manus Posted October 9, 2011 ID:483724 Share Posted October 9, 2011 My computers been running really slow lately. I suspect I've been infected. Here are the Malwarebytes Quickscan Log and the GMER log. I couldn't get the DDS.scr to work. It just wouldn't open.Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 7910Windows 6.0.6002 Service Pack 2Internet Explorer 9.0.8112.1642110/9/2011 6:02:30 PMmbam-log-2011-10-09 (18-02-28).txtScan type: Quick scanObjects scanned: 172985Time elapsed: 12 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Also, BHODemon says I have a bunch of BHOs. I'm attaching the BHO file I found as well.Also, my protection software are: Avast!, Malwarebytes, BHODemon, and SpywareBlasterark.zipsglog.zip Link to post Share on other sites More sharing options...
manus Posted October 12, 2011 Author ID:484711 Share Posted October 12, 2011 My computers been running really slow lately. I suspect I've been infected. Here are the Malwarebytes Quickscan Log and the GMER log. I couldn't get the DDS.scr to work. It just wouldn't open.Malwarebytes' Anti-Malware 1.51.2.1300www.malwarebytes.orgDatabase version: 7910Windows 6.0.6002 Service Pack 2Internet Explorer 9.0.8112.1642110/9/2011 6:02:30 PMmbam-log-2011-10-09 (18-02-28).txtScan type: Quick scanObjects scanned: 172985Time elapsed: 12 minute(s), 53 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Also, BHODemon says I have a bunch of BHOs. I'm attaching the BHO file I found as well.Also, my protection software are: Avast!, Malwarebytes, BHODemon, and SpywareBlasterCan anyone help me with this? Link to post Share on other sites More sharing options...
Staff screen317 Posted October 14, 2011 Staff ID:485848 Share Posted October 14, 2011 Hi and welcome to Malwarebytes.Download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.Click Run Scan and let the program run uninterrupted.It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.You may need to use two posts to get it all. Link to post Share on other sites More sharing options...
manus Posted October 15, 2011 Author ID:486159 Share Posted October 15, 2011 OTL.Txt:OTL logfile created on: 10/15/2011 6:36:36 PM - Run 1OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Loren Reinoso\DownloadsWindows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.74% Memory free4.15 Gb Paging File | 2.20 Gb Available in Paging File | 52.88% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 66.13 Gb Total Space | 7.43 Gb Free Space | 11.23% Space Free | Partition Type: NTFSComputer Name: LORENREINOSO-PC | User Name: Loren Reinoso | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2011/10/15 18:31:59 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Loren Reinoso\Downloads\OTL.exePRC - [2011/09/06 16:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exePRC - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exePRC - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exePRC - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\System Update\SUService.exePRC - [2010/12/14 10:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exePRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exePRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2008/01/20 22:23:59 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exePRC - [2007/11/29 14:04:00 | 000,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exePRC - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exePRC - [2007/09/11 01:43:54 | 000,067,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exePRC - [2007/08/22 20:26:46 | 000,167,936 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exePRC - [2007/08/09 14:11:06 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exePRC - [2007/08/09 13:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exePRC - [2007/07/05 18:49:06 | 000,124,200 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exePRC - [2007/07/05 18:48:58 | 000,419,112 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exePRC - [2007/07/05 18:48:50 | 000,091,432 | ---- | M] (Lenovo) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exePRC - [2007/03/29 16:11:50 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exePRC - [2007/03/29 16:11:48 | 001,604,400 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exePRC - [2007/03/09 01:49:42 | 000,066,176 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exePRC - [2007/03/08 00:16:48 | 000,073,776 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exePRC - [2007/03/02 01:07:28 | 000,055,936 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exePRC - [2007/02/05 18:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXEPRC - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\Windows\System32\IPSSVC.EXEPRC - [2007/01/08 23:03:26 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exePRC - [2006/12/28 22:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exePRC - [2006/11/15 19:21:56 | 000,217,176 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exePRC - [2006/11/15 19:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exePRC - [2006/11/07 06:51:40 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXEPRC - [2006/09/06 03:39:10 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exePRC - [2005/06/19 12:59:30 | 000,946,176 | ---- | M] (Definitive Solutions, Inc.) -- C:\Program Files\BHODemon 2\BHODemon.exePRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exePRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exePRC - [2003/07/19 17:48:42 | 000,118,784 | ---- | M] () -- C:\Program Files\MRU-Blaster\scheduler.exe========== Modules (No Company Name) ==========MOD - [2011/07/08 07:53:06 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dllMOD - [2011/05/04 07:53:15 | 003,182,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dllMOD - [2011/03/29 06:53:25 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllMOD - [2009/03/30 00:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dllMOD - [2009/03/30 00:42:18 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dllMOD - [2009/03/30 00:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dllMOD - [2009/03/30 00:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dllMOD - [2007/12/06 13:11:00 | 000,120,368 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\PWMIF32V.DLLMOD - [2007/12/06 13:11:00 | 000,026,624 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLLMOD - [2007/08/22 19:26:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLibrary.dllMOD - [2007/08/22 19:26:56 | 000,020,480 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadDataObjects.dllMOD - [2007/08/22 19:24:18 | 000,007,680 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\en-US\LocalizationWrapper.resources.dllMOD - [2007/08/22 19:24:16 | 000,024,576 | ---- | M] () -- C:\Program Files\Lenovo\Camera Center\bin\LocalizationWrapper.dllMOD - [2007/04/14 09:30:56 | 000,139,264 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\CDRecord.dllMOD - [2007/03/29 16:02:48 | 000,126,976 | ---- | M] () -- C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dllMOD - [2007/03/29 15:42:38 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dllMOD - [2007/01/25 02:25:52 | 000,069,720 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dllMOD - [2007/01/08 22:08:24 | 000,110,592 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dllMOD - [2006/11/30 04:17:14 | 000,079,408 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPLHMM.dllMOD - [2006/11/10 00:26:02 | 000,030,256 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dllMOD - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exeMOD - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exeMOD - [2003/07/19 17:48:42 | 000,118,784 | ---- | M] () -- C:\Program Files\MRU-Blaster\scheduler.exe========== Win32 Services (SafeList) ==========SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)SRV - [2011/09/06 16:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)SRV - [2011/07/27 07:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)SRV - [2011/04/18 14:11:40 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)SRV - [2009/11/05 11:32:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2007/09/11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)SRV - [2007/08/09 13:36:36 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)SRV - [2007/07/05 18:48:54 | 000,206,120 | ---- | M] (Lenovo) [Disabled | Stopped] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)SRV - [2007/07/05 18:48:50 | 000,091,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)SRV - [2007/03/02 01:07:28 | 000,055,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)SRV - [2007/02/05 18:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)SRV - [2007/01/29 23:05:02 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Windows\System32\IPSSVC.EXE -- (IPSSVC)SRV - [2007/01/08 23:03:26 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)SRV - [2006/11/15 19:20:46 | 000,634,988 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)========== Driver Services (SafeList) ==========DRV - [2011/09/06 16:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)DRV - [2011/09/06 16:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)DRV - [2011/09/06 16:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)DRV - [2011/09/06 16:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)DRV - [2011/09/06 16:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)DRV - [2011/09/06 16:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)DRV - [2011/07/04 13:50:06 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)DRV - [2009/11/01 13:18:48 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)DRV - [2009/08/03 20:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)DRV - [2009/08/03 20:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)DRV - [2009/08/03 20:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)DRV - [2009/08/03 20:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)DRV - [2009/08/03 20:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)DRV - [2009/08/03 20:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)DRV - [2009/02/17 07:15:41 | 000,060,800 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rdwm1093.sys -- (RDID1093)DRV - [2008/03/05 18:43:32 | 000,223,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®DRV - [2008/01/20 22:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)DRV - [2007/12/06 13:11:00 | 000,012,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)DRV - [2007/10/17 22:58:16 | 000,758,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)DRV - [2007/10/16 21:33:00 | 000,103,472 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\Apsx86.sys -- (Shockprf)DRV - [2007/10/16 21:32:00 | 000,019,504 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)DRV - [2007/08/08 07:42:00 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)DRV - [2007/07/29 22:54:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)DRV - [2007/07/29 21:42:00 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)DRV - [2007/06/08 14:15:20 | 000,194,362 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)DRV - [2007/05/22 18:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)DRV - [2007/05/22 03:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)DRV - [2007/02/16 18:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)DRV - [2006/11/28 03:44:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)DRV - [2006/11/06 04:24:56 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PROCDD.SYS -- (PROCDD)DRV - [2006/08/30 06:04:04 | 000,013,744 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)DRV - [2004/02/04 12:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ieIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ieIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Search Results"FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"FF - prefs.js..browser.search.order.1: "Search Results"FF - prefs.js..browser.search.selectedEngine: "Google"FF - prefs.js..browser.search.update: falseFF - prefs.js..browser.search.useDBForOrder: trueFF - prefs.js..browser.startup.homepage: "http://www.google.com/"FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.5331FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86FF - prefs.js..extensions.enabledItems: inboxcomtoolbar@inbox.com:1.0.0.31FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&q="FF - prefs.js..network.proxy.autoconfig_url: "http://luke.oratoryprep.edu/proxy/proxy.pac"FF - prefs.js..network.proxy.type: 2FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.3: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22: C:\Program Files\Musicnotes\npsibelius.dll ()FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Loren Reinoso\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Loren Reinoso\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/09/15 18:22:30 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/27 19:52:55 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/03 19:45:33 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FCF36B88-1BBA-487f-B64B-D2E8980A9293}: C:\Program Files\Lenovo\Client Security Solution\PWM Firefox Extension [2009/10/30 01:11:43 | 000,000,000 | ---D | M][2011/07/04 19:12:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Extensions[2010/11/13 00:19:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com[2011/09/29 14:01:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions[2010/04/27 07:35:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2011/09/15 21:56:54 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}[2011/06/01 10:05:26 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}[2010/05/02 11:26:28 | 000,000,000 | ---D | M] ("Inbox Toolbar") -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\extensions\inboxcomtoolbar@inbox.com[2010/03/25 21:12:01 | 000,002,267 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\searchplugins\aim-search-1.xml[2009/10/30 22:01:34 | 000,004,554 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\searchplugins\aim-search.xml[2010/11/01 07:54:28 | 000,010,017 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Mozilla\Firefox\Profiles\4qot43l1.default\searchplugins\mywebsearch.xml[2011/10/07 11:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions[2011/01/03 18:51:35 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}[2010/06/16 13:26:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}[2010/08/16 13:14:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}[2010/10/27 08:28:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}[2011/01/19 16:09:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}[2011/02/22 18:23:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}[2011/10/07 11:28:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}[2010/09/01 18:26:58 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com[2011/09/15 18:22:30 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF[2011/09/27 19:52:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll[2009/09/03 18:37:30 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll[2009/09/03 18:58:36 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll[2011/09/27 19:52:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml[2009/09/21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml[2011/07/04 13:34:32 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Loren Reinoso\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dllCHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dllCHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dllCHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLLCHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\Loren Reinoso\AppData\Local\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Loren Reinoso\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dllCHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dllCHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dllCHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dllCHR - plugin: Default Plug-in (Enabled) = default_pluginCHR - Extension: avast! WebRep = C:\Users\Loren Reinoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO1 - Hosts: ::1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {58BECA16-CAE6-4B7A-A0E8-153D0CBBA63A} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo)O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)O4 - HKLM..\Run: [bLOG] C:\Program Files\ThinkPad\Utilities\BTVLOGEX.DLL ()O4 - HKLM..\Run: [CameraApplicationLauncher] C:\Program Files\Lenovo\Camera Center\bin\CameraApplicationLaunchPadLauncher.exe ()O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)O4 - HKLM..\Run: [LenovoOobeOffers] c:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe (lenovo)O4 - HKLM..\Run: [PC Cleaners] C:\Program Files\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)O4 - HKLM..\Run: [startNowToolbarHelper] "C:\Program Files\StartNow Toolbar\ToolbarHelper.exe" File not foundO4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe (Definitive Solutions, Inc.)O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Registration.lnk = C:\Program Files\Lenovo Registration\Lenovo.exe (Leader Technologies/Lenovo)O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe ()O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe ()O4 - Startup: C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E2FBC04-B306-466F-941E-6EDB082E72BE}: DhcpNameServer = 172.17.239.253O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEDCBF05-B248-4D2E-BF8D-3EAB8F9F50B7}: DhcpNameServer = 68.87.64.150 68.87.75.198O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O33 - MountPoints2\{03560a04-d2ab-11de-8360-001fe2167f41}\Shell - "" = AutoRunO33 - MountPoints2\{03560a04-d2ab-11de-8360-001fe2167f41}\Shell\AutoRun\command - "" = E:\StartHere.exe /sO33 - MountPoints2\{9ed6aac5-de6c-11de-bdde-001fe2167f41}\Shell - "" = AutoRunO33 - MountPoints2\{9ed6aac5-de6c-11de-bdde-001fe2167f41}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO33 - MountPoints2\{acba0442-2010-11e0-b549-002268ede505}\Shell - "" = AutoRunO33 - MountPoints2\{acba0442-2010-11e0-b549-002268ede505}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO33 - MountPoints2\{f073c9fa-e067-11e0-b868-002268ede505}\Shell - "" = AutoRunO33 - MountPoints2\{f073c9fa-e067-11e0-b868-002268ede505}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=trueO33 - MountPoints2\{f234cd7b-c7a4-11de-a29b-001fe2167f41}\Shell - "" = AutoRunO33 - MountPoints2\{f234cd7b-c7a4-11de-a29b-001fe2167f41}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -aO33 - MountPoints2\D\Shell - "" = AutoRunO33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe /autorunO34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*========== Files/Folders - Created Within 30 Days ==========[2011/10/14 08:00:54 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{6B69E196-F75E-4662-BF56-373B070B2FF0}[2011/10/14 03:14:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2011/10/14 03:14:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll[2011/10/14 03:14:25 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll[2011/10/14 03:14:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2011/10/14 03:14:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll[2011/10/13 18:50:35 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll[2011/10/13 18:50:35 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax[2011/10/13 18:50:34 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax[2011/10/13 18:50:34 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax[2011/10/13 18:50:32 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys[2011/10/13 18:46:28 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll[2011/10/13 18:46:26 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll[2011/10/10 19:31:35 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{7058A00B-DE4B-484F-9C5D-62919AAB4B65}[2011/10/10 19:31:13 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{BAD4F736-0340-4D63-B33D-4E745215B460}[2011/10/09 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{9CFAEDE0-3CFB-43B0-846B-EF518AF48996}[2011/10/09 17:00:50 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{4ED32FB7-7197-4399-8B53-2ADAC39EB18C}[2011/10/09 15:50:06 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Roaming\PC Cleaners[2011/10/09 15:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BHODemon 2.0[2011/10/09 15:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\BHODemon 2[2011/10/09 15:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners[2011/10/09 15:48:25 | 005,359,888 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe[2011/10/09 15:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data[2011/10/09 15:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaners[2011/10/09 15:40:24 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis[2011/10/09 15:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro[2011/10/07 11:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2011/10/07 11:28:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe[2011/10/07 11:28:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe[2011/10/07 11:28:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe[2011/10/07 10:44:43 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{77D2C7BD-DE71-4DD2-B20A-CE541FA545B6}[2011/10/06 21:24:26 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome[2011/10/05 09:27:42 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{5806C65C-F6F8-4D3E-BAF8-28C9BA914E26}[2011/10/05 09:27:26 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{7D7EBE77-289B-4AFF-977A-8D3DCE0C71B3}[2011/10/04 15:14:53 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{7D767DDA-9778-45AC-8B65-680F723C9A5F}[2011/10/04 15:14:18 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{36DEA3E3-2620-4C0F-8336-80E362DB58C3}[2011/10/02 16:05:54 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{D0A45758-BEA0-4E10-9CD8-D1669124ECA7}[2011/10/02 16:05:43 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{A3C6C758-08E3-45AD-8AF6-8E27E8390B83}[2011/09/30 20:49:21 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6[2011/09/30 20:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6[2011/09/29 22:28:04 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\Documents\opeds[2011/09/26 18:52:34 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{1F5DEC82-9B7A-4744-B2F8-C094633A41A7}[2011/09/26 18:52:28 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{9A31BEC4-8173-4B5B-9E1E-EA3CA81DFC9D}[2011/09/20 11:16:48 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{9817266D-A614-4A90-B72A-262B4393E9B4}[2011/09/20 11:15:57 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{ABF6191A-4BBB-4E62-AE98-3BC847509C10}[2011/09/20 09:57:02 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{2260E119-E7E9-4501-865D-E8B4DC3F25C4}[2011/09/19 08:24:44 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{3308CFE8-F9AD-4987-BDD5-0C9E90BC0B65}[2011/09/17 10:12:23 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{559E2452-C101-4E08-B0FA-716749056DF3}[2011/09/16 09:34:43 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{BB8AAF34-F1AE-48BE-8E97-7492E9B29A86}[2011/09/16 09:33:17 | 000,000,000 | ---D | C] -- C:\Users\Loren Reinoso\AppData\Local\{0C1A3B7A-6098-4403-A78D-BC279010F163}[2011/09/15 21:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar[2009/10/30 00:43:27 | 000,167,936 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll[2009/10/30 00:43:27 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll[2 C:\Users\Loren Reinoso\Documents\*.tmp files -> C:\Users\Loren Reinoso\Documents\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2011/10/15 18:27:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619907014-1815358231-1267549849-1000UA.job[2011/10/15 18:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2011/10/15 18:02:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2011/10/15 16:59:38 | 000,004,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2011/10/15 16:59:38 | 000,004,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2011/10/15 11:32:29 | 000,002,587 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\Microsoft Office Word 2007.lnk[2011/10/15 10:23:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2011/10/14 22:07:08 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619907014-1815358231-1267549849-1000Core.job[2011/10/14 07:54:07 | 000,025,269 | ---- | M] () -- C:\Windows\System32\PROCDB.INI[2011/10/14 07:53:34 | 000,000,380 | ---- | M] () -- C:\Windows\System32\IPSCtrl.INI[2011/10/14 07:53:06 | 000,432,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT[2011/10/14 03:42:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat[2011/10/14 03:06:09 | 000,620,606 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2011/10/14 03:06:09 | 000,109,616 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2011/10/09 17:08:13 | 000,000,166 | ---- | M] () -- C:\Users\Loren Reinoso\defogger_reenable[2011/10/09 17:01:52 | 000,000,955 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Registration.lnk[2011/10/09 16:24:02 | 000,002,499 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\HiJackThis.lnk[2011/10/09 15:49:00 | 000,000,768 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk[2011/10/09 15:49:00 | 000,000,732 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\BHODemon 2.0.lnk[2011/10/09 15:48:07 | 005,359,888 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe[2011/10/07 10:33:53 | 000,002,032 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Local\d3d9caps.dat[2011/10/07 10:33:38 | 000,002,454 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\vba.ini[2011/10/07 10:30:58 | 000,001,100 | ---- | M] () -- C:\Users\Loren Reinoso\AppData\Local\d3d8caps.dat[2011/10/06 21:24:41 | 000,002,092 | ---- | M] () -- C:\Users\Loren Reinoso\Desktop\Google Chrome.lnk[2011/10/06 21:24:41 | 000,002,054 | ---- | M] () -- C:\Users\Loren Reinoso\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2 C:\Users\Loren Reinoso\Documents\*.tmp files -> C:\Users\Loren Reinoso\Documents\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]========== Files Created - No Company Name ==========[2011/10/09 17:08:12 | 000,000,166 | ---- | C] () -- C:\Users\Loren Reinoso\defogger_reenable[2011/10/09 17:01:52 | 000,000,955 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lenovo Registration.lnk[2011/10/09 15:49:00 | 000,000,768 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BHODemon 2.0.lnk[2011/10/09 15:49:00 | 000,000,732 | ---- | C] () -- C:\Users\Loren Reinoso\Desktop\BHODemon 2.0.lnk[2011/10/09 15:40:24 | 000,002,499 | ---- | C] () -- C:\Users\Loren Reinoso\Desktop\HiJackThis.lnk[2011/10/06 21:24:41 | 000,002,092 | ---- | C] () -- C:\Users\Loren Reinoso\Desktop\Google Chrome.lnk[2011/10/06 21:24:41 | 000,002,054 | ---- | C] () -- C:\Users\Loren Reinoso\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2011/10/06 21:22:49 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619907014-1815358231-1267549849-1000UA.job[2011/10/06 21:22:47 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1619907014-1815358231-1267549849-1000Core.job[2010/07/19 21:19:12 | 000,001,100 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Local\d3d8caps.dat[2010/05/23 19:52:11 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll[2010/05/21 22:15:09 | 000,000,604 | -H-- | C] () -- C:\Program Files\STST Notifier[2010/05/21 21:55:52 | 000,007,168 | ---- | C] () -- C:\Windows\System32\RdCi1093.dll[2010/05/21 21:55:52 | 000,004,088 | ---- | C] () -- C:\Windows\System32\Rd3t1093.DAT[2009/12/01 15:58:37 | 000,118,784 | ---- | C] () -- C:\Windows\System32\LabProCo.dll[2009/11/27 14:59:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI[2009/11/20 13:28:24 | 000,026,112 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/11/08 18:56:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll[2009/11/08 18:56:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin[2009/11/08 18:55:37 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe[2009/11/03 22:15:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin[2009/10/31 20:56:29 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat[2009/10/30 00:56:47 | 002,115,816 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll[2009/10/30 00:49:05 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll[2009/10/30 00:49:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll[2009/10/30 00:49:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll[2009/10/30 00:43:28 | 009,598,080 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys[2009/10/30 00:43:28 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini[2009/10/30 00:38:56 | 000,012,080 | ---- | C] () -- C:\Windows\System32\drivers\TPPWR32V.SYS[2009/10/30 00:29:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat[2009/10/29 21:36:49 | 000,002,032 | ---- | C] () -- C:\Users\Loren Reinoso\AppData\Local\d3d9caps.dat[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe[2008/10/07 16:13:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll[2008/10/07 16:03:26 | 001,498,700 | ---- | C] () -- C:\Windows\System32\igkrng400.bin[2007/08/15 03:51:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll[2007/07/27 02:37:40 | 000,025,269 | ---- | C] () -- C:\Windows\System32\PROCDB.INI[2007/07/27 02:37:29 | 000,000,380 | ---- | C] () -- C:\Windows\System32\IPSCtrl.INI[2007/03/29 15:42:38 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll[2006/11/02 08:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2006/11/02 08:47:43 | 000,432,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT[2006/11/02 06:33:01 | 000,620,606 | ---- | C] () -- C:\Windows\System32\perfh009.dat[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat[2006/11/02 06:33:01 | 000,109,616 | ---- | C] () -- C:\Windows\System32\perfc009.dat[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat[2006/09/05 17:20:36 | 000,079,400 | ---- | C] () -- C:\Windows\System32\DEVMAN.DLL[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll========== Alternate Data Streams ==========@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:84098FD3< End of report > Link to post Share on other sites More sharing options...
manus Posted October 15, 2011 Author ID:486161 Share Posted October 15, 2011 Extras.TxtOTL Extras logfile created on: 10/15/2011 6:36:36 PM - Run 1OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Loren Reinoso\DownloadsWindows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.74% Memory free4.15 Gb Paging File | 2.20 Gb Available in Paging File | 52.88% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 66.13 Gb Total Space | 7.43 Gb Free Space | 11.23% Space Free | Partition Type: NTFSComputer Name: LORENREINOSO-PC | User Name: Loren Reinoso | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation).hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"UacDisableNotify" = 1"InternetSettingsDisableNotify" = 1"AutoUpdateDisableNotify" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = Reg Error: Unknown registry data type -- File not found"VistaSp2" = Reg Error: Unknown registry data type -- File not found[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{04F98220-7EE6-45F6-9B84-6A365812428A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{055292F7-072C-4BE7-904B-52FCA71D0BD1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1911C3D6-B8B6-4E5F-AB0B-FDE78FF912D3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{324763FD-8412-4601-89C3-600A70092785}" = rport=138 | protocol=17 | dir=out | app=system | "{37775BA9-2BC8-4081-9997-A6821C0C720F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4762B2B8-BD5D-4178-862E-EEFE18502F97}" = lport=137 | protocol=17 | dir=in | app=system | "{5487476D-9897-462F-A119-0F7C65845B03}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{5EA7F7C2-90FA-415E-AAE9-3D28A1063857}" = lport=138 | protocol=17 | dir=in | app=system | "{64FC88C2-B236-4150-91D6-E09D0C9FF23E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{65B63A9E-E682-4C0E-9C36-2BCB9CAFFCC8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{70020751-87DA-48F5-9BC6-E791218B4EDE}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{74CDE7D3-75B1-49E7-B029-A102008E73EF}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{77F4B97A-E12C-49E6-93C5-E5D05155510C}" = rport=139 | protocol=6 | dir=out | app=system | "{7A315509-9B9F-4158-A889-F27D8DB13026}" = lport=445 | protocol=6 | dir=in | app=system | "{8508B8EF-8EFA-4D87-BB83-CA7B29008F5B}" = lport=139 | protocol=6 | dir=in | app=system | "{88032049-F09C-4FD0-996B-0BC2B23AD9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{9ABA4337-7792-472B-9B29-1345BE2B7774}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AAD0E22B-9843-4F37-97E6-6EFB254982E1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{ACE797F4-0E38-4E88-9436-586FD994A6B7}" = lport=2869 | protocol=6 | dir=in | app=system | "{AE4AD853-B735-4130-A365-EE2E4484839F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C3AE64C5-D6C6-4494-BC24-F8F68FAC2134}" = rport=137 | protocol=17 | dir=out | app=system | "{C6FE2032-352F-4E45-9D24-6667D15190AB}" = rport=445 | protocol=6 | dir=out | app=system | "{CC30DC2E-6380-4C2D-B776-344F86FA978E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{02B23C9C-4F10-48AE-8DC7-CC284853FE00}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{11041F08-0D9E-43FE-8256-8E7E24A87313}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{24420D97-0040-4759-8C10-FA7A0A14F1EE}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{3D6DBA03-6BCE-40DF-A2C5-6D92846E232F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{6449A243-8EB0-4065-8695-C73FAAEB7F37}" = protocol=6 | dir=in | app=c:\users\loren reinoso\appdata\local\f4\clientupdater\clientupdater.exe | "{66594EE0-53E9-4784-8453-1EA51F2DF69B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{70A70D4E-DDA2-423F-BBDC-E59E96160ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{76B9E8F6-C90C-44D1-A01A-16552E92C902}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "{7AA6878C-0803-47C2-9E48-7AB46280351D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7E17CE8B-CC6A-4CF8-BF83-2731C8F8FDBA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{7F602A14-97D1-4AFB-9CB0-45CB772E0A2B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7F8F637B-9D91-42B2-AF45-A5ECBA639F8D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{8499B524-ADEA-4845-BB78-25448E41B0B9}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{97376732-0C6C-44B7-8EF0-9A85C4796F05}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{B1F55480-A081-4BF4-AB93-7B3329EADB31}" = protocol=17 | dir=in | app=c:\program files\empire of sports\empireofsports.exe | "{BD905BED-DBFA-44EA-95AC-ABD9B77DFF53}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{C2AF9732-5CB1-4A18-8285-38C21489B1AF}" = protocol=6 | dir=in | app=c:\program files\empire of sports\empireofsports.exe | "{CB16BDD6-6C3A-4B41-B097-8692D5C764AC}" = protocol=17 | dir=in | app=c:\users\loren reinoso\appdata\local\f4\clientupdater\clientupdater.exe | "{E29AF5F0-FD5A-4443-BAD4-CC3C456E3C91}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{F2C15665-DD8B-4122-972F-B99605941082}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | "{FB714E71-310F-4B83-AC5A-9B678F479731}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "TCP Query User{06100173-A960-448D-88F5-F1620FFC3438}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe | "TCP Query User{07803B31-FC97-47EF-AA59-4C4035EEC54A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{43992E7E-1AEF-4DB7-AE18-1E3BA2FC0E35}C:\program files\lucasarts\star wars battlefront ii pc server\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii pc server\battlefrontii.exe | "TCP Query User{4BE617EE-A107-458F-B046-1DDD0D5317B3}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe | "TCP Query User{6280002E-3E2B-4C68-B6F1-92971E8981C5}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{74E1067C-CD3E-4126-BAFF-B979A444E2F6}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe | "TCP Query User{78355911-0131-41AF-AAD6-CE3B33388FCA}C:\users\loren reinoso\downloads\bittorrent-7.2.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\downloads\bittorrent-7.2.exe | "TCP Query User{7ACCA628-59D3-4CE6-821B-5DCB1ADFFEF4}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{7FD6D717-146E-4FC6-8EEC-EBC81850BCFA}C:\users\loren reinoso\documents\pocket tanks\pockettanks.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\documents\pocket tanks\pockettanks.exe | "TCP Query User{84BF4F70-6279-4666-8B4B-88669B370C2E}C:\program files\lucasarts\star wars battlefront ii pc server\swbf2sm.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii pc server\swbf2sm.exe | "TCP Query User{960558B8-2FF0-4CB4-A0D2-EBED3554ACE3}C:\program files\microsoft games\impossible creatures\ic.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\impossible creatures\ic.exe | "TCP Query User{BF5C37FF-2BE7-4F08-910C-D0DF8FEF46E8}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "TCP Query User{BFE23646-3337-462D-AEEA-18D9B065CD94}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe | "TCP Query User{E24A12C5-F7C8-491F-953D-E574889882F1}C:\users\loren reinoso\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\appdata\roaming\imvuclient\1vivoxvoice.exe | "TCP Query User{F5C28D4C-BE56-4757-B4A0-F7A4EAD4949D}C:\users\loren reinoso\desktop\visualboyadvance.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\desktop\visualboyadvance.exe | "TCP Query User{F7872400-6029-40BC-A3A8-6C32CA9EA822}C:\users\loren reinoso\downloads\pocket tanks\pockettanks.exe" = protocol=6 | dir=in | app=c:\users\loren reinoso\downloads\pocket tanks\pockettanks.exe | "TCP Query User{FEBE1B54-D88F-4CC9-96A7-DAB003144867}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{02925D32-BE36-43BE-B878-D4FC7784879E}C:\program files\lucasarts\star wars battlefront ii pc server\swbf2sm.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii pc server\swbf2sm.exe | "UDP Query User{043101B8-7E66-4BA2-83C1-497DC5E7702A}C:\program files\microsoft games\impossible creatures\ic.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\impossible creatures\ic.exe | "UDP Query User{056F7DE6-980E-493F-806C-27346F7F75D1}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe | "UDP Query User{170399FB-7810-4DC1-BF2C-ADAD97B867B1}C:\program files\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\miro_downloader.exe | "UDP Query User{3063F7DB-A284-4934-A9B4-67C62CBF7100}C:\users\loren reinoso\documents\pocket tanks\pockettanks.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\documents\pocket tanks\pockettanks.exe | "UDP Query User{660E67BD-197B-420B-AB24-A8B9B90F633A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{8B78E8F1-DE58-4746-88FA-E113C74D8006}C:\users\loren reinoso\appdata\roaming\imvuclient\1vivoxvoice.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\appdata\roaming\imvuclient\1vivoxvoice.exe | "UDP Query User{8D7C1187-0FEF-49C2-A3BD-A7E20866F05F}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{9508ED99-1793-4E94-84EF-E8D1CCBC0F11}C:\users\loren reinoso\desktop\visualboyadvance.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\desktop\visualboyadvance.exe | "UDP Query User{9AD74278-7575-48C7-9BF1-FD308F027551}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{AC63AAF9-67BF-41A8-99BA-349C7DA9B4E9}C:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars galactic battlegrounds saga\game\battlegrounds_x1.exe | "UDP Query User{AFDE9C95-9E89-450C-8509-5F1F2166BC1F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{B152F1ED-23E9-42A3-BABA-F1D9AD744ED5}C:\users\loren reinoso\downloads\pocket tanks\pockettanks.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\downloads\pocket tanks\pockettanks.exe | "UDP Query User{B1D49FDD-39A7-4B94-A94E-7CCF5E84D693}C:\program files\lucasarts\star wars battlefront ii pc server\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii pc server\battlefrontii.exe | "UDP Query User{BBFE1E47-EA14-472C-85A3-773C1C6295FE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "UDP Query User{ECB44AC9-CB2F-4380-A43A-A36313EBF36A}C:\users\loren reinoso\downloads\bittorrent-7.2.exe" = protocol=17 | dir=in | app=c:\users\loren reinoso\downloads\bittorrent-7.2.exe | "UDP Query User{F50CD3E2-BCFB-4256-8D91-0006320DF6B7}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = ThinkPad Bluetooth with Enhanced Data Rate Software 6.0.1.4900"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0F4EFCE8-E358-4430-A504-F55F32BA1816}" = Client Security Solution"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 26"{28D16A18-5A36-48F1-A869-090AEA602032}" = SymNet"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}" = Registry patch to improve USB device detection on resume from sleep for Windows Vista"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director"{668ACF05-E455-4932-A2D2-5822A8206FEB}" = Camera Center"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Home"{7E4C16B8-8F76-4940-8505-98E93C00BF19}" = Rescue and Recovery"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{8485F313-4B62-42F3-ADD8-0DE34A4DDAEF}" = Thinkpad Wireless LAN Adapters Software (11a/b/g/n)"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{92AD5564-AFE0-4CED-B7D1-370896752872}" = ThinkPad Mobility Center Customization"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkPad"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F533A90F-4E9E-4A17-A085-BD285B6AA57A}" = Sibelius Scorch (all browsers)"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"1A96FF9D9E5F19776E6749D8F6557FCC437EB294" = Windows Driver Package - Ricoh Company MS Host Controller (07/30/2007 6.00.01.11)"1B609D7E6D10BAF8F2B5CB6A0A89867EF7F61A3E" = Windows Driver Package - Intel (e1express) Net (04/26/2007 9.7.240.0)"2B6D818F3939804B01D509A4234EFE979CAAADCA" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)"33B90F7893A16FA92E149B05C5B46C501B4202CD" = Windows Driver Package - Lenovo (IBMPMDRV) System (05/31/2007 1.43)"38884E3EBEF76FE8FCF8DF8349FE73E84B85632C" = Windows Driver Package - Ricoh Company MMC Host Controller (08/08/2007 6.00.03.02)"38C8E8384B1D0355BE6B7A0EE5ACD9EA7122E268" = Windows Driver Package - Intel hdc (11/15/2006 8.2.0.1011)"4CF15B23EAB3D8AAA1E32F8ED986D8811D81835D" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1008)"530B366ABB8F4E0087E6FB2DE3609611DF9D8D27" = Windows Driver Package - Intel USB (09/15/2006 8.0.0.1008)"5B35493BBF3623E997EADC90AFF8AA66DF7A114F" = Windows Driver Package - Intel System (09/15/2006 8.2.0.1000)"67CCAA793684CADDDCD55BAD807632E611CA05D2" = Windows Driver Package - Intel (iaStor) hdc (02/12/2007 7.0.0.1020)"778DAA8FB0D52FC214BC306BBDC33E26ACAB6F44" = Windows Driver Package - Ricoh Company xD Host Controller (07/30/2007 6.00.01.13)"787E3A824531CE2DB2180F5CFAD00B052D0E389E" = Windows Driver Package - Intel System (09/15/2006 8.0.0.1010)"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0"avast" = avast! Free Antivirus"AwayTask" = Maintenance Manager"BHODemon_is1" = BHODemon 2.0.0.23"Carbonite Setup Lite" = Carbonite Online Backup Setup"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588" = ThinkPad Modem"Dipmon" = Registry Patch of Enabling Device Initiated Power Management(DIPM) on SATA for Windows Vista"E40782D0B0D2A7F661A275F639A54DDA57386FB8" = Windows Driver Package - Intel hdc (12/06/2006 6.8.0.3002)"E6CEFD9A59425A2A27E92572AB367B28C371D3D8" = Windows Driver Package - Intel System (09/15/2006 7.0.0.1011)"FPIRPOn" = Registry patch of Changing Timing of IDLE IRP by Finger Print Driver for Windows Vista "HDMI" = Intel® Graphics Media Accelerator Driver"Lenovo Registration" = Lenovo Registration"LENOVO.SMIIF" = Lenovo System Interface Driver"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Mozilla Firefox 7.0 (x86 en-US)" = Mozilla Firefox 7.0 (x86 en-US)"MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.4.2"OnScreenDisplay" = On Screen Display"Opera 11.51.1087" = Opera 11.51"PC Cleaners" = PC Cleaners"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows"Picasa 3" = Picasa 3"Power Management Driver" = ThinkPad Power Management Driver"PROPLUS" = Microsoft Office Professional Plus 2007"PROSet" = Intel® PRO Network Connections Drivers"Sibelius 6 Student_is1" = Sibelius 6 Student"SpywareBlaster_is1" = SpywareBlaster 4.4"SpywareGuard_is1" = SpywareGuard v2.2"StartNow Toolbar" = StartNow Toolbar"SynTPDeinstKey" = ThinkPad UltraNav Driver"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier"USBPMon" = Registry patch for Windows Vista USB S3 PM Enablement"WinLiveSuite" = Windows Live Essentials"WinRAR archiver" = WinRAR 4.00 beta 4 (32-bit)========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"aaa" = aaa"Google Chrome" = Google Chrome========== Last 10 Event Log Errors ==========[ Application Events ]Error - 9/14/2011 9:45:40 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013Description = Error - 9/14/2011 9:45:40 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013Description = Error - 9/14/2011 9:45:40 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013Description = Error - 9/14/2011 9:45:41 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013Description = Error - 9/14/2011 9:45:41 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013Description = Error - 9/14/2011 9:45:43 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013Description = Error - 9/14/2011 9:45:43 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013Description = Error - 9/14/2011 9:45:44 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013Description = Error - 9/14/2011 9:45:44 PM | Computer Name = LorenReinoso-PC | Source = Windows Search Service | ID = 3013Description = Error - 9/15/2011 3:01:19 AM | Computer Name = LorenReinoso-PC | Source = MsiInstaller | ID = 10005Description = [ OSession Events ]Error - 8/20/2011 11:25:27 AM | Computer Name = LorenReinoso-PC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1332 seconds with 1140 seconds of active time. This session ended with a crash.Error - 9/29/2011 10:28:12 PM | Computer Name = LorenReinoso-PC | Source = Microsoft Office 12 Sessions | ID = 7001Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 95535 seconds with 5820 seconds of active time. This session ended with a crash.[ System Events ]Error - 10/15/2011 11:57:28 AM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516Description = Error - 10/15/2011 12:37:29 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516Description = Error - 10/15/2011 12:37:29 PM | Computer Name = LorenReinoso-PC | Source = TPM | ID = 393229Description = The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.Error - 10/15/2011 2:33:27 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516Description = Error - 10/15/2011 4:59:31 PM | Computer Name = LorenReinoso-PC | Source = DCOM | ID = 10010Description = Error - 10/15/2011 4:59:31 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516Description = Error - 10/15/2011 5:39:32 PM | Computer Name = LorenReinoso-PC | Source = TPM | ID = 393229Description = The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.Error - 10/15/2011 5:39:32 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516Description = Error - 10/15/2011 6:22:37 PM | Computer Name = LorenReinoso-PC | Source = Microsoft-Windows-TBS | ID = 516Description = Error - 10/15/2011 6:22:37 PM | Computer Name = LorenReinoso-PC | Source = TPM | ID = 393229Description = The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.< End of report > Link to post Share on other sites More sharing options...
Staff screen317 Posted October 18, 2011 Staff ID:486878 Share Posted October 18, 2011 Hi,Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
manus Posted October 23, 2011 Author ID:488060 Share Posted October 23, 2011 Hi,Download the file TDSSKiller.zip and extract it into a folder on the infected PC.Execute the file TDSSKiller.exe by double-clicking on it.Wait for the scan and disinfection process to be over.When its work is over, the utility prompts for a reboot to complete the disinfection.By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).The log is like UtilityName.Version_Date_Time_log.txt.for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.Please post that log here.Please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317It didn't ask for me to reboot the computer. Is that a problem? Link to post Share on other sites More sharing options...
Staff screen317 Posted October 27, 2011 Staff ID:489425 Share Posted October 27, 2011 Where are the reports they created? Link to post Share on other sites More sharing options...
Staff screen317 Posted October 31, 2011 Staff ID:490659 Share Posted October 31, 2011 Are you still with us? This topic will be closed in a few days if we do not hear back from you. Link to post Share on other sites More sharing options...
Staff screen317 Posted November 12, 2011 Staff ID:493766 Share Posted November 12, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts