00,000,703 | ---- | C] () -- C:\windows\win.ini
[2006/04/30 01:56:06 | 00,053,478 | ---- | C] () -- C:\windows\System32\tcpmon.ini
[2006/04/30 01:56:06 | 00,015,360 | ---- | C] () -- C:\windows\System32\tsd32.dll
[2006/04/30 01:56:05 | 00,000,231 | ---- | C] () -- C:\windows\system.ini
[2006/04/30 01:55:59 | 00,270,848 | ---- | C] () -- C:\windows\System32\sbe.dll
[2006/04/30 01:55:59 | 00,010,240 | ---- | C] () -- C:\windows\System32\scriptpw.dll
[2006/04/30 01:55:58 | 00,012,082 | ---- | C] () -- C:\windows\System32\rsvp.ini
[2006/04/30 01:55:57 | 01,291,264 | ---- | C] () -- C:\windows\System32\quartz.dll
[2006/04/30 01:55:57 | 00,003,458 | ---- | C] () -- C:\windows\System32\rasctrs.ini
[2006/04/30 01:55:56 | 00,733,696 | ---- | C] () -- C:\windows\System32\qedwipes.dll
[2006/04/30 01:55:56 | 00,562,176 | ---- | C] () -- C:\windows\System32\qedit.dll
[2006/04/30 01:55:56 | 00,386,048 | ---- | C] () -- C:\windows\System32\qdvd.dll
[2006/04/30 01:55:56 | 00,279,040 | ---- | C] () -- C:\windows\System32\qdv.dll
[2006/04/30 01:55:56 | 00,192,512 | ---- | C] () -- C:\windows\System32\qcap.dll
[2006/04/30 01:55:56 | 00,006,877 | ---- | C] () -- C:\windows\System32\pschdprf.ini
[2006/04/30 01:55:56 | 00,000,343 | ---- | C] () -- C:\windows\System32\prodspec.ini
[2006/04/30 01:55:55 | 00,002,891 | ---- | C] () -- C:\windows\System32\perfci.ini
[2006/04/30 01:55:55 | 00,002,732 | ---- | C] () -- C:\windows\System32\perfwci.ini
[2006/04/30 01:55:55 | 00,001,152 | ---- | C] () -- C:\windows\System32\perffilt.ini
[2006/04/30 01:55:51 | 00,035,648 | ---- | C] () -- C:\windows\System32\ntio411.sys
[2006/04/30 01:55:51 | 00,035,424 | ---- | C] () -- C:\windows\System32\ntio412.sys
[2006/04/30 01:55:51 | 00,034,560 | ---- | C] () -- C:\windows\System32\ntio804.sys
[2006/04/30 01:55:51 | 00,034,560 | ---- | C] () -- C:\windows\System32\ntio404.sys
[2006/04/30 01:55:51 | 00,033,840 | ---- | C] () -- C:\windows\System32\ntio.sys
[2006/04/30 01:55:51 | 00,029,370 | ---- | C] () -- C:\windows\System32\ntdos411.sys
[2006/04/30 01:55:51 | 00,029,274 | ---- | C] () -- C:\windows\System32\ntdos412.sys
[2006/04/30 01:55:51 | 00,029,146 | ---- | C] () -- C:\windows\System32\ntdos804.sys
[2006/04/30 01:55:51 | 00,029,146 | ---- | C] () -- C:\windows\System32\ntdos404.sys
[2006/04/30 01:55:51 | 00,027,866 | ---- | C] () -- C:\windows\System32\ntdos.sys
[2006/04/30 01:55:49 | 00,002,656 | ---- | C] () -- C:\windows\System32\netware.drv
[2006/04/30 01:55:45 | 00,094,282 | ---- | C] () -- C:\windows\System32\msencode.dll
[2006/04/30 01:55:45 | 00,014,336 | ---- | C] () -- C:\windows\System32\msdmo.dll
[2006/04/30 01:55:45 | 00,010,110 | ---- | C] () -- C:\windows\System32\mqperf.ini
[2006/04/30 01:55:45 | 00,001,405 | ---- | C] () -- C:\windows\msdfmap.ini
[2006/04/30 01:55:43 | 00,035,328 | ---- | C] () -- C:\windows\System32\mciqtz32.dll
[2006/04/30 01:55:42 | 00,042,809 | ---- | C] () -- C:\windows\System32\key01.sys
[2006/04/30 01:55:42 | 00,042,537 | ---- | C] () -- C:\windows\System32\keyboard.sys
[2006/04/30 01:55:41 | 00,199,168 | ---- | C] () -- C:\windows\System32\ir32_32.dll
[2006/04/30 01:55:39 | 00,004,768 | ---- | C] () -- C:\windows\System32\himem.sys
[2006/04/30 01:55:38 | 01,015,477 | ---- | C] () -- C:\windows\System32\esentprf.ini
[2006/04/30 01:55:38 | 00,186,880 | ---- | C] () -- C:\windows\System32\encdec.dll
[2006/04/30 01:55:29 | 00,059,904 | ---- | C] () -- C:\windows\System32\devenum.dll
[2006/04/30 01:55:28 | 00,252,928 | ---- | C] () -- C:\windows\System32\compatui.dll
[2006/04/30 01:55:28 | 00,027,097 | ---- | C] () -- C:\windows\System32\country.sys
[2006/04/30 01:55:27 | 00,355,112 | ---- | C] () -- C:\windows\System32\msjetoledb40.dll
[2006/04/30 01:55:25 | 00,070,656 | ---- | C] () -- C:\windows\System32\amstream.dll
[2006/04/30 01:55:25 | 00,009,029 | ---- | C] () -- C:\windows\System32\ansi.sys
[2006/04/29 19:04:29 | 00,593,054 | ---- | C] () -- C:\windows\System32\PerfStringBackup.INI
[2006/04/29 19:04:28 | 00,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\windows\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\windows\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
[2001/08/17 17:36:28 | 00,157,696 | ---- | C] () -- C:\windows\System32\paqsp.dll
========== LOP Check ==========
[2009/11/24 09:18:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/11/24 09:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2009/11/24 09:18:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2009/11/24 09:19:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/24 09:19:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/09/18 23:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Adobe
[2009/09/16 17:45:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Apple Computer
[2006/04/29 19:04:07 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Mark\Application Data\desktop.ini
[2009/06/22 17:07:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Downloaded Installations
[2008/10/05 10:38:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\EPSON
[2009/06/15 10:49:43 | 00,069,464 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/08 01:47:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\HandBrake
[2008/09/16 19:18:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Help
[2009/06/27 20:44:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Hi
[2008/03/21 18:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Identities
[2008/03/21 18:39:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\InstallShield
[2009/02/07 11:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Intel
[2009/08/16 19:04:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\InterVideo
[2008/12/22 19:08:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Lenovo
[2008/06/14 08:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Logitech
[2008/06/18 00:05:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Macromedia
[2009/11/24 00:36:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Malwarebytes
[2008/11/17 21:15:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Media Player Classic
[2009/11/09 18:05:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Mark\Application Data\Microsoft
[2008/08/30 20:36:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Mozilla
[2009/04/19 11:20:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\pdfforge
[2008/12/29 09:55:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Real
[2009/03/30 18:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Realtime Soft
[2009/04/19 11:20:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Search Settings
[2009/09/30 12:26:38 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\setup_ldm.iss
[2009/11/16 01:52:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Skype
[2009/11/09 16:09:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\skypePM
[2008/09/25 19:49:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Sonic
[2008/11/20 21:50:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Sun
[2008/06/18 00:05:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\Talkback
[2009/11/07 23:35:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mark\Application Data\uTorrent
[2009/11/19 19:02:59 | 00,000,280 | ---- | M] () -- C:\windows\Tasks\AppleSoftwareUpdate.job
[2009/11/24 09:31:00 | 00,000,260 | ---- | M] () -- C:\windows\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 07:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
[2009/11/24 09:19:17 | 00,000,298 | ---- | M] () -- C:\windows\Tasks\PMTask.job
[2009/11/24 09:17:56 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\drivers\other\iastor.sys
[2008/11/03 17:56:40 | 00,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\Program Files\Lenovo\System Update\session\7zim57ww\IaStor.sys
[2009/02/11 16:11:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Lenovo\System Update\session\7zim64ww\IaStor.sys
[2007/02/11 23:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\SWTOOLS\DRIVERS\IMSM\iastor.sys
[2009/02/11 16:11:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/11/03 17:56:40 | 00,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A32D58C5 -- C:\WINDOWS\system32\ReinstallBackups\0021\DriverFiles\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2007/04/03 05:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2004/08/04 01:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
< %SYSTEMDRIVE%\viamraid.sys /s /md5 >
< %SYSTEMDRIVE%\nvata.sys /s /md5 >
< %SYSTEMDRIVE%\nvgts.sys /s /md5 >
< %SYSTEMDRIVE%\iastorv.sys /s /md5 >
< %SYSTEMDRIVE%\ViPrt.sys /s /md5 >
< End of report >
OTL EXTRAS LOG:
OTL Extras logfile created on: 24/11/2009 9:31:05 AM - Run 1
OTL by OldTimer - Version 3.1.8.0 Folder = C:\Documents and Settings\Mark\Desktop\VIRUS
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1.98 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.59% Memory free
3.83 Gb Paging File | 3.28 Gb Available in Paging File | 85.53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 86.45 Gb Total Space | 11.24 Gb Free Space | 13.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: Q
Current User Name: Mark
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"6112:TCP" = 6112:TCP:*:Enabled:Warcraft II
"6112:UDP" = 6112:UDP:*:Enabled:Warcraft II BNE
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Warcraft II BNE\Warcraft II BNE.exe" = C:\Program Files\Warcraft II BNE\Warcraft II BNE.exe:*:Enabled:Warcraft II Battle.net Edition -- (Blizzard Entertainment)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Simplify Media\SimplifyMedia.exe" = C:\Program Files\Simplify Media\SimplifyMedia.exe:*:Enabled:Simplify Media -- (Simplify Media, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}" = QuickTax 2007
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AF47C4E-065B-FF3F-93DE-8D9AD4E8C10D}" = TweetDeck
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AA0D2D5F-612B-45D3-8759-DA87206E5CC9}" = QuickTax 2008
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E67FF1A2-23C1-4102-84E9-42115F77AD32}" = UltraMon
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EF8FD9A7-A0E0-473F-A18E-AD1933C9E366}" = Simplify Media
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Ask Toolbar_is1" = Ask Toolbar
"AwayTask" = Maintenance Manager
"beaTunes-1.2.15" = tagtraum industries beaTunes 1.2.15
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD43_is1" = DVD43 v4.4.1
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"HandBrake" = HandBrake 0.9.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Pdf995" = Pdf995
"Picasa2" = Picasa 2
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"PS3Eye Camera" = PS3Eye Camera 3.0.0.0901
"RealAlt_is1" = Real Alternative 1.9.0
"Remove Multimedia Center" = Remove Multimedia Center
"Starcraft" = Starcraft
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"uTorrent" = µTorrent
"Warcraft II BNE" = Warcraft II BNE
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24/11/2009 1:40:08 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
Error - 24/11/2009 1:40:08 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
Error - 24/11/2009 1:40:08 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
Error - 24/11/2009 1:40:08 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
Error - 24/11/2009 1:40:08 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
Error - 24/11/2009 1:40:08 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
Error - 24/11/2009 10:25:05 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
Error - 24/11/2009 10:25:10 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
Error - 24/11/2009 10:25:15 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
Error - 24/11/2009 10:25:19 AM | Computer Name = Q | Source = nview_info | ID = 11141121
Description =
[ Lenovo-Message Center Plus/Admin Events ]
Error - 29/06/2009 1:42:51 AM | Computer Name = Q | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file size of the downloaded file /TOC.cab is not the same as the
file size of the file on the server
Error - 29/06/2009 1:42:51 AM | Computer Name = Q | Source = Lenovo-Message Center Plus/Admin | ID = 4
Description = The file C:\Documents and Settings\All Users\Application Data\Lenovo\MessageCenterPlus\ServerRepository\temp\TOC.cab
does not have a Lenovo Digital Signature. The file will be deleted
[ System Events ]
Error - 24/11/2009 1:16:04 AM | Computer Name = Q | Source = Service Control Manager | ID = 7023
Description = The Business Contact Manager SQL Server Startup Service service terminated
with the following error: %%2147942403
Error - 24/11/2009 1:16:04 AM | Computer Name = Q | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the System Update service
to connect.
Error - 24/11/2009 1:16:04 AM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The System Update service failed to start due to the following error:
%%1053
Error - 24/11/2009 3:39:04 AM | Computer Name = Q | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.
Error - 24/11/2009 10:09:02 AM | Computer Name = Q | Source = Service Control Manager | ID = 7034
Description = The ThinkPad PM Service service terminated unexpectedly. It has done
this 1 time(s).
Error - 24/11/2009 10:09:09 AM | Computer Name = Q | Source = Service Control Manager | ID = 7034
Description = The Logitech Bluetooth Service service terminated unexpectedly. It
has done this 1 time(s).
Error - 24/11/2009 10:09:09 AM | Computer Name = Q | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 24/11/2009 10:19:05 AM | Computer Name = Q | Source = Service Control Manager | ID = 7023
Description = The Business Contact Manager SQL Server Startup Service service terminated
with the following error: %%2147942403
Error - 24/11/2009 10:19:05 AM | Computer Name = Q | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the System Update service
to connect.
Error - 24/11/2009 10:19:05 AM | Computer Name = Q | Source = Service Control Manager | ID = 7000
Description = The System Update service failed to start due to the following error:
%%1053
< End of report >
Sign In
Create Account
