Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Searches Redirect

Started by wahooligan9 , May 23 2011 07:59 AM

  • This topic is locked This topic is locked

#1
wahooligan9
Posted 23 May 2011 - 07:59 AM

wahooligan9

    New Member

  • Member
  • Pip
  • 3 posts
Hi there,

I'm new to the forum, so my apologies if I make any rookie mistakes. My system is running fine in general; however, often when I click Google Search results (in both Firefox and Internet Explorer), I am redirected to spam-looking sites. The sites vary and it's unpredictable as to when I'm redirected. It's not 100% of the time and it doesn't occur with specific domains. I have run AdAware, Spybot, and Malware Byes, but have not had any luck resolving this issue. Below you will find my OTL log. Thanks again to whoever decides to help out!

---------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 5/23/2011 8:45:16 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 59.64% Memory free
4.77 Gb Paging File | 3.68 Gb Available in Paging File | 77.16% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 264.91 Gb Free Space | 88.87% Space Free | Partition Type: NTFS

Computer Name: CH2-R80CZX4 | User Name: user | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 08:45:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2011/04/29 16:38:18 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2011/04/29 16:38:12 | 000,380,988 | ---- | M] (McAfee, Inc.) -- C:\Program Files\SafeBoot\SbClientManager.exe
PRC - [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/07 16:51:48 | 000,153,088 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/02/07 16:50:38 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/09/03 04:12:10 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2010/05/20 12:25:08 | 000,385,024 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\softmon.exe
PRC - [2010/02/25 18:45:48 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/01/18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2010/01/06 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/01/06 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2010/01/06 01:13:00 | 000,132,456 | ---- | M] (Lenovo.) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
PRC - [2010/01/06 01:13:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
PRC - [2009/12/21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/12/10 04:50:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/19 21:44:34 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/11/17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe
PRC - [2009/11/11 17:33:10 | 000,078,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
PRC - [2009/11/09 13:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\cammute.exe
PRC - [2009/10/23 18:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/10/01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/22 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/09/22 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/09/21 14:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/09/21 14:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009/09/21 14:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/08/03 06:11:28 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\policy.client.invoker.exe
PRC - [2009/04/17 06:22:00 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\rcgui.exe
PRC - [2009/04/15 06:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\issuser.exe
PRC - [2009/03/23 10:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\Shared Files\residentAgent.exe
PRC - [2009/03/10 06:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\LocalSch.EXE
PRC - [2009/03/05 16:28:26 | 000,059,760 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
PRC - [2008/12/04 06:12:38 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\collector.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDESK\LDCLIENT\tmcsvc.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/05/27 13:24:52 | 000,310,272 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 08:45:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/29 16:38:12 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\SafeBoot\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2011/02/07 16:51:48 | 000,153,088 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2010/09/03 04:12:10 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2010/07/27 18:19:06 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/05/20 12:25:08 | 000,385,024 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2010/02/25 18:45:48 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/01/18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/01/06 01:13:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/01/06 01:13:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/11/17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (Lenovo.micmute)
SRV - [2009/11/09 13:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV - [2009/10/23 18:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/21 14:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 14:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/09/21 14:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/03 06:11:28 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/04/15 06:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDESK\LDCLIENT\issuser.exe -- (ISSUSER)
SRV - [2009/03/23 10:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/03/10 06:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2008/04/15 08:47:58 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDESK\LDCLIENT\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/04/29 16:38:13 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sbalg.sys -- (SBAlg)
DRV - [2011/04/29 16:38:11 | 000,034,480 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sbflop.sys -- (SBFlop)
DRV - [2011/04/29 16:38:11 | 000,015,248 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sbprcctl.sys -- (SbPrcCtl)
DRV - [2011/04/29 16:38:10 | 000,103,760 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\safeboot.sys -- (SafeBoot)
DRV - [2011/04/29 16:38:10 | 000,033,328 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2011/04/29 16:38:10 | 000,006,496 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/10/15 01:29:14 | 000,260,864 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/07/27 18:12:04 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/07/27 18:09:40 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/03/01 09:14:00 | 000,992,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/03/01 09:14:00 | 000,047,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/06 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/01/06 01:13:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/01/06 01:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2009/12/14 17:30:14 | 001,713,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/12/10 09:33:34 | 000,167,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/12/10 04:50:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009/10/27 08:53:16 | 000,126,080 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2009/10/21 00:04:34 | 000,041,120 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009/10/09 12:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/10/09 12:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/15 11:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/16 08:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 08:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 08:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/06/30 11:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 11:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 11:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/03/27 00:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/02/12 14:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007/06/08 12:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stm_tpm.sys -- (stmtpm)
DRV - [2007/05/30 17:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/30 17:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/30 17:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2001/08/17 12:10:56 | 000,024,653 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el574nd4.sys -- (EL3C574)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmc.myow.com/today
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.me.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..network.proxy.backup.ftp: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 14:35:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 14:35:33 | 000,000,000 | ---D | M]

[2010/09/13 16:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2011/05/23 07:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions
[2010/09/15 14:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (Oliver Wyman Group) -- C:\Documents and Settings\\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]
[2010/12/12 17:23:26 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\vshare@toolbar
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\chrome
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\components
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\defaults
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\modules
[2011/05/22 20:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/22 12:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/27 14:39:12 | 000,000,000 | ---D | M] (Oliver Wyman Group) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\chrome
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\components
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\modules
[2010/11/22 12:20:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/22 12:20:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/02 18:11:29 | 000,000,890 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.107.64.190 www.google.com
O1 - Hosts: 209.172.56.115 search.yahoo.com
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: cavokgroup.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: cavokgroup.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: cavokgroup.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: ds.corp ([owgusdfwev01.owg] * in Intranet local)
O15 - HKCU\..Trusted Domains: ds.corp ([owgusdfwidx01.owg] * in Intranet local)
O15 - HKCU\..Trusted Domains: ds.corp ([owgusev.owg] * in Intranet local)
O15 - HKCU\..Trusted Domains: marsh.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: marsh.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: marsh.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercer.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercer.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercer.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercermc.com ([]ftp in Intranet local)
O15 - HKCU\..Trusted Domains: mercermc.com ([]http in Intranet local)
O15 - HKCU\..Trusted Domains: mercermc.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mmc.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mmc.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mmc.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: myow.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: myow.com ([]http in Intranet local)
O15 - HKCU\..Trusted Domains: myow.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: nera.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: nera.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: nera.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: oliverwyman.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: oliverwyman.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: oliverwyman.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: owgusdfwev01 ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: owgusdfwidx01 ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: owgusev ([]* in Intranet local)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {15138B54-7EB6-11D0-9BB7-0000C0F04C96} http://gmc.myow.com/today/SSLstBar.cab (Sheridan ActiveListBar Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1264163666593 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1260297375109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remotevpn.me...perSetupSP1.cab (JuniperSetupSP1 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.94.25.120 66.94.9.120
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mmci.ad.root
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/19 06:48:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{18197785-bab6-11df-9977-0024d744474c}\Shell - "" = AutoRun
O33 - MountPoints2\{18197785-bab6-11df-9977-0024d744474c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18197785-bab6-11df-9977-0024d744474c}\Shell\AutoRun\command - "" = E:\ATTPreCopy.exe -d:OPETNAEXPCI -7
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/06 11:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My Meetings
[2011/05/06 11:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Tracing
[2011/05/06 11:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Meeting 2007
[2011/05/06 11:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/05/05 22:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2011/05/05 22:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 22:18:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/05 22:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/05 22:18:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/05 22:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/05 11:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Iasta
[2011/05/05 11:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartSource
[2011/05/05 11:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\iasta
[2011/05/03 23:29:15 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/03 23:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/04/29 16:38:18 | 000,077,824 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\SbNp.dll
[2011/04/29 16:38:18 | 000,000,000 | ---D | C] -- C:\Program Files\SafeBoot Tray Manager
[2011/04/29 16:38:10 | 000,006,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\SbFsLock.sys
[2011/04/29 16:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/29 16:35:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2011/04/25 11:06:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/04/25 11:06:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/09/03 04:07:39 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/23 07:52:03 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258479845-1853294860-4170303737-45200UA.job
[2011/05/23 07:49:26 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/05/23 06:17:08 | 000,592,648 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/23 06:17:08 | 000,121,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/22 22:58:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 22:56:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 22:56:24 | 3141,156,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/19 08:52:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258479845-1853294860-4170303737-45200Core.job
[2011/05/19 08:16:28 | 000,086,167 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Corporate Challenge Shirts.pdf
[2011/05/13 08:30:46 | 000,092,328 | ---- | M] () -- C:\Documents and Settings\user\Desktop\JPMorgan Chase Corporate Challenge -302-256.pdf
[2011/05/10 23:19:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/05 22:18:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 11:34:27 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartSource Desktop.lnk
[2011/05/03 23:29:15 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/29 16:46:23 | 021,102,592 | RHS- | M] () -- C:\SafeBoot.fs
[2011/04/29 16:46:18 | 000,589,824 | RHS- | M] () -- C:\SafeBoot.rsv
[2011/04/29 16:38:18 | 000,077,824 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\SbNp.dll
[2011/04/29 16:38:13 | 000,200,704 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\safeboot.scr
[2011/04/29 16:38:13 | 000,044,976 | ---- | M] (SafeBoot N.V.) -- C:\WINDOWS\System32\drivers\sbalg.sys
[2011/04/29 16:38:11 | 000,034,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\sbflop.sys
[2011/04/29 16:38:11 | 000,015,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\sbprcctl.sys
[2011/04/29 16:38:10 | 000,103,760 | ---- | M] () -- C:\WINDOWS\System32\drivers\safeboot.sys
[2011/04/29 16:38:10 | 000,033,328 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\rsvlock.sys
[2011/04/29 16:38:10 | 000,006,496 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\SbFsLock.sys
[2011/04/25 17:36:32 | 000,397,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 14:17:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/25 11:29:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\user\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\user\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/19 08:16:28 | 000,086,167 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Corporate Challenge Shirts.pdf
[2011/05/13 08:30:46 | 000,092,328 | ---- | C] () -- C:\Documents and Settings\user\Desktop\JPMorgan Chase Corporate Challenge -302-256.pdf
[2011/05/05 22:18:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 11:34:27 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartSource Desktop.lnk
[2011/05/03 23:19:02 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/29 16:46:18 | 000,589,824 | RHS- | C] () -- C:\SafeBoot.rsv
[2011/01/25 19:08:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2010/12/29 10:31:27 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2010/11/02 18:44:41 | 000,000,541 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/10/14 08:23:22 | 001,857,536 | ---- | C] () -- C:\WINDOWS\System32\ricA3Jur.dll
[2010/10/14 08:23:22 | 000,067,044 | ---- | C] () -- C:\WINDOWS\System32\ricA3Jlg.dat
[2010/10/02 17:49:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/02 17:49:32 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\d3d9caps.dat
[2010/09/28 12:12:50 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2010/09/15 16:01:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/13 16:33:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/07 14:33:15 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/09/07 10:43:33 | 000,103,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\safeboot.sys
[2010/09/03 04:08:39 | 000,128,204 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2010/09/03 04:08:28 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/09/03 04:07:15 | 000,867,020 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2010/09/03 02:21:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/03 02:21:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/03 02:21:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/03 02:21:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/03 02:21:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/03 02:21:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/09/03 02:19:25 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/09/03 02:19:25 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/09/02 15:12:06 | 000,916,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/02 13:48:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/02 13:39:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/09/02 13:39:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010/02/25 18:45:58 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/08/03 15:35:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/31 17:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/03/19 06:51:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/19 06:46:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/18 23:54:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/18 23:53:30 | 000,397,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/09 18:00:30 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2008/03/25 04:39:58 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/03/25 04:39:56 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,592,648 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,121,046 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/06 11:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/09/27 04:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/11/19 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2010/09/02 14:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2010/09/03 02:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2010/09/27 04:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2010/09/02 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MS
[2010/09/28 12:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/09/03 02:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/05/19 11:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2010/12/10 12:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2010/11/28 21:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Aelita
[2010/09/07 14:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AT&T
[2010/11/19 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\CrashPlan
[2011/05/05 11:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Iasta
[2010/10/27 09:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Juniper Networks
[2010/11/19 18:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\LANDesk
[2010/09/07 14:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Sierra Wireless
[2010/12/14 11:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\vShare
[2010/10/25 06:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search
[2010/10/25 06:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search
[2010/12/10 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Xerox
[2011/05/10 23:19:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/23 07:49:26 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 30 May 2011 - 08:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there sorry for the delay, this may be a relativley easy one to fix

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
wahooligan9
Posted 31 May 2011 - 11:23 AM

wahooligan9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL Log File:

OTL logfile created on: 5/31/2011 11:34:40 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\earlyr\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 75.59% Memory free
4.77 Gb Paging File | 4.26 Gb Available in Paging File | 89.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 266.46 Gb Free Space | 89.39% Space Free | Partition Type: NTFS

Computer Name: CH2-R80CZX4 | User Name: earlyr | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/23 08:45:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\earlyr\Desktop\OTL.exe
PRC - [2011/04/29 16:38:18 | 000,069,632 | ---- | M] () -- C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe
PRC - [2011/03/19 16:27:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/07 16:50:38 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/07/27 18:19:06 | 000,121,416 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
PRC - [2010/07/27 18:16:50 | 000,883,272 | ---- | M] (ATT) -- C:\Program Files\AT&T\Communication Manager\ATTCM.exe
PRC - [2010/07/27 18:12:04 | 000,390,272 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\AT&T\Communication Manager\bmctl.exe
PRC - [2010/02/25 18:45:48 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2010/01/06 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009/12/21 18:49:44 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/12/10 04:50:00 | 000,062,312 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2009/11/24 13:51:18 | 000,176,056 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2009/11/19 21:44:34 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/10/01 16:14:30 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/22 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/09/22 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/09/22 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/05/27 13:24:52 | 000,310,272 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe


========== Modules (SafeList) ==========

MOD - [2011/05/23 08:45:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\earlyr\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/29 16:38:12 | 000,380,988 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\SafeBoot\SbClientManager.exe -- (SafeBootClientManager)
SRV - [2011/02/07 16:51:48 | 000,153,088 | ---- | M] (CrashPlan) [Auto | Stopped] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2010/09/03 04:12:10 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Stopped] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2010/07/27 18:19:06 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/05/20 12:25:08 | 000,385,024 | ---- | M] (LANDesk Software, Ltd.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk®
SRV - [2010/02/25 18:45:48 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2010/01/18 15:41:50 | 000,063,928 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010/01/06 20:07:00 | 000,147,472 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2010/01/06 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/01/06 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/01/06 20:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/01/06 01:13:00 | 000,132,456 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE -- (DozeSvc)
SRV - [2010/01/06 01:13:00 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/11/17 18:06:02 | 000,044,984 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (Lenovo.micmute)
SRV - [2009/11/09 13:48:34 | 000,054,632 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\cammute.exe -- (LENOVO.CAMMUTE)
SRV - [2009/10/23 18:44:36 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/09/22 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/09/21 14:55:12 | 000,858,384 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2009/09/21 14:44:48 | 000,954,368 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2009/09/21 14:31:36 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2009/08/03 06:11:28 | 000,139,264 | ---- | M] (LANDesk Software, Ltd.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2009/04/15 06:06:00 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Stopped] -- C:\Program Files\LANDESK\LDCLIENT\issuser.exe -- (ISSUSER)
SRV - [2009/03/23 10:03:08 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Stopped] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk®
SRV - [2009/03/10 06:10:06 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Stopped] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2008/04/15 08:47:58 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Stopped] -- C:\Program Files\LANDESK\LDCLIENT\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/04/29 16:38:13 | 000,044,976 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sbalg.sys -- (SBAlg)
DRV - [2011/04/29 16:38:11 | 000,034,480 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sbflop.sys -- (SBFlop)
DRV - [2011/04/29 16:38:11 | 000,015,248 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sbprcctl.sys -- (SbPrcCtl)
DRV - [2011/04/29 16:38:10 | 000,103,760 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\safeboot.sys -- (SafeBoot)
DRV - [2011/04/29 16:38:10 | 000,033,328 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2011/04/29 16:38:10 | 000,006,496 | ---- | M] (McAfee, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2010/10/15 01:29:14 | 000,260,864 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/07/27 18:12:04 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/07/27 18:09:40 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/04/03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010/03/01 09:14:00 | 000,992,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/03/01 09:14:00 | 000,047,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/02/26 16:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/06 20:07:00 | 000,343,920 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/06 20:07:00 | 000,091,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/01/06 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/01/06 20:07:00 | 000,066,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/01/06 20:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010/01/06 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/01/06 01:13:00 | 000,024,304 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\DozeHDD.sys -- (DozeHDD)
DRV - [2010/01/06 01:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2009/12/14 17:30:14 | 001,713,664 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAU32.sys -- (CnxtHdAudService)
DRV - [2009/12/10 09:33:34 | 000,167,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel®
DRV - [2009/12/10 04:50:00 | 000,004,608 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2009/10/27 08:53:16 | 000,126,080 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\5U877.sys -- (5U877)
DRV - [2009/10/21 00:04:34 | 000,041,120 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009/10/09 12:12:02 | 000,120,360 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2009/10/09 12:10:24 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/09/15 11:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2009/08/10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009/07/16 08:53:18 | 000,107,776 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP)
DRV - [2009/07/16 08:51:50 | 000,067,840 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS)
DRV - [2009/07/16 08:49:56 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER)
DRV - [2009/06/30 11:59:00 | 000,986,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/06/30 11:58:00 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/06/30 11:58:00 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2009/03/27 00:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/02/12 14:43:00 | 000,045,056 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimspe86.sys -- (rimspci)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/05/12 18:04:02 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2007/06/08 12:58:46 | 000,021,504 | ---- | M] (STMicroelectronics, INC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\stm_tpm.sys -- (stmtpm)
DRV - [2007/05/30 17:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/30 17:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/30 17:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2001/08/17 12:10:56 | 000,024,653 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el574nd4.sys -- (EL3C574)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gmc.myow.com/today
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.me.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..network.proxy.backup.ftp: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy-mem3131d.network.fedex.com"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 14:35:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/27 14:35:33 | 000,000,000 | ---D | M]

[2010/09/13 16:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\earlyr\Application Data\Mozilla\Extensions
[2011/05/31 11:34:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\earlyr\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions
[2010/09/15 14:54:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\earlyr\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (Oliver Wyman Group) -- C:\Documents and Settings\earlyr\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]
[2010/12/12 17:23:26 | 000,000,000 | ---D | M] (vShare) -- C:\Documents and Settings\earlyr\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\vshare@toolbar
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\earlyr\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\chrome
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\earlyr\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\components
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\earlyr\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\defaults
[2011/04/27 14:39:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\earlyr\Application Data\Mozilla\Firefox\Profiles\nwow5iug.default\extensions\[email protected]\modules
[2011/05/27 10:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/22 12:21:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/27 14:39:12 | 000,000,000 | ---D | M] (Oliver Wyman Group) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\chrome
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\components
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults
[2011/04/27 14:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]\modules
[2010/11/22 12:20:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/22 12:20:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/31 11:29:01 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SafeBootTrayManager] C:\Program Files\SafeBoot Tray Manager\SbTrayManager.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: cavokgroup.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: cavokgroup.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: cavokgroup.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: ds.corp ([owgusdfwev01.owg] * in Intranet local)
O15 - HKCU\..Trusted Domains: ds.corp ([owgusdfwidx01.owg] * in Intranet local)
O15 - HKCU\..Trusted Domains: ds.corp ([owgusev.owg] * in Intranet local)
O15 - HKCU\..Trusted Domains: marsh.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: marsh.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: marsh.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercer.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercer.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercer.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mercermc.com ([]ftp in Intranet local)
O15 - HKCU\..Trusted Domains: mercermc.com ([]http in Intranet local)
O15 - HKCU\..Trusted Domains: mercermc.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mmc.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mmc.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: mmc.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: myow.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: myow.com ([]http in Intranet local)
O15 - HKCU\..Trusted Domains: myow.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: nera.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: nera.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: nera.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: oliverwyman.com ([]ftp in Sites confiáveis)
O15 - HKCU\..Trusted Domains: oliverwyman.com ([]http in Sites confiáveis)
O15 - HKCU\..Trusted Domains: oliverwyman.com ([]https in Sites confiáveis)
O15 - HKCU\..Trusted Domains: owgusdfwev01 ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: owgusdfwidx01 ([]* in Intranet local)
O15 - HKCU\..Trusted Domains: owgusev ([]* in Intranet local)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {15138B54-7EB6-11D0-9BB7-0000C0F04C96} http://gmc.myow.com/today/SSLstBar.cab (Sheridan ActiveListBar Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1264163666593 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1260297375109 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://remotevpn.me...perSetupSP1.cab (JuniperSetupSP1 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.4.4 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mmci.ad.root
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/19 06:48:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{18197785-bab6-11df-9977-0024d744474c}\Shell - "" = AutoRun
O33 - MountPoints2\{18197785-bab6-11df-9977-0024d744474c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{18197785-bab6-11df-9977-0024d744474c}\Shell\AutoRun\command - "" = E:\ATTPreCopy.exe -d:OPETNAEXPCI -7
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/31 11:35:30 | 000,586,240 | ---- | C] (AVAST Software) -- C:\Documents and Settings\earlyr\Desktop\aswMBR.exe
[2011/05/31 06:35:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/29 21:10:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/23 08:44:42 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\earlyr\Desktop\OTL.exe
[2011/05/06 11:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\earlyr\My Documents\My Meetings
[2011/05/06 11:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\earlyr\Tracing
[2011/05/06 11:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Meeting 2007
[2011/05/06 11:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/05/05 22:18:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\earlyr\Application Data\Malwarebytes
[2011/05/05 22:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 22:18:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/05 22:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/05 22:18:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/05 22:18:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/05 11:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\earlyr\Application Data\Iasta
[2011/05/05 11:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartSource
[2011/05/05 11:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\iasta
[2011/05/03 23:29:15 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/05/03 23:18:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/09/03 04:07:39 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[1 C:\Documents and Settings\earlyr\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\earlyr\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/31 11:35:31 | 000,586,240 | ---- | M] (AVAST Software) -- C:\Documents and Settings\earlyr\Desktop\aswMBR.exe
[2011/05/31 11:33:13 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/05/31 11:33:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/31 11:29:01 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/31 10:52:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258479845-1853294860-4170303737-45200UA.job
[2011/05/31 09:46:43 | 000,592,648 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/31 09:46:43 | 000,121,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/31 09:41:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/31 09:40:57 | 3141,156,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/26 08:52:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3258479845-1853294860-4170303737-45200Core.job
[2011/05/23 17:46:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\earlyr\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/05/23 08:45:05 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\earlyr\Desktop\OTL.exe
[2011/05/10 23:19:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/05 22:18:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 11:34:27 | 000,001,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SmartSource Desktop.lnk
[2011/05/03 23:29:15 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[1 C:\Documents and Settings\earlyr\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\earlyr\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/23 14:08:32 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/05/05 22:18:11 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/05 11:34:27 | 000,001,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SmartSource Desktop.lnk
[2011/05/03 23:19:02 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/01/25 19:08:11 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\hpsfs.dll
[2010/12/29 10:31:27 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\ZSHP1020.EXE
[2010/11/02 18:44:41 | 000,000,541 | ---- | C] () -- C:\WINDOWS\ricdb.ini
[2010/10/14 08:23:22 | 001,857,536 | ---- | C] () -- C:\WINDOWS\System32\ricA3Jur.dll
[2010/10/14 08:23:22 | 000,067,044 | ---- | C] () -- C:\WINDOWS\System32\ricA3Jlg.dat
[2010/10/02 17:49:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/02 17:49:32 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\earlyr\Local Settings\Application Data\d3d9caps.dat
[2010/09/28 12:12:50 | 000,962,560 | ---- | C] () -- C:\WINDOWS\tesseract.exe
[2010/09/15 16:01:59 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/13 16:33:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/07 14:33:15 | 000,026,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/09/07 10:43:33 | 000,103,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\safeboot.sys
[2010/09/03 04:08:39 | 000,128,204 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng575.bin
[2010/09/03 04:08:28 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2010/09/03 04:07:15 | 000,867,020 | ---- | C] () -- C:\WINDOWS\System32\igkrng575.bin
[2010/09/03 02:21:15 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/09/03 02:21:15 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/09/03 02:21:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/09/03 02:21:15 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/09/03 02:21:15 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/09/03 02:21:15 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/09/03 02:19:25 | 000,196,608 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/09/03 02:19:25 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/09/02 15:12:06 | 000,916,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/02 13:48:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/02 13:39:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/09/02 13:39:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010/02/25 18:45:58 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/08/03 15:35:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/03/31 17:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/03/19 06:51:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/03/19 06:46:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/03/18 23:54:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/03/18 23:53:30 | 000,397,720 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/09 18:00:30 | 000,053,478 | ---- | C] () -- C:\WINDOWS\mvtcpui.ini
[2008/03/25 04:39:58 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/03/25 04:39:56 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/02/07 11:05:18 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,592,648 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,121,046 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/05/06 11:03:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/09/27 04:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/11/19 18:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2010/09/02 14:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2010/09/03 02:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2010/09/27 04:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2010/09/02 14:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MS
[2010/09/28 12:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/09/03 02:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/05/31 05:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2010/12/10 12:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Xerox
[2010/11/28 21:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\Aelita
[2010/09/07 14:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\AT&T
[2010/11/19 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\CrashPlan
[2011/05/05 11:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\Iasta
[2010/10/27 09:04:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\Juniper Networks
[2010/11/19 18:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\LANDesk
[2010/09/07 14:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\Sierra Wireless
[2010/12/14 11:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\vShare
[2010/10/25 06:48:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\Windows Desktop Search
[2010/10/25 06:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\Windows Search
[2010/12/10 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\earlyr\Application Data\Xerox
[2011/05/10 23:19:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2011/05/31 11:33:13 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



< End of report >

------------------------------------------------------------------------------------------------------------------------------------------

aswMBR Log:

aswMBR version 0.9.5.317 Copyright© 2011 AVAST Software
Run date: 2011-05-31 11:37:03
-----------------------------
11:37:03.281 OS Version: Windows 5.1.2600 Service Pack 3
11:37:03.281 Number of processors: 4 586 0x2505
11:37:03.281 ComputerName: CH2-R80CZX4 UserName: earlyr
11:37:04.546 Initialize success
11:37:16.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:37:16.890 Disk 0 Vendor: ST932042 0003 Size: 305245MB BusType: 3
11:37:16.921 Disk 0 MBR read successfully
11:37:16.921 Disk 0 MBR scan
11:37:16.921 Disk 0 unknown MBR code
11:37:16.937 Disk 0 scanning sectors +625136400
11:37:16.968 Disk 0 scanning C:\WINDOWS\system32\drivers
11:37:17.000 Service scanning
11:37:17.843 Disk 0 trace - called modules:
11:37:17.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iastor.sys
11:37:17.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad54ab8]
11:37:17.859 3 CLASSPNP.SYS[b9918fd7] -> nt!IofCallDriver -> \Device\00000094[0x8acd4cc8]
11:37:17.859 5 ACPI.sys[b977f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a30e028]
11:37:45.421 Unsigned kernel modules:
11:37:45.421 0xb98f8000 C:\WINDOWS\system32\drivers\SBAlg.sys
11:37:45.921 0xb9dae000 C:\WINDOWS\system32\drivers\SbFsLock.sys
11:38:05.406 0xb93fe000 C:\WINDOWS\system32\drivers\SafeBoot.sys
11:38:20.093 0xb9db0000 C:\WINDOWS\system32\drivers\BMLoad.sys
11:38:57.062 0xb9be0000 C:\WINDOWS\System32\Drivers\tcpipBM.SYS
11:38:57.843 0xb9bb0000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS
11:38:57.890 0xb9bc0000 C:\WINDOWS\System32\drivers\Tppwrif.sys
11:38:57.968 0xb8653000 C:\WINDOWS\System32\Drivers\SbPrcCtl.SYS
11:38:58.000 0xa7e0d000 C:\WINDOWS\System32\Drivers\SBFlop.SYS
11:38:58.031 0xa7dfd000 C:\WINDOWS\System32\Drivers\RsvLock.SYS
11:39:00.968 0xa5a72000 C:\WINDOWS\system32\DRIVERS\DKRtWrt.sys
11:39:01.296 Scan finished successfully
12:23:08.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\earlyr\Desktop\MBR.dat"
12:23:08.109 The log file has been saved successfully to "C:\Documents and Settings\earlyr\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 31 May 2011 - 11:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that the redirects have ceased
  • 0

#5
Essexboy
Posted 03 June 2011 - 10:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP