Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

malware infection win32/kryptic.sdt?


  • This topic is locked This topic is locked

#1
aleksm42

aleksm42

    Member

  • Member
  • PipPip
  • 28 posts
Hi! My computer's been infected with some sort of malware, and I'm in need of help! I'm on a Lenovo T60, Windows XP, running AVG 2011, Zone Alarm, and Spyware Guard for protection. While I was browsing yesterday, AVG detected a threat, and ZoneAlarm asked if a strange program (I can't remember the name now, but it was a long string of letters.exe) could access the internet. I denied access to the program, and said that AVG could quarantine the threat. It quarantined two things, one of which was win32/Kryptic.SDT. I can't remember the other one, and it's now difficult to get into my virus vault because of what has ensued, and I'm not sure if this is the problem anymore, or something else is. Shortly after this, my computer slowed to a halt. I tried restarting, but got a blue screen crash. A second restart got me back on, and I ran Malwarebytes AntiMalware. This crashed to a blue screen once, but I ran it again on a full scan, and it came up clean. It also comes up clean when run in safe mode. However, I know I must still be infected, because the computer is still crashing a lot, trying to start either IE or Firefox puts the computer at 100% CPU, and when I start up, ZoneAlarm warns that a program called ApplicationUpdater.exe is trying to access the internet (I deny it when it asks). I also get strange programs running in my processes list, which look like long registry keys (mix of letters, numbers, and dashes) with .exe at the end. One of these ran even when I booted in safe mode. In that instance, Malwarebytes wouldn't start until I killed that program from task manager. I have booted into Safe Mode without networking and run an OTL scan. I'm not sure if you need the OTL scan to be run when I'm in normal mode for it to be effective?

I have access to a clean PC and an uninfected datastick, which is how I'm communcating here and how I downloaded OTL. Thanks for your help!

Aleks

Here is my OTL log:

OTL logfile created on: 8/28/2011 9:13:21 AM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Aleksandra McClain\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.32% Memory free
2.60 Gb Paging File | 2.51 Gb Available in Paging File | 96.59% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.03 Gb Total Space | 26.32 Gb Free Space | 18.28% Space Free | Partition Type: NTFS
Drive E: | 5.45 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.91 Gb Total Space | 0.21 Gb Free Space | 10.86% Space Free | Partition Type: FAT

Computer Name: ALEKS | User Name: Aleksandra McClain | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/28 09:09:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aleksandra McClain\Desktop\OTL.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2006/11/23 19:20:42 | 000,233,472 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACGina.dll
MOD - [2006/11/23 19:20:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/11/23 19:19:56 | 000,569,344 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/11/23 19:12:48 | 000,032,768 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
MOD - [2006/11/23 19:03:38 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/11/23 19:02:04 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/11/23 19:02:04 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/11/23 19:02:00 | 000,491,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/11/23 19:01:52 | 000,163,840 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/11/23 19:01:32 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2005/11/30 12:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/26 21:23:02 | 000,223,088 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/19 20:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/24 04:21:56 | 000,167,936 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/11/23 19:20:06 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/11/17 10:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Stopped] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/11/17 01:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/08/16 18:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/07/15 02:24:52 | 000,629,504 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/15 00:52:48 | 000,045,056 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/05/24 06:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Stopped] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/06/07 06:26:22 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/06/07 13:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/10/07 09:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/10/07 09:47:55 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/02 00:41:44 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/07/05 01:57:40 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2009/03/30 21:08:20 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/02/17 11:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/02/17 11:43:28 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/01/23 22:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/12/22 17:22:43 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/09/13 00:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/16 18:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/02 17:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/02 17:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/02 10:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/20 18:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/05/25 17:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/03/14 01:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Stopped] -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006/02/02 14:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 14:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 14:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 14:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 14:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 14:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 14:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/01/13 09:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/11/18 21:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 21:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/08 18:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2001/10/15 13:38:04 | 000,025,434 | ---- | M] (D-Link Corp. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DLKRCB.SYS -- (DLKRCB)
DRV - [2001/08/17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwcache.york.ac.uk:8080

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Aleksandra McClain\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/17 18:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/07/12 13:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 13:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D3F68CD0-D0C2-4597-BD8A-5725A4895544}: C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\{D3F68CD0-D0C2-4597-BD8A-5725A4895544} [2011/08/28 01:29:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/24 08:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/20 19:15:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/17 18:07:33 | 000,000,000 | ---D | M]

[2008/10/20 19:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Extensions
[2008/10/20 19:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/08/28 02:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions
[2011/05/02 12:46:52 | 000,000,000 | ---D | M] ("Popup ALT Attribute") -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}
[2011/07/25 11:22:45 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011/05/02 12:46:51 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011/07/11 16:40:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/21 14:47:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/10 16:51:43 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\firefox@tvunetworks.com
[2010/02/28 14:15:06 | 000,000,000 | ---D | M] (EBrary Reader Plugin) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\reader_plugin@ebrary.com
[2010/09/20 00:37:20 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\vshare@toolbar
[2011/08/28 02:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/21 08:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (no name) - {93935F7F-9C88-42F8-8445-95251D27FABC} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Ixasucoku] C:\WINDOWS\igikarad.dll (Hauppauge Computer Works.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Mindful] C:\Program Files\Felitec\Mindful\Mindful.exe (Felitec Inc.)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Aleksandra McClain\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Aleksandra McClain\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Data Sync.lnk = C:\Program Files\T-Mobile\Data Sync\Voxsync.exe (Voxmobili)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.micr...N-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\ckpNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/04 13:40:55 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/12/11 21:03:59 | 000,000,277 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/04/04 13:40:56 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{03eeb8f9-15d8-11df-9b42-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{03eeb8f9-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03eeb8f9-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{03eeb8fb-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun\command - "" = E:\CTFMON.EXE
O33 - MountPoints2\{03eeb8fb-15d8-11df-9b42-0019d2062d27}\Shell\explore\Command - "" = E:\CTFMON.EXE
O33 - MountPoints2\{03eeb8fb-15d8-11df-9b42-0019d2062d27}\Shell\open\Command - "" = E:\CTFMON.EXE
O33 - MountPoints2\{03eeb8fd-15d8-11df-9b42-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{03eeb8fd-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03eeb8fd-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{24dd9c11-f420-11dc-8ae6-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{24dd9c11-f420-11dc-8ae6-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24dd9c11-f420-11dc-8ae6-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{3133af3c-63e8-11df-9b78-0019d2062d27}\Shell\AutoRun\command - "" = E:\PortableRoboForm.exe
O33 - MountPoints2\{3133af3c-63e8-11df-9b78-0019d2062d27}\Shell\RoboForm2Go\command - "" = E:\PortableRoboForm.exe
O33 - MountPoints2\{3c0eb0ec-b0c0-11e0-9c18-001641e012c6}\Shell - "" = AutoRun
O33 - MountPoints2\{3c0eb0ec-b0c0-11e0-9c18-001641e012c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c0eb0ec-b0c0-11e0-9c18-001641e012c6}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{41837ccb-77ff-11df-9b7e-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{41837ccb-77ff-11df-9b7e-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41837ccb-77ff-11df-9b7e-0019d2062d27}\Shell\AutoRun\command - "" = G:\MI.exe
O33 - MountPoints2\{458a9114-c350-11dc-8a94-0019d2062d27}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{6118f864-342e-11e0-9be8-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{6118f864-342e-11e0-9be8-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6118f864-342e-11e0-9be8-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{6cd1b0f4-e6ab-11dc-8acf-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd1b0f4-e6ab-11dc-8acf-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6cd1b0f4-e6ab-11dc-8acf-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{c9cbb7f8-9ed2-11dd-8baf-0019d2062d27}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{d6308729-2314-11e0-9bdd-001641e012c6}\Shell - "" = AutoRun
O33 - MountPoints2\{d6308729-2314-11e0-9bdd-001641e012c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6308729-2314-11e0-9bdd-001641e012c6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{e2ccbd10-2eab-11e0-9be0-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{e2ccbd10-2eab-11e0-9be0-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2ccbd10-2eab-11e0-9be0-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{e9ebd215-475b-11dd-8b3f-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{e9ebd215-475b-11dd-8b3f-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9ebd215-475b-11dd-8b3f-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\{fa02ae84-7e46-11dc-8a3d-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{fa02ae84-7e46-11dc-8a3d-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa02ae84-7e46-11dc-8a3d-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/12/07 19:45:13 | 001,095,224 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/28 09:12:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aleksandra McClain\Desktop\OTL.exe
[2011/08/28 02:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/28 01:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/28 01:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/28 01:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\{D3F68CD0-D0C2-4597-BD8A-5725A4895544}
[2011/08/28 01:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\$XNTUninstall643$
[2011/08/26 16:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Search Settings
[2011/08/26 16:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/08/26 16:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2011/08/26 14:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Desktop\melsonby_photos
[2011/08/26 14:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Desktop\melsonby_ryder drawings
[2011/08/17 16:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Desktop\attachments
[2011/08/09 10:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Desktop\preentrypackfornewstudents
[2007/01/17 21:23:02 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[4 C:\Documents and Settings\Aleksandra McClain\Desktop\*.tmp files -> C:\Documents and Settings\Aleksandra McClain\Desktop\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/28 09:09:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aleksandra McClain\Desktop\OTL.exe
[2011/08/28 09:03:28 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/28 09:02:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/28 08:53:21 | 000,009,970 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2011/08/28 08:53:21 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/08/28 08:53:08 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/28 08:51:56 | 000,003,216 | ---- | M] () -- C:\WINDOWS\System32\encobject.dat
[2011/08/28 03:27:09 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/28 03:11:21 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/08/28 03:01:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\prvlcl.dat
[2011/08/28 02:12:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/28 01:29:51 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mvixu.dat
[2011/08/28 01:29:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jmaqedojodohuje.bin
[2011/08/28 00:20:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/08/27 13:46:28 | 000,359,888 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Vouchers_717.pdf
[2011/08/27 10:21:20 | 129,977,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/26 17:52:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/26 14:29:07 | 000,878,625 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\melsonby.zip
[2011/08/23 13:26:33 | 000,037,815 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\horse.jpg
[2011/08/17 01:10:08 | 000,138,995 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\mynpower_bill_24Jun2010.pdf
[2011/08/17 00:55:44 | 000,169,040 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\ei150_series_instructions.pdf
[2011/08/12 01:59:38 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/08/11 14:34:56 | 000,017,152 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Questions_anm.rtf
[2011/08/11 13:05:47 | 000,050,558 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Questions.rtf
[2011/08/11 13:05:16 | 000,176,921 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\09 McClain.pdf
[2011/08/10 16:26:23 | 000,433,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 16:26:23 | 000,068,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 16:23:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/09 09:41:51 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/08 22:42:32 | 000,034,972 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\youth.jpg
[4 C:\Documents and Settings\Aleksandra McClain\Desktop\*.tmp files -> C:\Documents and Settings\Aleksandra McClain\Desktop\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/28 01:29:51 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mvixu.dat
[2011/08/28 01:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jmaqedojodohuje.bin
[2011/08/27 13:46:27 | 000,359,888 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Vouchers_717.pdf
[2011/08/26 14:25:34 | 000,878,625 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\melsonby.zip
[2011/08/23 12:52:34 | 000,037,815 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\horse.jpg
[2011/08/17 01:10:08 | 000,138,995 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\mynpower_bill_24Jun2010.pdf
[2011/08/17 00:55:44 | 000,169,040 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\ei150_series_instructions.pdf
[2011/08/12 01:59:38 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/08/11 13:13:57 | 000,017,152 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Questions_anm.rtf
[2011/08/11 13:05:47 | 000,050,558 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Questions.rtf
[2011/08/11 13:05:16 | 000,176,921 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\09 McClain.pdf
[2011/08/08 22:42:31 | 000,034,972 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\youth.jpg
[2011/07/16 00:38:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/01 16:46:25 | 000,001,922 | ---- | C] () -- C:\WINDOWS\TLMSTUDENT.INI
[2011/02/01 16:46:23 | 000,000,826 | ---- | C] () -- C:\WINDOWS\SSCE.INI
[2011/02/01 16:46:11 | 000,001,942 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/02/01 16:46:11 | 000,000,168 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\906B61DCC3.sys
[2011/02/01 15:43:15 | 000,000,064 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\c1972b1a7030edbaa8a0231998d2d434906484f2
[2011/02/01 15:43:15 | 000,000,064 | -H-- | C] () -- C:\Documents and Settings\Aleksandra McClain\Application Data\c1972b1a7030edbaa8a0231998d2d434906484f2
[2010/08/30 23:10:41 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/08/30 23:10:41 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/08/30 23:10:39 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/08/30 23:10:39 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe
[2010/07/31 20:14:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/24 16:13:23 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/28 14:17:12 | 000,000,034 | ---- | C] () -- C:\WINDOWS\NPinfotl.INI
[2010/02/14 07:26:07 | 000,000,606 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2010/01/17 17:47:37 | 000,195,379 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2010/01/17 17:47:37 | 000,000,606 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2010/01/13 23:31:01 | 000,000,018 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/01/13 23:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/01/06 18:37:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\prvlcl.dat
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/03 16:30:48 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2009/07/03 15:23:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\erase_SR.exe
[2009/04/16 12:08:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/04/16 12:00:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE P2400EFGD.ini
[2009/04/11 15:35:28 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/01/25 03:06:48 | 000,048,913 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[2008/10/21 00:05:41 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/10/21 00:05:41 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/21 00:05:41 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/10/21 00:05:40 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/10/15 22:48:34 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/04/28 11:19:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\pp80.INI
[2008/01/30 17:10:46 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/01/09 15:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/08/30 14:17:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/07/25 10:52:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gridview.INI
[2007/06/12 19:55:11 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/02 10:46:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6s.DLL
[2007/04/01 22:43:29 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/13 16:28:01 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin.old
[2007/03/13 16:28:01 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin.old
[2007/03/13 16:04:00 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2007/03/13 15:51:12 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin
[2007/03/13 15:51:11 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin
[2007/03/09 02:35:20 | 000,000,070 | ---- | C] () -- C:\WINDOWS\187AD870.ini
[2007/03/06 15:10:03 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2007/03/06 15:10:02 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2007/03/06 15:10:02 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2007/03/06 15:10:02 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2007/03/06 15:10:02 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2007/02/21 11:12:46 | 001,513,984 | ---- | C] () -- C:\WINDOWS\System32\Mgxrdr80.dll
[2007/02/21 11:12:44 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2007/02/21 11:12:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/02/21 11:12:25 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\Ppiv30.dll
[2007/02/21 11:12:25 | 000,000,986 | ---- | C] () -- C:\WINDOWS\Mgxclean.sys
[2007/02/21 11:12:25 | 000,000,100 | ---- | C] () -- C:\WINDOWS\MGXCLEAN.DAT
[2007/01/23 00:47:09 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/20 18:58:13 | 000,005,162 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/17 21:16:32 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/01/17 21:16:32 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2007/01/17 21:16:32 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/01/17 20:57:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/17 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/15 07:18:20 | 000,003,216 | ---- | C] () -- C:\WINDOWS\System32\encobject.dat
[2006/12/30 14:30:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/12/30 13:32:52 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2006/12/30 13:22:05 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\fusioncache.dat
[2006/12/22 17:32:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/22 17:22:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2006/12/22 17:22:10 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/12/22 17:21:21 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2006/12/22 17:16:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2006/12/22 17:12:46 | 000,000,322 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/22 17:10:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/12/22 17:10:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/12/22 17:10:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/12/22 17:10:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/12/22 17:10:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/12/22 17:10:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/12/22 17:03:08 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/12/22 17:00:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2006/12/22 16:59:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/12/22 16:59:39 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2006/12/22 16:59:39 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/12/22 16:59:27 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/12/22 16:56:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2006/12/22 16:50:20 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2006/11/17 01:14:14 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\psasrv.exe
[2006/08/17 09:00:13 | 000,009,970 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/08/17 09:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006/08/03 02:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/08/03 02:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/06/14 17:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/06/12 21:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 08:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 08:22:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 08:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 08:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 07:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 07:55:55 | 000,433,812 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 07:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 07:55:55 | 000,068,220 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 07:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 07:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 07:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 07:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 07:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 07:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 07:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 07:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/30 01:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/30 01:03:29 | 000,356,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/02/21 04:59:25 | 000,285,696 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/07/15 13:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Any Video Converter
[2009/12/29 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Auslogics
[2010/12/12 01:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\AVG10
[2009/09/21 18:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Bullzip
[2010/04/08 12:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Canon
[2010/07/27 09:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\CheckPoint
[2011/07/08 04:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Dropbox
[2010/07/23 13:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Elluminate
[2009/09/18 01:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\EndNote
[2010/03/30 00:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Facebook
[2009/06/29 21:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Free Photo Converter
[2007/03/21 23:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\InterVideo
[2011/02/01 15:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\iSpring Solutions
[2010/04/20 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\KompoZer
[2007/07/17 09:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Leadertech
[2007/01/14 18:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Lenovo
[2007/02/01 11:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\MapInfo
[2010/09/19 23:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Obsidium
[2010/03/07 07:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\PDF Writer
[2011/02/01 16:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Progeny
[2011/08/26 16:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Search Settings
[2007/04/04 11:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Snapfish
[2011/08/28 02:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\stickies
[2009/09/13 23:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\StreamTorrent
[2006/12/22 17:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\ThinkVantage
[2011/04/29 06:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\uTorrent
[2010/04/20 18:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Virtual Mechanics
[2011/07/14 18:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Voxmobili
[2011/07/17 02:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\YouTube Downloader
[2011/08/28 02:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/09/08 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2010/12/12 01:28:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/09/21 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2007/01/14 18:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/07/03 13:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2007/02/21 13:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo
[2011/05/01 20:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/07 07:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2010/12/09 01:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/06/14 22:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2008/01/29 23:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2011/08/28 02:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/20 19:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2007/08/30 15:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2010/04/20 18:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2011/07/17 02:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/07/20 00:20:57 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/08/28 00:20:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/07/20 00:20:58 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job
[2011/08/28 08:53:21 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B71D0B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8BE05FA

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see if we can resolve this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
    O2 - BHO: (no name) - {93935F7F-9C88-42F8-8445-95251D27FABC} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4 - HKLM..\Run: [Ixasucoku] C:\WINDOWS\igikarad.dll (Hauppauge Computer Works.)
    [2011/08/28 01:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\$XNTUninstall643$
    [2011/08/28 01:29:51 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Mvixu.dat
    [2011/08/28 01:29:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jmaqedojodohuje.bin
    [2011/02/01 15:43:15 | 000,000,064 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\c1972b1a7030edbaa8a0231998d2d434906484f2
    [2011/02/01 15:43:15 | 000,000,064 | -H-- | C] () -- C:\Documents and Settings\Aleksandra McClain\Application Data\c1972b1a7030edbaa8a0231998d2d434906484f2
    [2010/08/30 23:10:41 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
    [2010/08/30 23:10:41 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
    [2010/08/30 23:10:39 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
    [2010/08/30 23:10:39 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\office.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
aleksm42

aleksm42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi! Thanks for your help. I tried running the OTL fix, which ran for a bit, but crashed to a blue screen with the following message:

A problem has been detected and windows has been shut down to prevent damage to your computer.

A driver has overrun a stack-based buffer. This overrun could potentially allow a malicious user to gain control of this machine.

Then all the standard blue screen instructions...


Aleks
  • 0

#4
aleksm42

aleksm42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hang on...when I restarted the computer manually after the crash, a text file was open on the desktop. It reads:

Files\Folders moved on Reboot....
C:\Documents and Settings\Aleksandra McClain\Local Settings\Temp\~DFFB93.tmp moved successfully

Registry entries deleted on reboot...

I will now try to run a new OTL scan.
  • 0

#5
aleksm42

aleksm42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
We seem to have just made it angry. Twice the OTL scan hung on 'Scanning Modules...' a little bit after starting. And the third time it crashed to a blue screen. I have restarted and tried again, but it seems hung up again.
  • 0

#6
aleksm42

aleksm42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Better luck now! A fourth try finished the OTL scan, and then I was able to run the aswMBR scan. The logs are here, OTL, Extras, and then aswMBR:

OTL logfile created on: 8/28/2011 1:55:12 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Aleksandra McClain\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.07% Memory free
2.60 Gb Paging File | 1.92 Gb Available in Paging File | 73.83% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.03 Gb Total Space | 26.86 Gb Free Space | 18.65% Space Free | Partition Type: NTFS

Computer Name: ALEKS | User Name: Aleksandra McClain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/28 09:09:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aleksandra McClain\Desktop\OTL.exe
PRC - [2011/08/17 13:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/04/26 21:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/04/26 21:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/04/14 01:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/17 10:07:00 | 000,015,872 | ---- | M] ( ) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2006/08/16 18:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2006/08/16 18:07:00 | 000,069,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/07/15 03:20:38 | 000,817,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2006/07/15 02:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/15 02:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/15 00:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/05/24 06:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/19 01:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2006/03/14 01:38:56 | 000,041,472 | R--- | M] (Utimaco Safeware AG) -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
PRC - [2006/02/14 06:17:28 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2006/02/02 14:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/05 06:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2005/06/07 06:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/11 01:40:43 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\70a1400affdc775d7c7398e036359286\System.ServiceProcess.ni.dll
MOD - [2011/08/10 16:27:09 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/06/16 10:23:45 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/04/26 21:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011/04/26 21:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2006/11/23 19:20:42 | 000,233,472 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACGina.dll
MOD - [2006/11/23 19:20:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/11/23 19:19:56 | 000,569,344 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/11/23 19:12:48 | 000,032,768 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
MOD - [2006/11/23 19:12:22 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\LPAC4.dll
MOD - [2006/11/23 19:08:50 | 000,040,960 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcBcon.dll
MOD - [2006/11/23 19:03:38 | 000,114,688 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/11/23 19:02:04 | 000,147,456 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/11/23 19:02:04 | 000,007,680 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/11/23 19:02:00 | 000,491,520 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/11/23 19:01:52 | 000,163,840 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/11/23 19:01:32 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/07/15 02:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
MOD - [2006/07/15 02:35:28 | 000,139,264 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006/07/15 02:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
MOD - [2006/07/15 00:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
MOD - [2006/07/04 17:11:00 | 000,057,344 | ---- | M] () -- C:\Program Files\ThinkVantage\PrdCtr\US\LPRESMGR.DLL
MOD - [2006/05/25 17:13:00 | 000,073,728 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2006/05/25 17:13:00 | 000,036,864 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL
MOD - [2005/11/30 12:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/10/28 12:29:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\tpfnf7.dll
MOD - [2005/07/05 06:57:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
MOD - [2005/06/07 06:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
MOD - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
MOD - [2003/08/02 23:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/26 21:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/02/19 20:31:44 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/24 04:21:56 | 000,167,936 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/11/23 19:20:06 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2006/11/17 10:07:00 | 000,015,872 | ---- | M] ( ) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2006/11/17 01:14:14 | 000,023,552 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\psasrv.exe -- (PsaSrv)
SRV - [2006/08/16 18:07:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2006/07/15 02:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/15 00:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2006/05/24 06:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/06/07 06:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Driver Services (SafeList) ==========

DRV - [2011/06/07 13:44:16 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/04/04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2011/03/31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/02/07 17:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/10/07 09:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 09:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/10/07 09:47:55 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 09:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/10/02 00:41:44 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2009/07/05 01:57:40 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/05/08 11:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2009/04/06 15:32:54 | 000,038,496 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/03/30 21:08:20 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/02/17 11:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/02/17 11:43:28 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/01/23 22:25:32 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/12/22 17:22:43 | 000,017,536 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006/09/13 00:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/08/16 18:07:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/08/02 17:54:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2006/08/02 17:54:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2006/08/02 10:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/20 18:54:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/05/25 17:13:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2006/03/14 01:05:54 | 000,058,368 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2006/02/02 14:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/02/02 14:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/02/02 14:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/02/02 14:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/02/02 14:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/02/02 14:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/02/02 14:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006/01/13 09:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/11/18 21:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 21:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/08 18:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2002/07/17 08:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32)
DRV - [2001/10/15 13:38:04 | 000,025,434 | ---- | M] (D-Link Corp. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DLKRCB.SYS -- (DLKRCB)
DRV - [2001/08/17 14:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwcache.york.ac.uk:8080

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Aleksandra McClain\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/17 18:07:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/07/12 13:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/07/12 13:06:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D3F68CD0-D0C2-4597-BD8A-5725A4895544}: C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\{D3F68CD0-D0C2-4597-BD8A-5725A4895544} [2011/08/28 01:29:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/24 08:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/20 19:15:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/17 18:07:33 | 000,000,000 | ---D | M]

[2008/10/20 19:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Extensions
[2008/10/20 19:18:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/08/28 02:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions
[2011/05/02 12:46:52 | 000,000,000 | ---D | M] ("Popup ALT Attribute") -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}
[2011/07/25 11:22:45 | 000,000,000 | ---D | M] ("Boomerang for GMail") -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{65e41d20-f092-41b7-bb83-c6e8a9ab0f57}
[2011/05/02 12:46:51 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011/07/11 16:40:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/03/21 14:47:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/10 16:51:43 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\firefox@tvunetworks.com
[2010/02/28 14:15:06 | 000,000,000 | ---D | M] (EBrary Reader Plugin) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\reader_plugin@ebrary.com
[2010/09/20 00:37:20 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Documents and Settings\Aleksandra McClain\Application Data\Mozilla\Firefox\Profiles\mp2u0aaz.default\extensions\vshare@toolbar
[2011/08/28 02:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/21 08:24:52 | 000,660,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll

O1 HOSTS File: ([2011/08/28 13:23:08 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Mindful] C:\Program Files\Felitec\Mindful\Mindful.exe (Felitec Inc.)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Aleksandra McClain\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Aleksandra McClain\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Aleksandra McClain\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Data Sync.lnk = C:\Program Files\T-Mobile\Data Sync\Voxsync.exe (Voxmobili)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...p/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} http://download.micr...N-US/msorun.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\AwayNotify: DllName - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll (Lenovo Group Limited)
O20 - Winlogon\Notify\ckpNotify: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/04 13:40:55 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{03eeb8f9-15d8-11df-9b42-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{03eeb8f9-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03eeb8f9-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{03eeb8fb-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun\command - "" = E:\CTFMON.EXE
O33 - MountPoints2\{03eeb8fb-15d8-11df-9b42-0019d2062d27}\Shell\explore\Command - "" = E:\CTFMON.EXE
O33 - MountPoints2\{03eeb8fb-15d8-11df-9b42-0019d2062d27}\Shell\open\Command - "" = E:\CTFMON.EXE
O33 - MountPoints2\{03eeb8fd-15d8-11df-9b42-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{03eeb8fd-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03eeb8fd-15d8-11df-9b42-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{3133af3c-63e8-11df-9b78-0019d2062d27}\Shell\AutoRun\command - "" = E:\PortableRoboForm.exe
O33 - MountPoints2\{3133af3c-63e8-11df-9b78-0019d2062d27}\Shell\RoboForm2Go\command - "" = E:\PortableRoboForm.exe
O33 - MountPoints2\{3c0eb0ec-b0c0-11e0-9c18-001641e012c6}\Shell - "" = AutoRun
O33 - MountPoints2\{3c0eb0ec-b0c0-11e0-9c18-001641e012c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c0eb0ec-b0c0-11e0-9c18-001641e012c6}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{41837ccb-77ff-11df-9b7e-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{41837ccb-77ff-11df-9b7e-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{41837ccb-77ff-11df-9b7e-0019d2062d27}\Shell\AutoRun\command - "" = G:\MI.exe
O33 - MountPoints2\{458a9114-c350-11dc-8a94-0019d2062d27}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{6118f864-342e-11e0-9be8-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{6118f864-342e-11e0-9be8-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6118f864-342e-11e0-9be8-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{6cd1b0f4-e6ab-11dc-8acf-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd1b0f4-e6ab-11dc-8acf-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6cd1b0f4-e6ab-11dc-8acf-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c9cbb7f8-9ed2-11dd-8baf-0019d2062d27}\Shell\AutoRun\command - "" = E:\InstallTomTomHOME.exe
O33 - MountPoints2\{d6308729-2314-11e0-9bdd-001641e012c6}\Shell - "" = AutoRun
O33 - MountPoints2\{d6308729-2314-11e0-9bdd-001641e012c6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d6308729-2314-11e0-9bdd-001641e012c6}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e2ccbd10-2eab-11e0-9be0-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{e2ccbd10-2eab-11e0-9be0-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2ccbd10-2eab-11e0-9be0-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e9ebd215-475b-11dd-8b3f-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{e9ebd215-475b-11dd-8b3f-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9ebd215-475b-11dd-8b3f-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{fa02ae84-7e46-11dc-8a3d-0019d2062d27}\Shell - "" = AutoRun
O33 - MountPoints2\{fa02ae84-7e46-11dc-8a3d-0019d2062d27}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fa02ae84-7e46-11dc-8a3d-0019d2062d27}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/28 13:22:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/28 10:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/08/28 10:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/28 09:12:48 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Aleksandra McClain\Desktop\OTL.exe
[2011/08/28 02:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/28 01:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/28 01:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/28 01:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\{D3F68CD0-D0C2-4597-BD8A-5725A4895544}
[2011/08/26 16:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Search Settings
[2011/08/26 16:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/08/26 16:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader Toolbar
[2011/08/26 14:28:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Desktop\melsonby_photos
[2011/08/26 14:28:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Desktop\melsonby_ryder drawings
[2011/08/17 16:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Desktop\attachments
[2011/08/09 10:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Aleksandra McClain\Desktop\preentrypackfornewstudents
[2007/01/17 21:23:02 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[4 C:\Documents and Settings\Aleksandra McClain\Desktop\*.tmp files -> C:\Documents and Settings\Aleksandra McClain\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/28 13:53:54 | 000,009,970 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2011/08/28 13:53:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/08/28 13:53:44 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/28 13:53:41 | 000,000,906 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/28 13:52:25 | 000,003,216 | ---- | M] () -- C:\WINDOWS\System32\encobject.dat
[2011/08/28 13:51:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/28 13:51:20 | 2145,816,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/28 13:27:06 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/28 13:23:08 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/08/28 10:51:10 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/28 10:47:56 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\NTREGOPT.lnk
[2011/08/28 10:47:56 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\ERUNT.lnk
[2011/08/28 10:32:42 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\y6p5lx29.exe
[2011/08/28 09:09:34 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Aleksandra McClain\Desktop\OTL.exe
[2011/08/28 03:11:21 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/08/28 03:01:31 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\prvlcl.dat
[2011/08/28 02:12:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/28 00:20:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2011/08/27 13:46:28 | 000,359,888 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Vouchers_717.pdf
[2011/08/27 10:21:20 | 129,977,576 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/26 17:52:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/26 14:29:07 | 000,878,625 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\melsonby.zip
[2011/08/23 13:26:33 | 000,037,815 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\horse.jpg
[2011/08/17 01:10:08 | 000,138,995 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\mynpower_bill_24Jun2010.pdf
[2011/08/17 00:55:44 | 000,169,040 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\ei150_series_instructions.pdf
[2011/08/12 01:59:38 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/08/11 14:34:56 | 000,017,152 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Questions_anm.rtf
[2011/08/11 13:05:47 | 000,050,558 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Questions.rtf
[2011/08/11 13:05:16 | 000,176,921 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\09 McClain.pdf
[2011/08/10 16:26:23 | 000,433,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/10 16:26:23 | 000,068,220 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/10 16:23:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/09 09:41:51 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/08/08 22:42:32 | 000,034,972 | ---- | M] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\youth.jpg
[4 C:\Documents and Settings\Aleksandra McClain\Desktop\*.tmp files -> C:\Documents and Settings\Aleksandra McClain\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/28 10:51:10 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/28 10:47:56 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\NTREGOPT.lnk
[2011/08/28 10:47:56 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\ERUNT.lnk
[2011/08/28 10:34:24 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\y6p5lx29.exe
[2011/08/28 09:47:40 | 2145,816,576 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/27 13:46:27 | 000,359,888 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Vouchers_717.pdf
[2011/08/26 14:25:34 | 000,878,625 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\melsonby.zip
[2011/08/23 12:52:34 | 000,037,815 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\horse.jpg
[2011/08/17 01:10:08 | 000,138,995 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\mynpower_bill_24Jun2010.pdf
[2011/08/17 00:55:44 | 000,169,040 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\ei150_series_instructions.pdf
[2011/08/12 01:59:38 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/08/11 13:13:57 | 000,017,152 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Questions_anm.rtf
[2011/08/11 13:05:47 | 000,050,558 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\Questions.rtf
[2011/08/11 13:05:16 | 000,176,921 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\09 McClain.pdf
[2011/08/08 22:42:31 | 000,034,972 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Desktop\youth.jpg
[2011/07/16 00:38:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/01 16:46:25 | 000,001,922 | ---- | C] () -- C:\WINDOWS\TLMSTUDENT.INI
[2011/02/01 16:46:23 | 000,000,826 | ---- | C] () -- C:\WINDOWS\SSCE.INI
[2011/02/01 16:46:11 | 000,001,942 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/02/01 16:46:11 | 000,000,168 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\906B61DCC3.sys
[2010/07/31 20:14:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/24 16:13:23 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/02/28 14:17:12 | 000,000,034 | ---- | C] () -- C:\WINDOWS\NPinfotl.INI
[2010/02/14 07:26:07 | 000,000,606 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat.temp
[2010/01/17 17:47:37 | 000,195,379 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2010/01/17 17:47:37 | 000,000,606 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2010/01/13 23:31:01 | 000,000,018 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/01/13 23:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2010/01/06 18:37:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\prvlcl.dat
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/03 16:30:48 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2009/07/03 15:23:25 | 000,069,632 | ---- | C] () -- C:\WINDOWS\erase_SR.exe
[2009/04/16 12:08:45 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009/04/16 12:00:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE P2400EFGD.ini
[2009/04/11 15:35:28 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/01/25 03:06:48 | 000,048,913 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[2008/10/21 00:05:41 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/10/21 00:05:41 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/10/21 00:05:41 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/10/21 00:05:40 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/10/15 22:48:34 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/04/28 11:19:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\pp80.INI
[2008/01/30 17:10:46 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/01/09 15:01:48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\bdoscandel.exe
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/08/30 14:17:32 | 000,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007/07/25 10:52:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Gridview.INI
[2007/06/12 19:55:11 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2007/04/02 10:46:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6s.DLL
[2007/04/01 22:43:29 | 000,070,144 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/13 16:28:01 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin.old
[2007/03/13 16:28:01 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin.old
[2007/03/13 16:04:00 | 000,004,133 | ---- | C] () -- C:\WINDOWS\entrust.ini
[2007/03/13 15:51:12 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\default.bin
[2007/03/13 15:51:11 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\drivers\default.bin
[2007/03/09 02:35:20 | 000,000,070 | ---- | C] () -- C:\WINDOWS\187AD870.ini
[2007/03/06 15:10:03 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32_1-1-0_DDR.dll
[2007/03/06 15:10:02 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\libeay32_1-1-0_DDR.dll
[2007/03/06 15:10:02 | 000,532,594 | ---- | C] () -- C:\WINDOWS\System32\xerces-c_1_40_0_DDR.dll
[2007/03/06 15:10:02 | 000,524,377 | ---- | C] () -- C:\WINDOWS\System32\stlport_4_0_0_DDR.dll
[2007/03/06 15:10:02 | 000,307,329 | ---- | C] () -- C:\WINDOWS\System32\BJBase_2-2-2_DDR.dll
[2007/02/21 11:12:46 | 001,513,984 | ---- | C] () -- C:\WINDOWS\System32\Mgxrdr80.dll
[2007/02/21 11:12:44 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2007/02/21 11:12:44 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2007/02/21 11:12:25 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\Ppiv30.dll
[2007/02/21 11:12:25 | 000,000,986 | ---- | C] () -- C:\WINDOWS\Mgxclean.sys
[2007/02/21 11:12:25 | 000,000,100 | ---- | C] () -- C:\WINDOWS\MGXCLEAN.DAT
[2007/01/23 00:47:09 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/20 18:58:13 | 000,005,162 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/17 21:16:32 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/01/17 21:16:32 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2007/01/17 21:16:32 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/01/17 20:57:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/17 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/15 07:18:20 | 000,003,216 | ---- | C] () -- C:\WINDOWS\System32\encobject.dat
[2006/12/30 14:30:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/12/30 13:32:52 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2006/12/30 13:22:05 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Aleksandra McClain\Local Settings\Application Data\fusioncache.dat
[2006/12/22 17:32:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/22 17:22:44 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2006/12/22 17:22:10 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2006/12/22 17:21:21 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2006/12/22 17:16:16 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2006/12/22 17:12:46 | 000,000,322 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/22 17:10:48 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/12/22 17:10:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/12/22 17:10:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/12/22 17:10:48 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/12/22 17:10:48 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/12/22 17:10:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/12/22 17:03:08 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/12/22 17:00:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2006/12/22 16:59:51 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2006/12/22 16:59:39 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2006/12/22 16:59:39 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2006/12/22 16:59:27 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2006/12/22 16:56:20 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2006/12/22 16:50:20 | 000,073,782 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[2006/11/17 01:14:14 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\psasrv.exe
[2006/08/17 09:00:13 | 000,009,970 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2006/08/17 09:00:09 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2006/08/03 02:27:54 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/08/03 02:27:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/06/14 17:26:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/06/12 21:27:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2006/04/30 08:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 08:22:10 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/04/30 08:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/30 08:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/30 07:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/04/30 07:55:55 | 000,433,812 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/04/30 07:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/04/30 07:55:55 | 000,068,220 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/04/30 07:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/04/30 07:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/04/30 07:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/04/30 07:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/04/30 07:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/04/30 07:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/04/30 07:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/04/30 07:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/04/30 01:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/30 01:03:29 | 000,356,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/02/21 04:59:25 | 000,285,696 | ---- | C] () -- C:\WINDOWS\System32\cncs232.dll
[1999/01/22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/07/15 13:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Any Video Converter
[2009/12/29 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Auslogics
[2010/12/12 01:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\AVG10
[2009/09/21 18:39:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Bullzip
[2010/04/08 12:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Canon
[2010/07/27 09:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\CheckPoint
[2011/07/08 04:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Dropbox
[2010/07/23 13:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Elluminate
[2009/09/18 01:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\EndNote
[2010/03/30 00:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Facebook
[2009/06/29 21:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Free Photo Converter
[2007/03/21 23:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\InterVideo
[2011/02/01 15:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\iSpring Solutions
[2010/04/20 18:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\KompoZer
[2007/07/17 09:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Leadertech
[2007/01/14 18:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Lenovo
[2007/02/01 11:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\MapInfo
[2010/09/19 23:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Obsidium
[2010/03/07 07:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\PDF Writer
[2011/02/01 16:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Progeny
[2011/08/26 16:22:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Search Settings
[2007/04/04 11:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Snapfish
[2011/08/28 13:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\stickies
[2009/09/13 23:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\StreamTorrent
[2006/12/22 17:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\ThinkVantage
[2011/04/29 06:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\uTorrent
[2010/04/20 18:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Virtual Mechanics
[2011/07/14 18:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\Voxmobili
[2011/07/17 02:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Aleksandra McClain\Application Data\YouTube Downloader
[2011/08/28 02:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2008/09/08 20:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2010/12/12 01:28:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/09/21 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2007/01/14 18:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2009/07/03 13:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2007/02/21 13:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MapInfo
[2011/05/01 20:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/03/07 07:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2010/12/09 01:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/06/14 22:55:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2008/01/29 23:13:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
[2011/08/28 02:08:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/10/20 19:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2007/08/30 15:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2010/04/20 18:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtual Mechanics
[2011/07/17 02:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YouTube Downloader
[2011/07/20 00:20:57 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2011/08/28 00:20:01 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2011/07/20 00:20:58 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job
[2011/08/28 13:53:52 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B71D0B4
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8BE05FA

< End of report >


OTL Extras logfile created on: 8/28/2011 1:55:13 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Documents and Settings\Aleksandra McClain\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.07% Memory free
2.60 Gb Paging File | 1.92 Gb Available in Paging File | 73.83% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.03 Gb Total Space | 26.86 Gb Free Space | 18.65% Space Free | Partition Type: NTFS

Computer Name: ALEKS | User Name: Aleksandra McClain | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Aleksandra McClain\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Aleksandra McClain\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)
"C:\Documents and Settings\Aleksandra McClain\My Documents\programs\utorrent.exe" = C:\Documents and Settings\Aleksandra McClain\My Documents\programs\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{19FDEED8-3016-4862-A430-AB2B41D5C322}" = iSpring Presenter 5
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.2
"{1D76A52C-87A6-4AB0-A7B0-08C8D5DF1D75}" = Motorola Mobile Drivers Installation 5.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{23DA4222-E517-42B3-8F97-9CFD49E2A732}" = AVG 2011
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 17
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}" = Acronis Migrate Easy
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3F55B0C9-D552-4D02-BBCF-76E2EE60C686}" = EndNote 8.0.2 Upgrade
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{48227AEB-DC8E-4A90-A274-0B4A39D699B1}" = Client Security Solution
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_06_F4500_SW_MIN
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{55A7B938-3D1E-4819-A87B-F83E736EF52E}" = F4500
"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = ThinkVantage Active Protection System
"{72A7495B-18CD-4751-AC38-5DBED9C6B1E7}" = YouTube Downloader Toolbar v4.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7F08A772-2816-4F46-84F1-49578502AD28}" = HP Deskjet F4500 Printer Driver Software 13.0 Rel .6
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{80490945-CE48-45CF-9CCA-CA0EF44D9FE4}" = AVG 2011
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = ThinkPad UltraNav Wizard
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{97042B20-E491-11D3-96D4-00105A111647}" = Vertical Mapper 3.0
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9EA84FDD-CCC0-47FD-A993-923165BEA47A}" = System Migration Assistant
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Power Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5FC1423-8739-45CB-9C46-27BF79A0BD8A}" = MapInfo Professional 8.5
"{A64FF1D4-9CBC-467C-8D11-C1AFAA0B8AFF}" = AVG 2011
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B3AEF776-7FFF-4C50-A402-9119E3849EE0}" = AVG 2011
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C031CD16-1112-4133-B8C6-68F9582B3476}" = ATI Catalyst Control Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2EBC2F1-B766-4AE3-A10C-6EBBC1EE3B02}" = Data Sync
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad
"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DB90FF25-9932-48F2-B643-1802F1864FAF}" = AVG 2011
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E20B2BBD-28B8-4378-97AD-C30F40ED13D2}" = Motorola Software Update
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E4A72492-6674-46F4-8322-7FE498B6CD17}" = Google Desktop
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FC26CFC9-E801-4E90-B139-769D3CB1B01B}" = Gantt Designer
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0 Limited Edition" = Adobe Photoshop 5.0 Limited Edition
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"AwayTask" = ThinkVantage Away Manager
"BroadJump Client Foundation" = BroadJump Client Foundation
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1140
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem
"Digital Editions" = Adobe Digital Editions
"Encore LaunchPad_is1" = Encore LaunchPad 6.8.25.100
"ERUNT_is1" = ERUNT 1.1j
"FastStone Photo Resizer" = FastStone Photo Resizer 2.8
"Google Desktop" = Google Desktop
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.7.1 Q16_is1" = ImageMagick 6.7.1-0 Q16 (2011-07-15)
"IrfanView" = IrfanView (remove only)
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"JAlbum" = JAlbum
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mathman" = Mathman
"Micrografx Picture Publisher 8" = Micrografx Picture Publisher 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mindful_is1" = Mindful version 1.2
"MotoHelper" = MotoHelper 2.0.51 Driver 5.2.0
"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTF2MIF_is1" = NTF2MIF 3.2
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"P2400P Reference Guide" = P2400P Reference Guide
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa 3" = Picasa 3
"Power Management Driver" = ThinkPad Power Management Driver
"Presentation Director" = ThinkPad Presentation Director
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"proXPN" = proXPN 2.4.8
"RealPlayer 6.0" = RealPlayer
"Riva FLV Player_is1" = Riva FLV Player
"Scan2CAD v77.5" = Scan2CAD v7
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"Stickies 6.7a" = Stickies 6.7a
"StreamTorrent 1.0" = StreamTorrent 1.0
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"TVUPlayer" = TVUPlayer 2.4.7.2
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ArcView GIS 3.3" = ArcView GIS 3.3
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2011 5:32:03 AM | Computer Name = ALEKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4182, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 8/9/2011 5:32:42 AM | Computer Name = ALEKS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4182, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/11/2011 6:50:51 AM | Computer Name = ALEKS | Source = Application Error | ID = 1000
Description = Faulting application voxsync.exe, version 1.0.0.0, faulting module
voxsync.exe, version 1.0.0.0, fault address 0x0001e715.

Error - 8/12/2011 3:21:53 PM | Computer Name = ALEKS | Source = Application Error | ID = 1000
Description = Faulting application voxsync.exe, version 1.0.0.0, faulting module
voxsync.exe, version 1.0.0.0, fault address 0x0001e715.

Error - 8/25/2011 3:02:45 AM | Computer Name = ALEKS | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 9.0.0.2717, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/25/2011 11:28:04 AM | Computer Name = ALEKS | Source = Application Hang | ID = 1002
Description = Hanging application photosle.exe, version 3.0.64.101, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/27/2011 8:46:35 PM | Computer Name = ALEKS | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.4232, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

Error - 8/27/2011 9:15:55 PM | Computer Name = ALEKS | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Professional -- Error 1706. No valid
source could be found for product Microsoft Office 2000 Professional. The Windows
installer cannot continue.

Error - 8/28/2011 8:46:59 AM | Computer Name = ALEKS | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.26.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/28/2011 8:47:22 AM | Computer Name = ALEKS | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.26.6, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/28/2011 8:22:46 AM | Computer Name = ALEKS | Source = Service Control Manager | ID = 7031
Description = The MotoHelper Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 8/28/2011 8:22:46 AM | Computer Name = ALEKS | Source = Service Control Manager | ID = 7034
Description = The System Update service terminated unexpectedly. It has done this
1 time(s).

Error - 8/28/2011 8:22:46 AM | Computer Name = ALEKS | Source = Service Control Manager | ID = 7034
Description = The ThinkVantage Registry Monitor Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/28/2011 8:22:46 AM | Computer Name = ALEKS | Source = Service Control Manager | ID = 7034
Description = The ThinkPad HDD APS Logging Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/28/2011 8:22:47 AM | Computer Name = ALEKS | Source = Service Control Manager | ID = 7034
Description = The IBM KCU Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/28/2011 8:22:47 AM | Computer Name = ALEKS | Source = Service Control Manager | ID = 7034
Description = The TVT Backup Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/28/2011 8:22:47 AM | Computer Name = ALEKS | Source = Service Control Manager | ID = 7034
Description = The TVT Scheduler service terminated unexpectedly. It has done this
1 time(s).

Error - 8/28/2011 8:22:47 AM | Computer Name = ALEKS | Source = Service Control Manager | ID = 7034
Description = The tvtnetwk service terminated unexpectedly. It has done this 1
time(s).

Error - 8/28/2011 8:38:38 AM | Computer Name = ALEKS | Source = System Error | ID = 1003
Description = Error code 000000f7, parameter1 00000000, parameter2 00000000, parameter3
00000000, parameter4 00000000.

Error - 8/28/2011 8:54:43 AM | Computer Name = ALEKS | Source = System Error | ID = 1003
Description = Error code 1000007e, parameter1 c0000005, parameter2 89dc91ad, parameter3
ba577b04, parameter4 ba577800.


< End of report >


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-28 14:08:32
-----------------------------
14:08:32.968 OS Version: Windows 5.1.2600 Service Pack 3
14:08:32.968 Number of processors: 2 586 0xF06
14:08:32.968 ComputerName: ALEKS UserName:
14:08:33.781 Initialize success
14:08:57.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
14:08:57.328 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
14:08:57.328 Disk 0 MBR read successfully
14:08:57.343 Disk 0 MBR scan
14:08:57.343 Disk 0 TDL4@MBR code has been found
14:08:57.343 Disk 0 MBR hidden
14:08:57.343 Disk 0 MBR [TDL4] **ROOTKIT**
14:08:57.343 Disk 0 trace - called modules:
14:08:57.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89dbf4d0]<<
14:08:57.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a750ab8]
14:08:57.343 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000a9[0x8a735a08]
14:08:57.343 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a748030]
14:08:57.343 \Driver\iaStor[0x8a751a48] -> IRP_MJ_CREATE -> 0x89dbf4d0
14:08:57.343 Scan finished successfully
14:09:10.265 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
14:09:10.296 The log file has been saved successfully to "F:\aswMBR.txt"
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye they do get a bit uppity sometimes

Re-Run aswMBR

Click Scan

On completion of the scan
Click the Fix Button

Posted Image

Save the log as before and post in your next reply

THEN

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#8
aleksm42

aleksm42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
OK, the awsMBR scan ran fine and said it successfully deleted the rootkit, but asked me to restart the computer to finish the fix, but it didn't create a log before it restarted. I hit OK, the computer started back up fine, but there was no log for me to save and post here when it loaded back up. However, when the computer started, AVG popped up and said it had deteceted and deleted malware in the path C:\WINDOWS\TEMP\GFJJKFACJGARXNBQ.EXE

I ran a awsMBR scan after it restarted, and this is the log that resulted:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-28 15:11:35
-----------------------------
15:11:35.281 OS Version: Windows 5.1.2600 Service Pack 3
15:11:35.281 Number of processors: 2 586 0xF06
15:11:35.281 ComputerName: ALEKS UserName:
15:11:45.359 Initialize success
15:12:07.250 The log file has been saved successfully to "C:\Documents and Settings\Aleksandra McClain\Desktop\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-28 15:12:31
-----------------------------
15:12:31.062 OS Version: Windows 5.1.2600 Service Pack 3
15:12:31.062 Number of processors: 2 586 0xF06
15:12:31.062 ComputerName: ALEKS UserName:
15:12:32.343 Initialize success
15:12:35.656 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:12:35.656 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
15:12:35.656 Disk 0 MBR read successfully
15:12:35.656 Disk 0 MBR scan
15:12:35.671 Disk 0 unknown MBR code
15:12:35.687 Disk 0 scanning sectors +312545520
15:12:35.812 Disk 0 scanning C:\WINDOWS\system32\drivers
15:13:00.796 Service scanning
15:13:01.812 Service vsdatant C:\WINDOWS\System32\vsdatant.sys **LOCKED** 32
15:13:02.359 Modules scanning
15:14:00.031 Disk 0 trace - called modules:
15:14:00.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
15:14:00.046 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a73fab8]
15:14:00.062 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\000000a8[0x8a74df18]
15:14:00.109 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a74c030]
15:14:00.109 Scan finished successfully
15:14:22.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Aleksandra McClain\Desktop\MBR.dat"
15:14:22.000 The log file has been saved successfully to "C:\Documents and Settings\Aleksandra McClain\Desktop\aswMBR.txt"


I then ran MBAM, which found and removed 9 infected items. The log is here:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7594

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/28/2011 3:16:17 PM
mbam-log-2011-08-28 (15-16-17).txt

Scan type: Quick scan
Objects scanned: 182375
Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\youtube downloader toolbar\IE\4.6\youtubedownloadertoolbarie.dll (PUP.Dealio.TB) -> Quarantined and deleted successfully.
c:\documents and settings\aleksandra mcclain\application data\Adobe\plugs\kb205292468.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\aleksandra mcclain\application data\Adobe\plugs\kb205373968.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are the current problems ?

Could you confirm that the following work as they are supposed to :

Windows Updates
Safe Mode
System restore
  • 0

#10
aleksm42

aleksm42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Everything seems to be working much better now, thanks to your help! Windows update works now, I can get online and open browsers with no trouble, and the computer is running fast again and not crashing so far.

Is there anything I need to update in my security to keep something like this getting through again?
  • 0

Advertisements


#11
aleksm42

aleksm42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Ah, wait...after saying that while Windows update was running, it has now informed me that the following updates were not installed: Security Update for Windows XP (KB2476490).
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you get an error code along with that ? And do the others install OK ?
  • 0

#13
aleksm42

aleksm42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Windows update doesn't seem to have tried to install anything else apart from that one thing. The error code is 0x80070003
  • 0

#14
aleksm42

aleksm42

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I just checked back through my update history, and that same security update has been failing to update since June 16th of this year. Everything else seems to have been able to install successfully over that time. Each time it gives the same error code.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try and fix that

Go to this MS site and you will see a fixit it button. Run this programme and try again, if that fails then re-run the programme using the aggressive mode
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP