Jump to content

Infected?


Recommended Posts

My computers been running really slow lately. I suspect I've been infected. Here are the Malwarebytes Quickscan Log and the GMER log. I couldn't get the DDS.scr to work. It just wouldn't open.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7910

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/9/2011 6:02:30 PM

mbam-log-2011-10-09 (18-02-28).txt

Scan type: Quick scan

Objects scanned: 172985

Time elapsed: 12 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Also, BHODemon says I have a bunch of BHOs. I'm attaching the BHO file I found as well.

Also, my protection software are: Avast!, Malwarebytes, BHODemon, and SpywareBlaster

ark.zip

sglog.zip

Link to post
Share on other sites

My computers been running really slow lately. I suspect I've been infected. Here are the Malwarebytes Quickscan Log and the GMER log. I couldn't get the DDS.scr to work. It just wouldn't open.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7910

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

10/9/2011 6:02:30 PM

mbam-log-2011-10-09 (18-02-28).txt

Scan type: Quick scan

Objects scanned: 172985

Time elapsed: 12 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Also, BHODemon says I have a bunch of BHOs. I'm attaching the BHO file I found as well.

Also, my protection software are: Avast!, Malwarebytes, BHODemon, and SpywareBlaster

Can anyone help me with this?

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

OTL.Txt:

OTL logfile created on: 10/15/2011 6:36:36 PM - Run 1

OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Loren Reinoso\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.74% Memory free

4.15 Gb Paging File | 2.20 Gb Available in Paging File | 52.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 66.13 Gb Total Space | 7.43 Gb Free Space | 11.23% Space Free | Partition Type: NTFS

Computer Name: LORENREINOSO-PC | User Name: Loren Reinoso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/15 18:31:59 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Loren Reinoso\Downloads\OTL.exe

PRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

PRC - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exe

PRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/20 22:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/11/29 14:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

PRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

PRC - [2007/09/11 01:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

PRC - [2007/08/22 20:26:46 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

PRC - [2007/08/09 14:11:06 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe

PRC - [2007/08/09 13:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2007/07/05 18:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

PRC - [2007/07/05 18:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

PRC - [2007/07/05 18:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

PRC - [2007/03/29 16:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

PRC - [2007/03/29 16:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe

PRC - [2007/03/09 01:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

PRC - [2007/03/08 00:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

PRC - [2007/03/02 01:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe

PRC - [2007/02/05 18:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXE

PRC - [2007/01/08 23:03:26 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

PRC - [2006/12/28 22:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe

PRC - [2006/11/15 19:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

PRC - [2006/11/15 19:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

PRC - [2006/11/07 06:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

PRC - [2006/09/06 03:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe

PRC - [2005/06/19 12:59:30 | 000,946,176 | ---- | M] (Definitive Solutions, Inc.) -- C:\Program Files\BHODemon 2\BHODemon.exe

PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe

PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe

PRC - [2003/07/19 17:48:42 | 000,118,784 | ---- | M] () -- C:\Program Files\MRU-Blaster\scheduler.exe

========== Modules (No Company Name) ==========

MOD - [2011/07/08 07:53:06 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2011/05/04 07:53:15 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2011/03/29 06:53:25 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2009/03/30 00:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2009/03/30 00:42:18 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2009/03/30 00:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2009/03/30 00:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2007/12/06 13:11:00 | 000,120,368 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMIF32V.DLL

MOD - [2007/12/06 13:11:00 | 000,026,624 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL

MOD - [2007/08/22 19:26:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLibrary.dll

MOD - [2007/08/22 19:26:56 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadDataObjects.dll

MOD - [2007/08/22 19:24:18 | 000,007,680 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\en-US\LocalizationWrapper.resources.dll

MOD - [2007/08/22 19:24:16 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\LocalizationWrapper.dll

MOD - [2007/04/14 09:30:56 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dll

MOD - [2007/03/29 16:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll

MOD - [2007/03/29 15:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll

MOD - [2007/01/25 02:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll

MOD - [2007/01/08 22:08:24 | 000,110,592 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll

MOD - [2006/11/30 04:17:14 | 000,079,408 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPLHMM.dll

MOD - [2006/11/10 00:26:02 | 000,030,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll

MOD - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe

MOD - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe

MOD - [2003/07/19 17:48:42 | 000,118,784 | ---- | M] () -- C:\Program Files\MRU-Blaster\scheduler.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)

SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)

SRV - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2009/11/05 11:32:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)

SRV - [2007/08/09 13:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2007/07/05 18:48:54 | 000,206,120 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)

SRV - [2007/07/05 18:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)

SRV - [2007/03/02 01:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)

SRV - [2007/02/05 18:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)

SRV - [2007/01/08 23:03:26 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)

SRV - [2006/11/15 19:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)

========== Driver Services (SafeList) ==========

DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011/07/04 13:50:06 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2009/11/01 13:18:48 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009/08/03 20:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)

DRV - [2009/08/03 20:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2009/08/03 20:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2009/08/03 20:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2009/08/03 20:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2009/08/03 20:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2009/02/17 07:15:41 | 000,060,800 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1093.sys -- (RDID1093)

DRV - [2008/03/05 18:43:32 | 000,223,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2007/12/06 13:11:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)

DRV - [2007/10/17 22:58:16 | 000,758,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/10/16 21:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2007/10/16 21:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2007/08/08 07:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/07/29 22:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/29 21:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/06/08 14:15:20 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2007/05/22 18:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)

DRV - [2007/05/22 03:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)

DRV - [2007/02/16 18:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2006/11/28 03:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/06 04:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)

DRV - [2006/08/30 06:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)

DRV - [2004/02/04 12:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86

FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.31

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q="

FF - prefs.js..network.proxy.autoconfig_url: "http://luke.oratoryprep.edu/proxy/proxy.pac"

FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.3: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Loren Reinoso\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Loren Reinoso\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/09/15 18:22:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/27 19:52:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/03 19:45:33 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009/10/30 01:11:43 | 000,000,000 | ---D | M]

[2011/07/04 19:12:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Extensions

[2010/11/13 00:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com

[2011/09/29 14:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions

[2010/04/27 07:35:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/09/15 21:56:54 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}

[2011/06/01 10:05:26 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

[2010/05/02 11:26:28 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions\inboxcomtoolbar@inbox.com

[2010/03/25 21:12:01 | 000,002,267 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\searchplugins\aim-search-1.xml

[2009/10/30 22:01:34 | 000,004,554 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\searchplugins\aim-search.xml

[2010/11/01 07:54:28 | 000,010,017 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\searchplugins\mywebsearch.xml

[2011/10/07 11:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/03 18:51:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/06/16 13:26:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/16 13:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/27 08:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011/01/19 16:09:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/02/22 18:23:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/10/07 11:28:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2010/09/01 18:26:58 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com

[2011/09/15 18:22:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

[2011/09/27 19:52:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/09/03 18:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll

[2009/09/03 18:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll

[2011/09/27 19:52:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml

[2011/07/04 13:34:32 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Loren Reinoso\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Loren Reinoso\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Loren Reinoso\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll

CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: avast! WebRep = C:\Users\Loren Reinoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()

O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {58BECA16-CAE6-4B7A-A0E8-153D0CBBA63A} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)

O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)

O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [bLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()

O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()

O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)

O4 - HKLM..\Run: [PC Cleaners] C:\Program Files\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)

O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)

O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not found

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.)

O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Registration.lnk = C:\Program Files\Lenovo Registration\Lenovo.exe (Leader Technologies/Lenovo)

O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe ()

O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe ()

O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E2FBC04-B306-466F-941E-6EDB082E72BE}: DhcpNameServer = 172.17.239.253

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEDCBF05-B248-4D2E-BF8D-3EAB8F9F50B7}: DhcpNameServer = 68.87.64.150 68.87.75.198

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{03560a04-d2ab-11de-8360-001fe2167f41}\Shell - "" = AutoRun

O33 - MountPoints2\{03560a04-d2ab-11de-8360-001fe2167f41}\Shell\AutoRun\command - "" = E:\StartHere.exe /s

O33 - MountPoints2\{9ed6aac5-de6c-11de-bdde-001fe2167f41}\Shell - "" = AutoRun

O33 - MountPoints2\{9ed6aac5-de6c-11de-bdde-001fe2167f41}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{acba0442-2010-11e0-b549-002268ede505}\Shell - "" = AutoRun

O33 - MountPoints2\{acba0442-2010-11e0-b549-002268ede505}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\{f073c9fa-e067-11e0-b868-002268ede505}\Shell - "" = AutoRun

O33 - MountPoints2\{f073c9fa-e067-11e0-b868-002268ede505}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{f234cd7b-c7a4-11de-a29b-001fe2167f41}\Shell - "" = AutoRun

O33 - MountPoints2\{f234cd7b-c7a4-11de-a29b-001fe2167f41}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe /autorun

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 08:00:54 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{6B69E196-F75E-4662-BF56-373B070B2FF0}

[2011/10/14 03:14:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011/10/14 03:14:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011/10/14 03:14:25 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011/10/14 03:14:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011/10/14 03:14:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011/10/13 18:50:35 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2011/10/13 18:50:35 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2011/10/13 18:50:34 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2011/10/13 18:50:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2011/10/13 18:50:32 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011/10/13 18:46:28 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2011/10/13 18:46:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2011/10/10 19:31:35 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{7058A00B-DE4B-484F-9C5D-62919AAB4B65}

[2011/10/10 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{BAD4F736-0340-4D63-B33D-4E745215B460}

[2011/10/09 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{9CFAEDE0-3CFB-43B0-846B-EF518AF48996}

[2011/10/09 17:00:50 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{4ED32FB7-7197-4399-8B53-2ADAC39EB18C}

[2011/10/09 15:50:06 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Roaming\PC Cleaners

[2011/10/09 15:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BHODemon 2.0

[2011/10/09 15:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\BHODemon 2

[2011/10/09 15:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners

[2011/10/09 15:48:25 | 005,359,888 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe

[2011/10/09 15:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data

[2011/10/09 15:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaners

[2011/10/09 15:40:24 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2011/10/09 15:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2011/10/07 11:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/10/07 11:28:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011/10/07 11:28:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011/10/07 11:28:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011/10/07 10:44:43 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{77D2C7BD-DE71-4DD2-B20A-CE541FA545B6}

[2011/10/06 21:24:26 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011/10/05 09:27:42 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{5806C65C-F6F8-4D3E-BAF8-28C9BA914E26}

[2011/10/05 09:27:26 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{7D7EBE77-289B-4AFF-977A-8D3DCE0C71B3}

[2011/10/04 15:14:53 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{7D767DDA-9778-45AC-8B65-680F723C9A5F}

[2011/10/04 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{36DEA3E3-2620-4C0F-8336-80E362DB58C3}

[2011/10/02 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{D0A45758-BEA0-4E10-9CD8-D1669124ECA7}

[2011/10/02 16:05:43 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{A3C6C758-08E3-45AD-8AF6-8E27E8390B83}

[2011/09/30 20:49:21 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6

[2011/09/30 20:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6

[2011/09/29 22:28:04 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\Documents\opeds

[2011/09/26 18:52:34 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{1F5DEC82-9B7A-4744-B2F8-C094633A41A7}

[2011/09/26 18:52:28 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{9A31BEC4-8173-4B5B-9E1E-EA3CA81DFC9D}

[2011/09/20 11:16:48 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{9817266D-A614-4A90-B72A-262B4393E9B4}

[2011/09/20 11:15:57 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{ABF6191A-4BBB-4E62-AE98-3BC847509C10}

[2011/09/20 09:57:02 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{2260E119-E7E9-4501-865D-E8B4DC3F25C4}

[2011/09/19 08:24:44 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{3308CFE8-F9AD-4987-BDD5-0C9E90BC0B65}

[2011/09/17 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{559E2452-C101-4E08-B0FA-716749056DF3}

[2011/09/16 09:34:43 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{BB8AAF34-F1AE-48BE-8E97-7492E9B29A86}

[2011/09/16 09:33:17 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{0C1A3B7A-6098-4403-A78D-BC279010F163}

[2011/09/15 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar

[2009/10/30 00:43:27 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2009/10/30 00:43:27 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

[2 C:\Users\Loren Reinoso\Documents\*.tmp files -> C:\Users\Loren Reinoso\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/15 18:27:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619907014-1815358231-1267549849-1000UA.job

[2011/10/15 18:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/10/15 18:02:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/10/15 16:59:38 | 000,004,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/10/15 16:59:38 | 000,004,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/10/15 11:32:29 | 000,002,587 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\Microsoft Office Word 2007.lnk

[2011/10/15 10:23:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/10/14 22:07:08 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619907014-1815358231-1267549849-1000Core.job

[2011/10/14 07:54:07 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI

[2011/10/14 07:53:34 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI

[2011/10/14 07:53:06 | 000,432,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/10/14 03:42:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/10/14 03:06:09 | 000,620,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/10/14 03:06:09 | 000,109,616 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/10/09 17:08:13 | 000,000,166 | ---- | M] () -- C:\Users\Loren Reinoso\defogger_reenable

[2011/10/09 17:01:52 | 000,000,955 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Registration.lnk

[2011/10/09 16:24:02 | 000,002,499 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\HiJackThis.lnk

[2011/10/09 15:49:00 | 000,000,768 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk

[2011/10/09 15:49:00 | 000,000,732 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\BHODemon 2.0.lnk

[2011/10/09 15:48:07 | 005,359,888 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe

[2011/10/07 10:33:53 | 000,002,032 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Local\d3d9caps.dat

[2011/10/07 10:33:38 | 000,002,454 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\vba.ini

[2011/10/07 10:30:58 | 000,001,100 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Local\d3d8caps.dat

[2011/10/06 21:24:41 | 000,002,092 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\Google Chrome.lnk

[2011/10/06 21:24:41 | 000,002,054 | ---- | M] () -- C:\Users\Loren Reinoso\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2 C:\Users\Loren Reinoso\Documents\*.tmp files -> C:\Users\Loren Reinoso\Documents\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/09 17:08:12 | 000,000,166 | ---- | C] () -- C:\Users\Loren Reinoso\defogger_reenable

[2011/10/09 17:01:52 | 000,000,955 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Registration.lnk

[2011/10/09 15:49:00 | 000,000,768 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk

[2011/10/09 15:49:00 | 000,000,732 | ---- | C] () -- C:\Users\Loren Reinoso\Desktop\BHODemon 2.0.lnk

[2011/10/09 15:40:24 | 000,002,499 | ---- | C] () -- C:\Users\Loren Reinoso\Desktop\HiJackThis.lnk

[2011/10/06 21:24:41 | 000,002,092 | ---- | C] () -- C:\Users\Loren Reinoso\Desktop\Google Chrome.lnk

[2011/10/06 21:24:41 | 000,002,054 | ---- | C] () -- C:\Users\Loren Reinoso\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/10/06 21:22:49 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619907014-1815358231-1267549849-1000UA.job

[2011/10/06 21:22:47 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619907014-1815358231-1267549849-1000Core.job

[2010/07/19 21:19:12 | 000,001,100 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Local\d3d8caps.dat

[2010/05/23 19:52:11 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[2010/05/21 22:15:09 | 000,000,604 | -H-- | C] () -- C:\Program Files\STST Notifier

[2010/05/21 21:55:52 | 000,007,168 | ---- | C] () -- C:\Windows\System32\RdCi1093.dll

[2010/05/21 21:55:52 | 000,004,088 | ---- | C] () -- C:\Windows\System32\Rd3t1093.DAT

[2009/12/01 15:58:37 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LabProCo.dll

[2009/11/27 14:59:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009/11/20 13:28:24 | 000,026,112 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/11/08 18:56:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/11/08 18:56:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/11/08 18:55:37 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/11/03 22:15:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009/10/31 20:56:29 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2009/10/30 00:56:47 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll

[2009/10/30 00:49:05 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2009/10/30 00:49:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll

[2009/10/30 00:49:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2009/10/30 00:43:28 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2009/10/30 00:43:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2009/10/30 00:38:56 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS

[2009/10/30 00:29:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/10/29 21:36:49 | 000,002,032 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Local\d3d9caps.dat

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2008/10/07 16:13:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll

[2008/10/07 16:03:26 | 001,498,700 | ---- | C] () -- C:\Windows\System32\igkrng400.bin

[2007/08/15 03:51:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/07/27 02:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI

[2007/07/27 02:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI

[2007/03/29 15:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:43 | 000,432,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 06:33:01 | 000,620,606 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,109,616 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/09/05 17:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL

[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3

< End of report >

Link to post
Share on other sites

Extras.Txt

OTL Extras logfile created on: 10/15/2011 6:36:36 PM - Run 1

OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Loren Reinoso\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.74% Memory free

4.15 Gb Paging File | 2.20 Gb Available in Paging File | 52.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 66.13 Gb Total Space | 7.43 Gb Free Space | 11.23% Space Free | Partition Type: NTFS

Computer Name: LORENREINOSO-PC | User Name: Loren Reinoso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04F98220-7EE6-45F6-9B84-6A365812428A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{055292F7-072C-4BE7-904B-52FCA71D0BD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1911C3D6-B8B6-4E5F-AB0B-FDE78FF912D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{324763FD-8412-4601-89C3-600A70092785}" = rport=138 | protocol=17 | dir=out | app=system |

"{37775BA9-2BC8-4081-9997-A6821C0C720F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4762B2B8-BD5D-4178-862E-EEFE18502F97}" = lport=137 | protocol=17 | dir=in | app=system |

"{5487476D-9897-462F-A119-0F7C65845B03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{5EA7F7C2-90FA-415E-AAE9-3D28A1063857}" = lport=138 | protocol=17 | dir=in | app=system |

"{64FC88C2-B236-4150-91D6-E09D0C9FF23E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{65B63A9E-E682-4C0E-9C36-2BCB9CAFFCC8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{70020751-87DA-48F5-9BC6-E791218B4EDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{74CDE7D3-75B1-49E7-B029-A102008E73EF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{77F4B97A-E12C-49E6-93C5-E5D05155510C}" = rport=139 | protocol=6 | dir=out | app=system |

"{7A315509-9B9F-4158-A889-F27D8DB13026}" = lport=445 | protocol=6 | dir=in | app=system |

"{8508B8EF-8EFA-4D87-BB83-CA7B29008F5B}" = lport=139 | protocol=6 | dir=in | app=system |

"{88032049-F09C-4FD0-996B-0BC2B23AD9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{9ABA4337-7792-472B-9B29-1345BE2B7774}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{AAD0E22B-9843-4F37-97E6-6EFB254982E1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{ACE797F4-0E38-4E88-9436-586FD994A6B7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AE4AD853-B735-4130-A365-EE2E4484839F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C3AE64C5-D6C6-4494-BC24-F8F68FAC2134}" = rport=137 | protocol=17 | dir=out | app=system |

"{C6FE2032-352F-4E45-9D24-6667D15190AB}" = rport=445 | protocol=6 | dir=out | app=system |

"{CC30DC2E-6380-4C2D-B776-344F86FA978E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02B23C9C-4F10-48AE-8DC7-CC284853FE00}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{11041F08-0D9E-43FE-8256-8E7E24A87313}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{24420D97-0040-4759-8C10-FA7A0A14F1EE}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |

"{3D6DBA03-6BCE-40DF-A2C5-6D92846E232F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{6449A243-8EB0-4065-8695-C73FAAEB7F37}" = protocol=6 | dir=in | app=c:\users\loren reinoso\appdata\local\f4\clientupdater\clientupdater.exe |

"{66594EE0-53E9-4784-8453-1EA51F2DF69B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{70A70D4E-DDA2-423F-BBDC-E59E96160ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{76B9E8F6-C90C-44D1-A01A-16552E92C902}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"{7AA6878C-0803-47C2-9E48-7AB46280351D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7E17CE8B-CC6A-4CF8-BF83-2731C8F8FDBA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{7F602A14-97D1-4AFB-9CB0-45CB772E0A2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7F8F637B-9D91-42B2-AF45-A5ECBA639F8D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"{8499B524-ADEA-4845-BB78-25448E41B0B9}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |

"{97376732-0C6C-44B7-8EF0-9A85C4796F05}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"{B1F55480-A081-4BF4-AB93-7B3329EADB31}" = protocol=17 | dir=in | app=c:\program files\empire of sports\empireofsports.exe |

"{BD905BED-DBFA-44EA-95AC-ABD9B77DFF53}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{C2AF9732-5CB1-4A18-8285-38C21489B1AF}" = protocol=6 | dir=in | app=c:\program files\empire of sports\empireofsports.exe |

"{CB16BDD6-6C3A-4B41-B097-8692D5C764AC}" = protocol=17 | dir=in | app=c:\users\loren reinoso\appdata\local\f4\clientupdater\clientupdater.exe |

"{E29AF5F0-FD5A-4443-BAD4-CC3C456E3C91}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{F2C15665-DD8B-4122-972F-B99605941082}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"{FB714E71-310F-4B83-AC5A-9B678F479731}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"TCP Query User{06100173-A960-448D-88F5-F1620FFC3438}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"TCP Query User{07803B31-FC97-47EF-AA59-4C4035EEC54A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{43992E7E-1AEF-4DB7-AE18-1E3BA2FC0E35}C:\program files\lucasarts\star wars battlefront ii pc server\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii pc server\battlefrontii.exe |

"TCP Query User{4BE617EE-A107-458F-B046-1DDD0D5317B3}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe |

"TCP Query User{6280002E-3E2B-4C68-B6F1-92971E8981C5}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"TCP Query User{74E1067C-CD3E-4126-BAFF-B979A444E2F6}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe |

"TCP Query User{78355911-0131-41AF-AAD6-CE3B33388FCA}C:\users\loren reinoso\downloads\bittorrent-7.2.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\downloads\bittorrent-7.2.exe |

"TCP Query User{7ACCA628-59D3-4CE6-821B-5DCB1ADFFEF4}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"TCP Query User{7FD6D717-146E-4FC6-8EEC-EBC81850BCFA}C:\users\loren reinoso\documents\pocket tanks\pockettanks.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\documents\pocket tanks\pockettanks.exe |

"TCP Query User{84BF4F70-6279-4666-8B4B-88669B370C2E}C:\program files\lucasarts\star wars battlefront ii pc server\swbf2sm.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii pc server\swbf2sm.exe |

"TCP Query User{960558B8-2FF0-4CB4-A0D2-EBED3554ACE3}C:\program files\microsoft games\impossible creatures\ic.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\impossible creatures\ic.exe |

"TCP Query User{BF5C37FF-2BE7-4F08-910C-D0DF8FEF46E8}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |

"TCP Query User{BFE23646-3337-462D-AEEA-18D9B065CD94}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |

"TCP Query User{E24A12C5-F7C8-491F-953D-E574889882F1}C:\users\loren reinoso\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\appdata\roaming\imvuclient\1vivoxvoice.exe |

"TCP Query User{F5C28D4C-BE56-4757-B4A0-F7A4EAD4949D}C:\users\loren reinoso\desktop\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\desktop\visualboyadvance.exe |

"TCP Query User{F7872400-6029-40BC-A3A8-6C32CA9EA822}C:\users\loren reinoso\downloads\pocket tanks\pockettanks.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\downloads\pocket tanks\pockettanks.exe |

"TCP Query User{FEBE1B54-D88F-4CC9-96A7-DAB003144867}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"UDP Query User{02925D32-BE36-43BE-B878-D4FC7784879E}C:\program files\lucasarts\star wars battlefront ii pc server\swbf2sm.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii pc server\swbf2sm.exe |

"UDP Query User{043101B8-7E66-4BA2-83C1-497DC5E7702A}C:\program files\microsoft games\impossible creatures\ic.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\impossible creatures\ic.exe |

"UDP Query User{056F7DE6-980E-493F-806C-27346F7F75D1}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe |

"UDP Query User{170399FB-7810-4DC1-BF2C-ADAD97B867B1}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe |

"UDP Query User{3063F7DB-A284-4934-A9B4-67C62CBF7100}C:\users\loren reinoso\documents\pocket tanks\pockettanks.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\documents\pocket tanks\pockettanks.exe |

"UDP Query User{660E67BD-197B-420B-AB24-A8B9B90F633A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"UDP Query User{8B78E8F1-DE58-4746-88FA-E113C74D8006}C:\users\loren reinoso\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\appdata\roaming\imvuclient\1vivoxvoice.exe |

"UDP Query User{8D7C1187-0FEF-49C2-A3BD-A7E20866F05F}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"UDP Query User{9508ED99-1793-4E94-84EF-E8D1CCBC0F11}C:\users\loren reinoso\desktop\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\desktop\visualboyadvance.exe |

"UDP Query User{9AD74278-7575-48C7-9BF1-FD308F027551}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"UDP Query User{AC63AAF9-67BF-41A8-99BA-349C7DA9B4E9}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe |

"UDP Query User{AFDE9C95-9E89-450C-8509-5F1F2166BC1F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"UDP Query User{B152F1ED-23E9-42A3-BABA-F1D9AD744ED5}C:\users\loren reinoso\downloads\pocket tanks\pockettanks.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\downloads\pocket tanks\pockettanks.exe |

"UDP Query User{B1D49FDD-39A7-4B94-A94E-7CCF5E84D693}C:\program files\lucasarts\star wars battlefront ii pc server\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii pc server\battlefrontii.exe |

"UDP Query User{BBFE1E47-EA14-472C-85A3-773C1C6295FE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

"UDP Query User{ECB44AC9-CB2F-4380-A43A-A36313EBF36A}C:\users\loren reinoso\downloads\bittorrent-7.2.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\downloads\bittorrent-7.2.exe |

"UDP Query User{F50CD3E2-BCFB-4256-8D91-0006320DF6B7}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 26

"{28D16A18-5A36-48F1-A869-090AEA602032}" = SymNet

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director

"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home

"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}" = Thinkpad Wireless LAN Adapters Software (11a/b/g/n)

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92AD5564-AFE0-4CED-B7D1-370896752872}" = ThinkPad Mobility Center Customization

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center

"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad

"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F533A90F-4E9E-4A17-A085-BD285B6AA57A}" = Sibelius Scorch (all browsers)

"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0

"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant

"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)

"1B609D7E6D10BAF8F2B5CB6A0A89867EF7F61A3E" = Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)

"2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)

"33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)

"38884E3EBEF76FE8FCF8DF8349FE73E84B85632C" = Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)

"38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)

"4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)

"530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)

"5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)

"67CCAA793684CADDDCD55BAD807632E611CA05D2" = Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)

"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)

"787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0

"avast" = avast! Free Antivirus

"AwayTask" = Maintenance Manager

"BHODemon_is1" = BHODemon 2.0.0.23

"Carbonite Setup Lite" = Carbonite Online Backup Setup

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem

"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista

"E40782D0B0D2A7F661A275F639A54DDA57386FB8" = Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)

"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)

"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista

"HDMI" = Intel® Graphics Media Accelerator Driver

"Lenovo Registration" = Lenovo Registration

"LENOVO.SMIIF" = Lenovo System Interface Driver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)

"MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.4.2

"OnScreenDisplay" = On Screen Display

"Opera 11.51.1087" = Opera 11.51

"PC Cleaners" = PC Cleaners

"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows

"Picasa 3" = Picasa 3

"Power Management Driver" = ThinkPad Power Management Driver

"PROPLUS" = Microsoft Office Professional Plus 2007

"PROSet" = Intel® PRO Network Connections Drivers

"Sibelius 6 Student_is1" = Sibelius 6 Student

"SpywareBlaster_is1" = SpywareBlaster 4.4

"SpywareGuard_is1" = SpywareGuard v2.2

"StartNow Toolbar" = StartNow Toolbar

"SynTPDeinstKey" = ThinkPad UltraNav Driver

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"aaa" = aaa

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 9/14/2011 9:45:40 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/14/2011 9:45:40 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/14/2011 9:45:40 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/14/2011 9:45:41 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/14/2011 9:45:41 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/14/2011 9:45:43 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/14/2011 9:45:43 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/14/2011 9:45:44 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/14/2011 9:45:44 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 9/15/2011 3:01:19 AM | Computer Name = LorenReinoso-PC | Source = MsiInstaller | ID = 10005

Description =

[ OSession Events ]

Error - 8/20/2011 11:25:27 AM | Computer Name = LorenReinoso-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1332

seconds with 1140 seconds of active time. This session ended with a crash.

Error - 9/29/2011 10:28:12 PM | Computer Name = LorenReinoso-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95535

seconds with 5820 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 10/15/2011 11:57:28 AM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516

Description =

Error - 10/15/2011 12:37:29 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516

Description =

Error - 10/15/2011 12:37:29 PM | Computer Name = LorenReinoso-PC | Source = TPM | ID = 393229

Description = The device driver for the Trusted Platform Module (TPM) encountered

a non-recoverable error in the TPM hardware, which prevents TPM services (such

as data encryption) from being used. For further help, please contact the computer

manufacturer.

Error - 10/15/2011 2:33:27 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516

Description =

Error - 10/15/2011 4:59:31 PM | Computer Name = LorenReinoso-PC | Source = DCOM | ID = 10010

Description =

Error - 10/15/2011 4:59:31 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516

Description =

Error - 10/15/2011 5:39:32 PM | Computer Name = LorenReinoso-PC | Source = TPM | ID = 393229

Description = The device driver for the Trusted Platform Module (TPM) encountered

a non-recoverable error in the TPM hardware, which prevents TPM services (such

as data encryption) from being used. For further help, please contact the computer

manufacturer.

Error - 10/15/2011 5:39:32 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516

Description =

Error - 10/15/2011 6:22:37 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516

Description =

Error - 10/15/2011 6:22:37 PM | Computer Name = LorenReinoso-PC | Source = TPM | ID = 393229

Description = The device driver for the Trusted Platform Module (TPM) encountered

a non-recoverable error in the TPM hardware, which prevents TPM services (such

as data encryption) from being used. For further help, please contact the computer

manufacturer.

< End of report >

Link to post
Share on other sites

  • Staff

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Hi,

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

It didn't ask for me to reboot the computer. Is that a problem?

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.