Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.dropper? Plus others?

Started by SFischl , Jan 22 2010 06:51 PM

  • Please log in to reply

#1
SFischl
Posted 22 January 2010 - 06:51 PM

SFischl

    New Member

  • Member
  • Pip
  • 1 posts
Hey All,

In the past I have been somewhat successful in eradicating the viruses, spyware, malware, etc. from my computer. Unfortunately, I have a mean infection on my current laptop. At the begining of this mess, I was not able to use IE, as it would crash when a web address was typed in. Additionally, I couldn't get into safe mode as the machine would just give me that blue screen saying WIndows encountered an unexpected problem, and it had to restart every time I tried that. Also, when I restart my machine, for a few seconds Windows Security gives me an error that Symantec AV has been turned off. By the time Windows brings up the window, Norton is working though. I am not sure if that is an initialization issue or something to do with whatever got on here. Another issue is that every few pages I am re directed to another (legitimate) website for some reason. For example, if I try to go to cnn.com five times, once I'll get sent to Turbotax.com.

I am now able to get onto IE, after got into that Content folder inside Temp Internet Files, and deleted everything including an exe after Auto-Protect notified me of Trojan.dropper residing there. That definitely helped, but something is still on here.

I ran the TFC and ERUNT tools with success. MalwareBytes says the system is not infected (as does Symantec). Norton says everything is clean. For some reason GMER Rootkit does not run, it gets part way through the scan then stops and will not go any further, so I can't get a log there. I do have the MBAM and OTL logs though (below). Additionally, I ran a HiJack this log and looked through it without anything jumping out at me. I can post that log as well if you want, but it looks like hijackthis isn't what it used to be since being bought.

Any help or assistance with this one is highly appreciated. Thanks in advance!

```````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````
MBAM Log

Malwarebytes' Anti-Malware 1.44
Database version: 3603
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

1/22/2010 4:50:30 PM
mbam-log-2010-01-22 (16-50-30).txt

Scan type: Full Scan (C:\|)
Objects scanned: 467861
Time elapsed: 1 hour(s), 34 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````````
OTL Logs

OTL.txt

OTL logfile created on: 1/22/2010 2:59:49 PM - Run 2
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\user\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 81.00 Gb Free Space | 54.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 766.81 Gb Free Space | 82.32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 5973.34 Gb Total Space | 5001.79 Gb Free Space | 83.74% Space Free | Partition Type: NTFS

Computer Name: user-LT3
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/20 12:22:06 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
PRC - [2009/10/22 04:43:30 | 00,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2009/10/19 15:50:14 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009/10/09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009/10/09 13:11:12 | 00,078,008 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
PRC - [2009/10/06 00:00:00 | 00,588,288 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Notepad2.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/20 08:38:30 | 00,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/04 03:32:00 | 00,062,240 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/07/28 00:02:00 | 00,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/07/15 09:18:02 | 00,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/06/12 09:55:48 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/05/21 19:48:38 | 00,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/05/11 15:43:58 | 00,141,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2009/05/11 15:43:54 | 00,250,904 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2009/05/11 15:43:52 | 00,142,872 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2009/05/11 15:43:40 | 00,173,592 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 15:28:36 | 00,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/19 18:08:44 | 00,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2009/03/13 16:32:48 | 00,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/27 06:54:22 | 00,870,672 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/02/27 05:55:20 | 00,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/02/27 05:38:38 | 00,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/13 14:53:20 | 01,025,928 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\Endpoint Security\iclient.exe
PRC - [2009/02/13 14:53:14 | 02,368,392 | R--- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/13 14:53:08 | 00,068,488 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe
PRC - [2009/02/02 17:04:10 | 00,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/12/23 08:07:16 | 00,577,024 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/25 12:20:03 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/10/06 10:14:18 | 00,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2008/10/06 10:06:48 | 01,323,008 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/09/30 17:41:14 | 00,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2008/09/30 17:41:08 | 00,116,664 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2008/09/30 17:41:04 | 01,956,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/09/30 17:40:56 | 00,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/09/04 13:35:10 | 00,610,304 | ---- | M] (Kaseya) -- C:\Program Files\Kaseya\Agent\AgentMon.exe
PRC - [2008/09/04 13:35:10 | 00,229,376 | ---- | M] (Kaseya) -- C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
PRC - [2008/08/31 10:02:00 | 00,165,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2008/08/31 10:02:00 | 00,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE
PRC - [2008/06/24 18:17:38 | 00,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/06/24 18:17:36 | 00,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008/06/24 18:17:34 | 00,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/06/04 09:36:00 | 00,242,976 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2008/05/29 00:10:56 | 02,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/05/29 00:10:48 | 00,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 09:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008/03/04 09:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/09/26 16:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/26 19:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/07/16 11:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/05/20 21:13:24 | 00,055,912 | ---- | M] (Compuware Corporation) -- C:\Program Files\Compuware\DevPartner Studio\Analysis\NCS.exe
PRC - [2007/04/10 16:48:42 | 00,040,960 | ---- | M] (Compuware Corporation) -- C:\Program Files\Common Files\Compuware\NMShared\Injector\2.12\DPInjCfgService.exe
PRC - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/20 12:22:06 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
MOD - [2008/04/13 16:11:55 | 00,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\iphlpapi.dll
MOD - [2008/04/13 16:11:51 | 00,640,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dbghelp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/22 04:44:24 | 00,395,824 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:44:18 | 00,113,200 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:44:08 | 00,334,384 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 00,563,760 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 00,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/07/28 00:02:00 | 00,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/07/15 09:18:02 | 00,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/08 12:51:00 | 00,349,528 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2009/07/03 17:47:10 | 00,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/06/12 09:55:48 | 00,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/03/30 15:28:36 | 01,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/19 18:08:44 | 00,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2009/02/27 06:54:22 | 00,870,672 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/02/27 05:55:20 | 00,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/02/27 05:38:38 | 00,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/02/13 14:53:14 | 02,368,392 | R--- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/25 12:20:03 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/09/30 17:41:08 | 00,116,664 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/09/30 17:41:04 | 01,956,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/30 17:40:56 | 00,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/09/12 01:58:40 | 00,258,048 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe -- (Franson GpsGate 2.0)
SRV - [2008/09/04 14:09:02 | 00,111,896 | ---- | M] (PCTEL) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2008/09/04 13:35:10 | 00,610,304 | ---- | M] (Kaseya) [Auto | Running] -- C:\Program Files\Kaseya\Agent\AgentMon.exe -- (KaseyaAgent)
SRV - [2008/08/20 15:50:30 | 00,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/06/24 18:17:38 | 00,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/06/24 18:17:36 | 00,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2008/05/29 00:10:56 | 02,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS) Intel®
SRV - [2008/05/29 00:10:48 | 00,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2008/04/25 08:15:24 | 01,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/03/24 07:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/03/18 02:28:46 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\cygwin\bin\cygrunsrv.exe -- (BrlAPI)
SRV - [2008/03/04 09:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/09/26 16:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/26 19:25:20 | 01,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/07/16 11:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/05/20 21:13:24 | 00,055,912 | ---- | M] (Compuware Corporation) [Auto | Running] -- C:\Program Files\Compuware\DevPartner Studio\Analysis\NCS.exe -- (NCS)
SRV - [2007/05/15 18:08:40 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2007/04/10 16:48:42 | 00,040,960 | ---- | M] (Compuware Corporation) [Auto | Running] -- C:\Program Files\Common Files\Compuware\NMShared\Injector\2.12\DPInjCfgService.exe -- (dpinjsvc)
SRV - [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/02 06:17:54 | 02,805,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
SRV - [2006/06/29 21:57:50 | 00,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2005/10/14 03:53:50 | 00,087,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:3.6.1.115
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/20 12:00:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/20 10:39:40 | 00,000,000 | ---D | M]

[2009/11/10 16:39:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/01/20 09:41:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ltar7hcg.default\extensions
[2009/12/14 15:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ltar7hcg.default\extensions\[email protected]
[2009/11/12 11:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\ltar7hcg.default\extensions\[email protected]
[2010/01/20 10:39:40 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/25 12:20:22 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

O1 HOSTS File: ([2004/08/04 04:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Internet Explorer Plugin) - {2AF9C022-C582-4E35-931C-408E568ABA92} - C:\WINDOWS\System32\mkig.dll (Rox)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Check Point Endpoint Tray Application] C:\Program Files\Common Files\Check Point\UIFramework\cptray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Kaseya Agent Service Helper] C:\Program Files\Kaseya\Agent\KaUsrTsk.exe (Kaseya)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2008/11/25 12:29:56 | 00,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000049 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000050 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1264197849222 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_10)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.12 10.0.1.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = sanjose.telcontar.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (CSGina.dll) - C:\WINDOWS\System32\CSGina.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/29 23:13:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/11/20 16:06:37 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2010/01/22 14:15:33 | 00,043,008 | ---- | C] (Rox) -- C:\WINDOWS\System32\mkig.dll
[2010/01/21 10:28:53 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setupstart.exe
[2010/01/20 14:58:52 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/20 12:22:06 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
[2010/01/20 10:41:32 | 00,000,000 | ---D | C] -- C:\Program Files\YouSendIt
[2010/01/20 10:27:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2010/01/20 10:27:04 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/20 10:27:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/20 10:27:02 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/20 10:27:02 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/20 10:26:47 | 05,115,840 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup.exe
[2010/01/20 10:26:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/20 10:26:12 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/20 10:25:59 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\user\My Documents\erunt_setup.exe
[2010/01/20 10:21:09 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\TFC.exe
[2010/01/19 20:13:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My FME Workspaces
[2010/01/19 12:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\New Folder
[2010/01/11 12:07:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
[2010/01/11 11:47:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/12/21 20:33:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2009/12/07 08:43:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\VMware
[2009/11/24 11:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/10/20 13:59:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/01/15 16:47:16 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/11/25 12:31:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2008/11/24 23:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Bytemobile
[2008/11/20 16:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ericsson
[2008/11/20 15:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2008/11/20 15:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Intel

========== Files - Modified Within 14 Days ==========

[2010/01/22 15:01:00 | 00,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/01/22 14:52:32 | 00,529,982 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/01/22 14:52:32 | 00,448,956 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/01/22 14:52:32 | 00,074,232 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/01/22 14:49:31 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/22 14:48:37 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/22 14:48:30 | 00,352,588 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/22 14:48:09 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2010/01/22 14:47:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 14:47:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/22 14:47:03 | 31,122,02240 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/22 14:29:43 | 05,242,880 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/01/22 14:29:43 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/01/22 14:15:33 | 00,043,008 | ---- | M] (Rox) -- C:\WINDOWS\System32\mkig.dll
[2010/01/22 14:15:33 | 00,003,566 | ---- | M] () -- C:\WINDOWS\System32\qdb
[2010/01/22 14:12:05 | 00,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1362781054-1362641840-622671684-5299UA.job
[2010/01/21 15:12:00 | 00,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1362781054-1362641840-622671684-5299Core.job
[2010/01/21 15:09:49 | 02,672,312 | ---- | M] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe
[2010/01/21 10:28:53 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setupstart.exe
[2010/01/20 16:31:17 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\user\Desktop\PND OpptysUpdatedSJF_v3.xls
[2010/01/20 16:26:30 | 00,097,354 | ---- | M] () -- C:\Documents and Settings\user\Desktop\bookmarks.html
[2010/01/20 16:07:49 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Copy of PND OpptysUpdatedSJF_v3.xls
[2010/01/20 15:11:13 | 01,615,732 | ---- | M] () -- C:\Documents and Settings\user\My Documents\ProcessExplorer.zip
[2010/01/20 14:58:53 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk
[2010/01/20 12:45:51 | 00,000,368 | ---- | M] () -- C:\Documents and Settings\user\Desktop\GenNmeaComConfig.xml
[2010/01/20 12:32:49 | 00,172,854 | ---- | M] () -- C:\Documents and Settings\user\Desktop\untitled.bmp
[2010/01/20 12:22:06 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\OTL.exe
[2010/01/20 12:18:47 | 00,321,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/20 11:56:29 | 00,000,311 | ---- | M] () -- C:\Documents and Settings\user\Desktop\TTSConfig.ini
[2010/01/20 10:51:34 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\user\My Documents\gmer.zip
[2010/01/20 10:41:34 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouSendIt.lnk
[2010/01/20 10:39:43 | 00,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/20 10:33:14 | 06,434,348 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/01/20 10:27:07 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/20 10:26:48 | 05,115,840 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\My Documents\mbam-setup.exe
[2010/01/20 10:25:59 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\user\My Documents\erunt_setup.exe
[2010/01/20 10:21:09 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\TFC.exe
[2010/01/19 16:42:39 | 00,072,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\60310932.sys
[2010/01/18 14:47:40 | 00,001,992 | -H-- | M] () -- C:\Documents and Settings\user\My Documents\Default.rdp
[2010/01/15 13:03:13 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/15 12:16:43 | 00,028,923 | ---- | M] () -- C:\Documents and Settings\user\Desktop\LongTrip.rtf
[2010/01/13 20:19:22 | 00,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/13 20:19:22 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/13 20:19:22 | 00,000,210 | RHS- | M] () -- C:\boot.ini
[2010/01/13 20:08:14 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/08 16:32:19 | 00,006,435 | ---- | M] () -- C:\WINDOWS\System32\WORK.DAT
[2010/01/08 16:32:08 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\wupd.dat

========== Files Created - No Company Name ==========

[2010/01/22 14:15:33 | 00,003,566 | ---- | C] () -- C:\WINDOWS\System32\qdb
[2010/01/21 15:09:24 | 02,672,312 | ---- | C] () -- C:\Documents and Settings\user\Desktop\esetsmartinstaller_enu.exe
[2010/01/20 16:26:30 | 00,097,354 | ---- | C] () -- C:\Documents and Settings\user\Desktop\bookmarks.html
[2010/01/20 15:11:13 | 01,615,732 | ---- | C] () -- C:\Documents and Settings\user\My Documents\ProcessExplorer.zip
[2010/01/20 14:58:53 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk
[2010/01/20 12:52:59 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\user\My Documents\gmer.exe
[2010/01/20 12:32:49 | 00,172,854 | ---- | C] () -- C:\Documents and Settings\user\Desktop\untitled.bmp
[2010/01/20 11:15:35 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\user\Desktop\100120 prospects.xls
[2010/01/20 10:51:34 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\user\My Documents\gmer.zip
[2010/01/20 10:41:34 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouSendIt.lnk
[2010/01/20 10:39:43 | 00,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/20 10:27:07 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 16:42:39 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\60310932.sys
[[2010/01/13 20:08:14 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/12 08:05:33 | 00,720,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/01/08 16:32:08 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat
[2010/01/08 16:31:50 | 00,006,435 | ---- | C] () -- C:\WINDOWS\System32\WORK.DAT
[2009/12/15 17:25:13 | 00,022,675 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Comma Separated Values (Windows).ADR
[2009/11/17 09:07:08 | 00,008,192 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 10:52:10 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\user\Application Data\$_hpcst$.hpc
[2009/11/11 10:27:28 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/07/08 12:49:38 | 02,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/01/15 13:32:32 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2009/01/15 13:10:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/12/08 15:55:48 | 00,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2008/11/25 08:10:16 | 00,000,391 | ---- | C] () -- C:\WINDOWS\qex.ini
[2008/11/25 08:10:16 | 00,000,211 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/11/25 08:10:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2008/11/25 07:51:14 | 00,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/25 00:16:30 | 00,000,233 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/11/24 23:23:13 | 00,026,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/11/24 23:10:13 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2008/11/20 16:24:52 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/20 16:04:19 | 00,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2008/11/20 16:04:19 | 00,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/20 16:01:57 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/11/20 16:01:57 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/11/20 16:01:57 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/11/20 16:01:57 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/11/20 16:01:57 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/11/20 16:01:57 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/11/20 15:53:02 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4957.dll
[2008/11/20 15:50:05 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/09/12 01:58:50 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\GpsGateComClient.dll
[2008/09/12 01:56:54 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\GateApiXP.dll
[2007/07/16 11:58:10 | 00,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 11:58:00 | 00,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2006/04/29 23:31:51 | 00,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/29 23:22:10 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/09/21 14:05:30 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\GpsToolsXP.dll
[2005/09/21 14:05:30 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\GpsViewXP.dll
[2005/09/21 14:05:30 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\MapLibXP.dll
[2005/09/21 14:05:28 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\GpsShapeXP.dll
[2005/02/17 11:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2008/11/25 07:57:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2008/11/24 23:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/01/15 17:00:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Compuware
[2008/11/20 16:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ericsson
[2009/12/16 13:21:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBoingo
[2008/11/20 16:09:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2008/11/20 16:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/01/15 16:14:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
[2008/11/20 16:04:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/11/11 10:33:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/12/11 11:04:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BitZipper
[2009/11/23 17:58:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Ericsson
[2010/01/20 14:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FileZilla
[2009/11/11 10:26:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Jujusoft
[2008/11/20 16:09:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Lenovo
[2009/11/19 16:20:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\MapWindow
[2009/11/20 09:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2010/01/07 10:18:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PentaWare
[2009/11/10 17:39:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Safe Software
[2009/11/10 16:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Subversion
[2009/11/23 17:34:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\YouSendIt
[2010/01/22 14:48:09 | 00,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
[2010/01/22 15:01:00 | 00,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/25 07:30:48 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/25 07:30:48 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/25 07:30:48 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/25 07:30:48 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/04/03 02:39:42 | 00,096,384 | ---- | M] (Microsoft Corporation) MD5=2218E3FD674DC284CE98C807086CAB14 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/02/16 07:02:03 | 00,029,696 | ---- | M] () MD5=42D6BD44E3152ACBB3DD0F5F55A63D8F -- C:\cygwin\lib\perl5\vendor_perl\5.10\i686-cygwin\auto\Win32\EventLog\EventLog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2009/02/11 16:11:50 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Lenovo\System Update\session\7zim64ww\IaStor.sys
[2010/01/21 11:45:05 | 00,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008/09/12 13:32:56 | 00,327,192 | ---- | M] (Intel Corporation) MD5=8EF427C54497C5F8A7A645990E4278C7 -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\iaStor.sys
[2008/07/21 22:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\drivers\other\IaStor.sys
[2008/07/21 22:33:02 | 00,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\SWTOOLS\DRIVERS\IMSM\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >



Extras.txt

OTL Extras logfile created on: 1/20/2010 12:22:33 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\user\My Documents
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 81.19 Gb Free Space | 54.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931.51 Gb Total Space | 766.86 Gb Free Space | 82.32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 5973.34 Gb Total Space | 5030.49 Gb Free Space | 84.22% Space Free | Partition Type: NTFS

Computer Name: LT3
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1362781054-1362641840-622671684-5299\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\VMware\VMware Player\vmware-authd.exe" = C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:True Vector -- (Check Point Software Technologies LTD)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0A399F13-2F24-4318-B632-D27B7FCCB43A}" = TortoiseSVN 1.5.6.14908 (32 bit)
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{12F9942A-E85D-44A6-B054-0B3BC9009625}" = Opera 10.01
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{1CBE3804-20DF-48DA-B048-895C206E80A5}" = Microsoft SQL Server VSS Writer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{235C31BC-BBAE-4932-9F17-15395C65907B}" = Boingo Wi-Fi
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 10
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Drag-to-Disc
"{3248F0A8-6813-11D6-A77B-00B0D0150160}" = J2SE Runtime Environment 5.0 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{437AB8E0-FB69-4222-B280-A64F3DE22591}" = Microsoft Visual Studio 2005 Professional Edition - ENU
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{48C76121-4F90-11D5-9884-0050BA85A903}" = Kaseya Agent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business Edition
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5E09E82C-004D-4F08-B051-46DE6D79F71A}" = Microsoft Visual C++ Redist - ENU
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{64211D43-D195-413C-A7E7-666C10B53E1F}" = Ericsson Wireless Module Core
"{64AC69A8-A76B-445C-B573-38EE630B3E50}" = ScanSoft RealSpeak Solo v4.0.2 SDK
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6D5E4E4C-F695-45B3-8863-6B834D584CAC}" = ThinkVantage GPS
"{705CBC9E-895C-407E-A307-9C6DFE7C1C2C}" = Compuware DevPartner for Visual C++ BoundsChecker Suite
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{800D6604-D767-434D-8931-852BA4D88A8D}" = Franson GpsGate 2.6
"{813B302C-2014-4166-B5D2-8C211AE4F22E}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9360267B-E51A-4E75-BFA5-CE1AE23CD945}" = AT&T Communication Manager
"{9579E862-5FC7-4337-B1CC-5E37451524C5}" = Motorola Driver Installation
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E88CA9E-2F99-4F1C-96AC-81E4D2ED02F6}" = dMapTool
"{9EB42A4A-9521-4BD4-BBD9-3288A5259D9D}" = IBM Rational PurifyPlus for Windows
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AD8A1013-4E46-4E02-85C2-3168C3328432}" = Symantec AntiVirus
"{B05B22B8-72AE-4DC3-8D6F-FBC2233CAF41}" = Roxio Creator Business Edition
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{BF251EAF-8697-4E89-BF09-C998F97BBC40}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C74F867E-B65D-4CA0-9C14-CE1E1AB82EE6}" = Check Point Endpoint Security - Secure Access
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{DB34E5AF-6DC0-4C21-8A70-EAEA2CECE469}" = Mobile Broadband Connect
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F22FD942-651D-4EE8-BD6F-7E0AF5E17625}" = Intel® PROSet/Wireless WiFi Software
"{F804CAE5-50B2-4646-803A-A428325237CA}" = Driver Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BitZipper_is1" = BitZipper 2009
"CMake 2.6" = CMake 2.6 a cross-platform, open-source build system
"CNXT_AUDIO_HDA" = Conexant 20561 SmartAudio HD
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"CutePDF Writer Installation" = CutePDF Writer 2.8
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.1.1.1
"FME Desktop 2009" = FME Desktop 2009
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"ITPM" = Intel® Trusted Platform Module
"jujuedit" = JujuEdit 1.44
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Lookout" = Lookout
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapWindow GIS_is1" = MapWindow GIS
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Professional Edition - ENU" = Microsoft Visual Studio 2005 Professional Edition - ENU
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"PDFCreator Toolbar" = PDFCreator Toolbar
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel® Network Connections Drivers
"PuTTY_is1" = PuTTY version 0.60
"Quicken ExpensAble Business Edition" = Quicken ExpensAble Business Edition
"Skyhook Wireless Wi-Fi Service" = Skyhook Wireless Wi-Fi Service
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VMware_Player" = VMware Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.3 beta
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1362781054-1362641840-622671684-5299\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2010 2:23:42 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 1/20/2010 2:23:43 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = Failed to unregister for device notifications

Error - 1/20/2010 2:35:19 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 1/20/2010 2:35:20 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = Failed to unregister for device notifications

Error - 1/20/2010 3:09:51 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 1/20/2010 3:09:52 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = Failed to unregister for device notifications

Error - 1/20/2010 3:47:24 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 1/20/2010 3:47:25 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = Failed to unregister for device notifications

Error - 1/20/2010 4:19:22 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 1/20/2010 4:19:23 PM | Computer Name = LT3 | Source = LMS | ID = 2
Description = Failed to unregister for device notifications

[ System Events ]
Error - 1/20/2010 4:20:36 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/20/2010 4:20:36 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/20/2010 4:20:46 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/20/2010 4:21:22 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/20/2010 4:21:39 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/20/2010 4:21:39 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/20/2010 4:21:39 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/20/2010 4:21:39 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/20/2010 4:21:39 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 1/20/2010 4:21:59 PM | Computer Name = LT3 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP