Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Save Tube Video Malware

Started by Geny , Feb 12 2011 03:33 PM

  • This topic is locked This topic is locked

#1
Geny
Posted 12 February 2011 - 03:33 PM

Geny

    New Member

  • Member
  • Pip
  • 7 posts
I've recently made the stupid and ignorant mistake of downloading Save Tube Video. After discovering that it in fact, does not work, I found, of course too late, multiple complains of this software being malware, yet its effects seem to vary. Most claim the malware modifies your computer files and then disappears without a trace.

Effects/Symptoms:
My internet homepage in both Internet Explorer 7 and Firefox 3.6.13 has been changed to Google Custom Search showing about:Tabs in the browser search bar. I then went to View - Source (in Internet Explorer 7) which opened a Notepad file showing www.landing.savetubevideo[1] - Notepad in the header and html code in the rest of the document.

My attempts at removing this malware/virus:
Logically the first thing I did was uninstall Save Tube Video, deactivate its add-on in Firefox and run a Virus Scan with Symantec Endpoint Protection. No malware showed that could not be deleted , but the problem still remained. I did a search of my computer for all files associated with Savetube and deleted these with Killbox (including two other programs that were installed with Save Tube Video: K-Lite Codec Pack and another). I ended up reinstalling Firefox 3.6.13 and was able to get rid of the Google Custom Search homepage in both Firefox and Internet Explorer 7, however, when opening a new tab in Internet Explorer 7, which is supposed to go to the homepage, it still redirects to the Google Custom Search page, and in the Google toolbar, instead of showing the Google logo, it shows: www.google-feed.net. In my Firefox profile I was able to discover a XML document named GoogleFeed inside of a searchplugins folder containing html code.

I deleted this, but still the problem remains. A peculiar thing happened just yesterday (about a week after downloading Save Tuve Video). I've always used an animated mouse cursor (not a downloaded one), yet it had returned to the standard pointer. When I went to change it back, however, and error message popped up saying the file with cursors was either missing or corrupt. I followed the file path leading to a hidden file on my computer and discovered the entire folder was empty. I downloaded a new set of the standard Windows cursors and checked that I had not accidentally deleted the file (which I had not).

OTL Log:

OTL logfile created on: 12/02/2011 12:54:31 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 361.00 Mb Available Physical Memory | 36.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.84 Gb Total Space | 18.67 Gb Free Space | 26.73% Space Free | Partition Type: NTFS

Computer Name: GENEVIEVE | User Name: Genevieve Luyt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/12 12:15:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs\OTL.exe
PRC - [2010/12/03 11:43:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 11:43:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/10 10:00:30 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/10 09:58:28 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/04/01 21:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/04/01 21:26:50 | 000,181,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
PRC - [2010/01/25 14:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/09/26 11:02:04 | 002,356,088 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
PRC - [2008/04/13 16:12:40 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/05 11:00:08 | 000,630,784 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007/02/28 15:45:22 | 000,507,904 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/01/29 20:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/07 02:03:00 | 000,081,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
PRC - [2006/11/07 02:03:00 | 000,053,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
PRC - [2006/11/07 02:03:00 | 000,040,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
PRC - [2006/10/01 17:19:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/09/22 01:30:20 | 000,037,680 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2006/09/12 09:23:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/07/14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006/07/14 18:05:32 | 000,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006/07/14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006/07/14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/07/14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/07/14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/07/04 08:11:00 | 000,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2006/03/15 19:04:48 | 000,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/11/13 22:23:20 | 000,487,424 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
PRC - [2005/11/04 12:18:00 | 000,024,576 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpPenMon.exe
PRC - [2005/07/12 10:55:00 | 000,094,208 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\tp4serv.exe
PRC - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/05/19 16:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/02/16 15:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/08/29 02:41:28 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tabbtnu.exe
PRC - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2011/02/12 12:15:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 18:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2008/04/13 16:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 16:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 16:11:58 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfp.dll
MOD - [2008/04/13 09:37:57 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2008/04/13 08:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll
MOD - [2002/08/29 02:41:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/10 10:00:30 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 21:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/01 19:47:08 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/07 02:03:00 | 000,081,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe -- (ASRSVC)
SRV - [2006/11/07 02:03:00 | 000,053,248 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe -- (TabletSVC)
SRV - [2006/09/22 01:30:20 | 000,037,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/07/14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006/07/14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006/07/14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006/07/14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2020/02/02 20:10:30 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2011/02/06 00:00:00 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010/12/17 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110211.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110211.006\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/02 10:47:43 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/19 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/19 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/08 11:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/08 11:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/08 11:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/12/18 14:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/12/04 09:55:56 | 000,141,656 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMUXMIDI.sys -- (EMUXMIDI)
DRV - [2009/12/02 15:02:10 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/09/03 15:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 15:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/04/13 10:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 10:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 10:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/11/07 02:03:00 | 000,006,656 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMSMI32.sys -- (TSMSMI)
DRV - [2006/09/27 18:31:28 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/09/27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/09/22 01:30:16 | 000,019,888 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2006/09/07 03:53:22 | 000,874,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/08/17 09:55:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006/07/14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006/07/14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2006/06/19 18:56:48 | 000,178,688 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/04/25 19:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/04/19 22:06:50 | 000,181,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/03/15 17:08:00 | 000,088,576 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2005/12/05 18:21:32 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
DRV - [2005/12/05 18:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005/12/05 18:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
DRV - [2005/11/14 17:03:36 | 000,007,463 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tkbtnpn.sys -- (HBtnKey)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/07/12 10:55:00 | 000,013,840 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2005/07/04 21:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005/06/20 12:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2005/05/19 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/19 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/19 05:33:00 | 000,086,940 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/19 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/19 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/19 05:33:00 | 000,014,909 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/19 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/19 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/19 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/03/24 03:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/03/24 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/09/30 23:08:38 | 000,018,048 | R--- | M] (CASIO COMPUTER CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pl40rwdm.sys -- (PL-40R)
DRV - [2004/08/03 14:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/12 05:27:18 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/10 04:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/12/19 21:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.shaw.ca/start/enCA/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.1
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/06 16:54:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 16:27:58 | 000,000,000 | ---D | M]

[2010/10/13 09:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Extensions
[2011/02/10 21:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions
[2011/02/08 23:04:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/10 21:16:17 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\[email protected]
[2011/02/12 11:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\wbclpmeg\extensions
[2011/02/12 11:28:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\wbclpmeg\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/10 21:16:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/10 16:28:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2008/11/02 11:32:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 09:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 09:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 09:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 09:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [IBMTBCTL] C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Snippet] C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\Help\splshwrp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TpPenMon] C:\WINDOWS\System32\TpPenMon.exe (Lenovo.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TSMResident] C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Genevieve Luyt\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1180465178937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Ink Desktop) - {80E95280-2D38-3CB8-A215-FB5F14C4343E}
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 15:14:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2020/02/02 20:19:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2020/02/02 20:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Lenovo
[2020/02/02 20:14:15 | 000,000,000 | RHSD | C] -- C:\RRbackups
[2020/02/02 20:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\SMI2
[2020/02/02 20:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\TVT SMBus
[2020/02/02 20:10:36 | 000,000,000 | ---D | C] -- C:\SWSHARE
[2020/02/02 20:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Picasa2
[2020/02/02 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2020/02/02 20:09:13 | 000,010,368 | ---- | C] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys
[2020/02/02 20:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo Virtual Drive
[2020/02/02 20:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2020/02/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2020/02/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec Client Security
[2020/02/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2020/02/02 20:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2020/02/02 20:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Zinio
[2020/02/02 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Zinio
[2020/02/02 20:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zinio
[2020/02/02 20:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2020/02/02 20:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2020/02/02 20:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkVantage
[2020/02/02 20:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2020/02/02 20:00:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2020/02/02 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Education Pack for Tablet PC
[2020/02/02 20:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Education Pack
[2020/02/02 19:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Experience Pack for Tablet PC
[2020/02/02 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Experience Pack
[2020/02/02 19:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2020/02/02 19:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2020/02/02 19:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2020/02/02 19:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2020/02/02 19:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2020/02/02 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetWaiting
[2020/02/02 19:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2020/02/02 19:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2020/02/02 19:54:26 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2020/02/02 19:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
[2020/02/02 19:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2020/02/02 19:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2020/02/02 19:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2020/02/02 19:52:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2020/02/02 19:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2020/02/02 19:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThinkVantage
[2020/02/02 19:52:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2020/02/02 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2020/02/02 19:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Installshield
[2020/02/02 19:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2020/02/02 19:47:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2020/02/02 19:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2020/02/02 19:43:37 | 000,098,304 | ---- | C] (Atmel, Inc.) -- C:\WINDOWS\System32\TPMDDL.dll
[2020/02/02 19:43:37 | 000,015,872 | ---- | C] (Atmel, Inc.) -- C:\WINDOWS\System32\drivers\atmeltpm.sys
[2020/02/02 19:43:32 | 000,000,000 | ---D | C] -- C:\drivers
[2020/02/02 19:37:39 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[2020/02/02 19:37:21 | 000,000,000 | ---D | C] -- C:\VALUEADD
[2020/02/02 19:37:20 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2020/02/02 19:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2020/02/02 19:37:20 | 000,000,000 | ---D | C] -- C:\SUPPORT
[2020/02/02 19:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2020/02/02 19:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2020/02/02 19:37:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2020/02/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2020/02/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2020/02/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2020/02/02 19:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2020/02/02 19:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2020/02/02 19:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2020/02/02 19:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2020/02/02 19:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2020/02/02 19:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2020/02/02 19:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2020/02/02 19:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2020/02/02 19:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2020/02/02 19:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2020/02/02 19:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2020/02/02 19:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2020/02/02 19:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2020/02/02 19:36:58 | 000,000,000 | R--D | C] -- C:\Program Files
[2020/02/02 19:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2020/02/02 19:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2020/02/02 19:36:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2020/02/02 19:36:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2020/02/02 19:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2020/02/02 19:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2020/02/02 19:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tablet PC
[2020/02/02 19:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2020/02/02 19:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2020/02/02 19:36:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2020/02/02 19:36:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2020/02/02 19:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2020/02/02 19:36:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2020/02/02 19:36:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2020/02/02 19:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2020/02/02 19:36:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2020/02/02 19:36:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2020/02/02 19:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2020/02/02 19:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2020/02/02 19:36:46 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2020/02/02 19:36:46 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2020/02/02 19:36:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2020/02/02 19:36:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2020/02/02 19:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2020/02/02 19:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2020/02/02 19:36:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2020/02/02 19:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2020/02/02 19:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2020/02/02 19:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2020/02/02 19:36:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2020/02/02 19:36:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2020/02/02 19:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2020/02/02 19:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2020/02/02 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2020/02/02 19:36:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2020/02/02 19:36:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2020/02/02 19:36:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2020/02/02 19:36:06 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2020/02/02 19:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2020/02/02 19:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2020/02/02 19:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2020/02/02 19:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2020/02/02 19:36:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2020/02/02 19:36:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2020/02/02 19:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2020/02/02 19:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2020/02/02 19:35:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\dllcache
[2020/02/02 19:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2020/02/02 19:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2020/02/02 19:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2020/02/02 19:35:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2020/02/02 19:35:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2020/02/02 19:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2020/02/02 19:35:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2020/02/02 19:35:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2020/02/02 19:35:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2020/02/02 19:35:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2020/02/02 19:35:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2020/02/02 19:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2020/02/02 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2020/02/02 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2020/02/02 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2020/02/02 19:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2020/02/02 19:35:20 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2020/02/02 19:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2020/02/02 19:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2020/02/02 19:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2020/02/02 19:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2020/02/02 19:35:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.Net
[2020/02/02 19:35:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2020/02/02 19:34:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2020/02/02 19:34:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2020/02/02 19:34:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2020/02/02 19:34:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2020/02/02 19:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2020/02/02 19:34:32 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2020/02/02 19:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2020/02/02 19:34:22 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2020/02/02 19:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2020/02/02 19:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2020/02/02 19:34:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2020/02/02 19:34:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2020/02/02 19:34:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2020/02/02 19:34:00 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2020/02/02 19:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2020/02/02 19:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2020/02/02 19:33:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2020/02/02 19:33:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2020/02/02 19:33:44 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2020/02/02 19:33:13 | 000,000,000 | ---D | C] -- C:\CMPNENTS
[2020/02/02 19:31:49 | 000,000,000 | ---D | C] -- C:\I386
[2011/02/11 16:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\My Documents\gegl-0.0
[2011/02/10 22:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\vlc
[2011/02/10 22:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/10 22:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/02/10 21:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\My Documents\Blog Templates
[2011/02/06 16:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/02/06 16:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/06 10:51:43 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/02/05 21:40:21 | 001,818,678 | ---- | C] (Silicon Valley Software) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Anim8or.exe
[2011/02/05 21:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\My Documents\Animation
[2011/02/05 16:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs
[2011/02/05 16:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Desktop\M Office
[2011/01/25 22:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\skypePM
[2011/01/25 22:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/25 22:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/25 22:41:21 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/01/25 22:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Skype
[2011/01/25 22:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp files -> C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2020/02/02 20:19:27 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2020/02/02 20:19:22 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2020/02/02 20:10:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\AccConnAdvanced.html
[2020/02/02 20:08:58 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool 2.0.lnk
[2020/02/02 20:04:03 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2020/02/02 20:00:23 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Hexic Deluxe.lnk
[2020/02/02 20:00:23 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\GoBinder Lite.lnk
[2020/02/02 19:54:58 | 000,000,493 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2020/02/02 19:54:34 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\IBM_6366_4DU_TP.MRK
[2020/02/02 19:43:39 | 000,000,099 | ---- | M] () -- C:\syslevel.lgl
[2011/02/12 10:45:03 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\OneNote.lnk
[2011/02/12 10:40:58 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Word.lnk
[2011/02/12 10:01:48 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/12 10:00:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/12 10:00:40 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 22:03:07 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/10 20:52:21 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/10 20:52:02 | 000,445,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/10 20:52:02 | 000,072,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/09 17:46:06 | 000,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/06 16:54:03 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/06 16:54:03 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/05 23:22:09 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/02/05 22:57:20 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/05 21:39:59 | 001,818,678 | ---- | M] (Silicon Valley Software) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Anim8or.exe
[2011/02/05 13:55:30 | 000,000,521 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2011/02/05 13:36:12 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Powerpoint.lnk
[2011/02/04 20:24:29 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/02/04 20:24:28 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Adobe Photoshop 7.0.lnk
[2011/02/01 17:33:51 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/01/25 22:43:50 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/18 18:32:53 | 000,001,060 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\magicJack.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp files -> C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2020/02/02 20:19:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2020/02/02 20:19:06 | 000,000,740 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2020/02/02 20:10:32 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2020/02/02 20:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\AccConnAdvanced.html
[2020/02/02 20:09:15 | 001,440,056 | ---- | C] () -- C:\WINDOWS\800_ThinkPad.bmp
[2020/02/02 20:09:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2020/02/02 20:09:14 | 004,410,056 | ---- | C] () -- C:\WINDOWS\1400_ThinkPad.bmp
[2020/02/02 20:09:14 | 002,359,352 | ---- | C] () -- C:\WINDOWS\1024_ThinkPad.bmp
[2020/02/02 20:04:26 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2020/02/02 20:04:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2020/02/02 20:01:10 | 000,009,679 | ---- | C] () -- C:\WINDOWS\System32\msxml4r.cat
[2020/02/02 20:01:10 | 000,009,675 | ---- | C] () -- C:\WINDOWS\System32\msxml4.cat
[2020/02/02 20:01:01 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2020/02/02 20:00:23 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Hexic Deluxe.lnk
[2020/02/02 20:00:23 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\GoBinder Lite.lnk
[2020/02/02 19:55:17 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2020/02/02 19:55:03 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2020/02/02 19:55:02 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2020/02/02 19:55:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4701.dll
[2020/02/02 19:55:02 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2020/02/02 19:55:02 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2020/02/02 19:55:02 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2020/02/02 19:55:02 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2020/02/02 19:54:34 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\IBM_6366_4DU_TP.MRK
[2020/02/02 19:54:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2020/02/02 19:53:35 | 000,106,496 | ---- | C] () -- C:\WINDOWS\stkbtnpn.dll
[2020/02/02 19:52:43 | 000,025,214 | ---- | C] () -- C:\WINDOWS\System32\TpShocks.ICO
[2020/02/02 19:50:09 | 000,001,018 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2020/02/02 19:49:48 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2020/02/02 19:44:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2020/02/02 19:44:46 | 000,013,233 | ---- | C] () -- C:\WINDOWS\System32\tp4scrol.htm
[2020/02/02 19:43:41 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2020/02/02 19:43:37 | 000,002,790 | ---- | C] () -- C:\WINDOWS\System32\e1e5132.din
[2020/02/02 19:43:35 | 000,077,083 | ---- | C] () -- C:\WINDOWS\System32\tp4-sc.gif
[2020/02/02 19:43:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[2020/02/02 19:43:35 | 000,028,493 | ---- | C] () -- C:\WINDOWS\System32\tp4-mg.gif
[2020/02/02 19:43:35 | 000,005,788 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[2020/02/02 19:43:35 | 000,005,537 | ---- | C] () -- C:\WINDOWS\System32\tp4scrol.css
[2020/02/02 19:43:35 | 000,000,201 | ---- | C] () -- C:\WINDOWS\System32\tp4-note.gif
[2020/02/02 19:43:34 | 000,141,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2020/02/02 19:43:32 | 000,000,099 | ---- | C] () -- C:\syslevel.lgl
[2011/02/10 22:03:07 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/06 16:54:03 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/06 16:54:03 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/05 23:22:08 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/02/05 23:21:19 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/04 20:29:33 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2011/02/04 20:29:05 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/02/04 20:24:29 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/02/04 20:24:28 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Adobe Photoshop 7.0.lnk
[2011/01/25 22:43:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/25 22:41:35 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/02 10:17:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/09/02 10:17:39 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/09/02 10:17:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/09/02 10:15:00 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/02 10:07:49 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\Procdb.ini
[2010/06/14 18:21:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\$_hpcst$.hpc
[2010/03/21 17:40:38 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/03 20:20:25 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/12/02 18:16:47 | 000,001,627 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2008/10/13 14:09:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/07 14:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/13 20:32:13 | 000,000,172 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/04/09 16:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/02/15 23:22:37 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\PT4CJXFHYGGCXPMX73253MC85G
[2007/01/28 14:14:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/01/20 22:07:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/20 22:06:50 | 000,000,521 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/01/20 22:06:50 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/01/20 22:06:50 | 000,000,105 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/20 22:06:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/01/18 17:32:55 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 11:04:51 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2007/01/10 10:57:14 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\fusioncache.dat
[2007/01/09 19:55:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/01/09 19:55:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/01/09 19:55:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/01/09 19:55:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/01/09 19:55:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/01/09 19:55:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/09 19:54:54 | 000,000,187 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/10 20:04:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/10/10 20:04:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/09/14 08:59:23 | 001,490,999 | ---- | C] () -- C:\WINDOWS\System32\tkbtnpn1.dll
[2006/04/30 15:36:03 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 08:03:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/03 13:58:12 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2006/01/03 13:58:12 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2006/01/03 13:58:12 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2006/01/03 13:57:58 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/01/03 13:57:58 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/08/08 10:27:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2020/02/02 20:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2020/02/02 20:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2008/12/04 17:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2007/01/10 11:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/12/24 14:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2010/09/02 10:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/12/15 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2010/07/07 15:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/24 20:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Blender Foundation
[2010/01/06 22:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Clickteam
[2010/12/02 19:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\DigiCel
[2007/01/09 23:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\InterVideo
[2008/01/02 08:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Leadertech
[2010/09/02 09:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Lenovo
[2011/01/18 18:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\mjusbsp
[2007/01/10 17:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\MSNInstaller
[2010/11/02 15:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\ScanSoft
[2020/02/02 20:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\ThinkVantage

========== Purity Check ==========



< End of report >


Any help or advice would be greatly appreciated!
  • 0

Advertisements

#2
sempai
Posted 21 February 2011 - 03:42 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi Geny,

We're so sorry about the delay, please run another OTL scan and post the new report for my review. Thanks.
  • 0

#3
Geny
Posted 21 February 2011 - 06:54 PM

Geny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Dear Sempai,

The delay is no problem. I'm very greatful to be helped at all and under my standards very quickly! Thank you so much for your time and effort!

Quick scan:

OTL logfile created on: 21/02/2011 4:43:49 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 172.00 Mb Available Physical Memory | 17.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.84 Gb Total Space | 18.58 Gb Free Space | 26.61% Space Free | Partition Type: NTFS

Computer Name: GENEVIEVE | User Name: Genevieve Luyt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/12 12:15:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs\OTL.exe
PRC - [2010/12/03 11:43:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 11:43:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/04/16 22:12:38 | 000,113,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/10 10:00:30 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/10 09:58:28 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/04/01 21:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/01/25 14:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 16:12:40 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/28 15:45:22 | 000,507,904 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/01/29 20:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/07 02:03:00 | 000,081,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
PRC - [2006/11/07 02:03:00 | 000,053,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
PRC - [2006/11/07 02:03:00 | 000,040,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
PRC - [2006/10/01 17:19:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/09/22 01:30:20 | 000,037,680 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2006/09/12 09:23:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/07/14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006/07/14 18:05:32 | 000,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006/07/14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006/07/14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/07/14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/07/14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/07/04 08:11:00 | 000,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2006/03/15 19:04:48 | 000,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/11/13 22:23:20 | 000,487,424 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
PRC - [2005/11/04 12:18:00 | 000,024,576 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpPenMon.exe
PRC - [2005/07/12 10:55:00 | 000,094,208 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\tp4serv.exe
PRC - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/05/19 16:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/02/16 15:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/08/29 02:41:28 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tabbtnu.exe
PRC - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2011/02/12 12:15:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 16:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 16:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 16:11:58 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfp.dll
MOD - [2008/04/13 08:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll
MOD - [2002/08/29 02:41:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/10 10:00:30 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 21:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/01 19:47:08 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/07 02:03:00 | 000,081,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe -- (ASRSVC)
SRV - [2006/11/07 02:03:00 | 000,053,248 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe -- (TabletSVC)
SRV - [2006/09/22 01:30:20 | 000,037,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/07/14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006/07/14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006/07/14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006/07/14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2020/02/02 20:10:30 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2011/02/20 14:27:40 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010/12/17 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110220.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110220.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/02 10:47:43 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/19 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/19 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/08 11:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/08 11:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/08 11:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/12/18 14:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/12/04 09:55:56 | 000,141,656 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMUXMIDI.sys -- (EMUXMIDI)
DRV - [2009/12/02 15:02:10 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/09/03 15:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 15:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/04/13 10:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 10:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 10:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/11/07 02:03:00 | 000,006,656 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMSMI32.sys -- (TSMSMI)
DRV - [2006/09/27 18:31:28 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/09/27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/09/22 01:30:16 | 000,019,888 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2006/09/07 03:53:22 | 000,874,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/08/17 09:55:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006/07/14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006/07/14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2006/06/19 18:56:48 | 000,178,688 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/04/25 19:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/04/19 22:06:50 | 000,181,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/03/15 17:08:00 | 000,088,576 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2005/12/05 18:21:32 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
DRV - [2005/12/05 18:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005/12/05 18:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
DRV - [2005/11/14 17:03:36 | 000,007,463 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tkbtnpn.sys -- (HBtnKey)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/07/12 10:55:00 | 000,013,840 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2005/07/04 21:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005/06/20 12:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2005/05/19 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/19 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/19 05:33:00 | 000,086,940 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/19 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/19 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/19 05:33:00 | 000,014,909 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/19 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/19 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/19 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/03/24 03:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/03/24 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/09/30 23:08:38 | 000,018,048 | R--- | M] (CASIO COMPUTER CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pl40rwdm.sys -- (PL-40R)
DRV - [2004/08/03 14:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/12 05:27:18 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/10 04:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/12/19 21:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.shaw.ca/start/enCA/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.1
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/06 16:54:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 16:27:58 | 000,000,000 | ---D | M]

[2010/10/13 09:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Extensions
[2011/02/18 19:13:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions
[2011/02/08 23:04:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/10 21:16:17 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\[email protected]
[2011/02/12 11:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\wbclpmeg\extensions
[2011/02/12 11:28:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\wbclpmeg\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/20 15:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/10 16:28:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2008/11/02 11:32:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 09:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 09:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 09:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 09:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [IBMTBCTL] C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Snippet] C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\Help\splshwrp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TpPenMon] C:\WINDOWS\System32\TpPenMon.exe (Lenovo.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TSMResident] C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Genevieve Luyt\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1180465178937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Ink Desktop) - {80E95280-2D38-3CB8-A215-FB5F14C4343E}
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 15:14:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2020/02/02 20:19:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2020/02/02 20:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Lenovo
[2020/02/02 20:14:15 | 000,000,000 | RHSD | C] -- C:\RRbackups
[2020/02/02 20:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\SMI2
[2020/02/02 20:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\TVT SMBus
[2020/02/02 20:10:36 | 000,000,000 | ---D | C] -- C:\SWSHARE
[2020/02/02 20:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Picasa2
[2020/02/02 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2020/02/02 20:09:13 | 000,010,368 | ---- | C] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys
[2020/02/02 20:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo Virtual Drive
[2020/02/02 20:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2020/02/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2020/02/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec Client Security
[2020/02/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2020/02/02 20:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2020/02/02 20:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Zinio
[2020/02/02 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Zinio
[2020/02/02 20:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zinio
[2020/02/02 20:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2020/02/02 20:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2020/02/02 20:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkVantage
[2020/02/02 20:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2020/02/02 20:00:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2020/02/02 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Education Pack for Tablet PC
[2020/02/02 20:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Education Pack
[2020/02/02 19:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Experience Pack for Tablet PC
[2020/02/02 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Experience Pack
[2020/02/02 19:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2020/02/02 19:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2020/02/02 19:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2020/02/02 19:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2020/02/02 19:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2020/02/02 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetWaiting
[2020/02/02 19:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2020/02/02 19:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2020/02/02 19:54:26 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2020/02/02 19:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
[2020/02/02 19:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2020/02/02 19:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2020/02/02 19:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2020/02/02 19:52:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2020/02/02 19:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2020/02/02 19:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThinkVantage
[2020/02/02 19:52:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2020/02/02 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2020/02/02 19:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Installshield
[2020/02/02 19:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2020/02/02 19:47:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2020/02/02 19:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2020/02/02 19:43:37 | 000,098,304 | ---- | C] (Atmel, Inc.) -- C:\WINDOWS\System32\TPMDDL.dll
[2020/02/02 19:43:37 | 000,015,872 | ---- | C] (Atmel, Inc.) -- C:\WINDOWS\System32\drivers\atmeltpm.sys
[2020/02/02 19:43:32 | 000,000,000 | ---D | C] -- C:\drivers
[2020/02/02 19:37:39 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[2020/02/02 19:37:21 | 000,000,000 | ---D | C] -- C:\VALUEADD
[2020/02/02 19:37:20 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2020/02/02 19:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2020/02/02 19:37:20 | 000,000,000 | ---D | C] -- C:\SUPPORT
[2020/02/02 19:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2020/02/02 19:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2020/02/02 19:37:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2020/02/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2020/02/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2020/02/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2020/02/02 19:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2020/02/02 19:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2020/02/02 19:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2020/02/02 19:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2020/02/02 19:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2020/02/02 19:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2020/02/02 19:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2020/02/02 19:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2020/02/02 19:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2020/02/02 19:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2020/02/02 19:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2020/02/02 19:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2020/02/02 19:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2020/02/02 19:36:58 | 000,000,000 | R--D | C] -- C:\Program Files
[2020/02/02 19:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2020/02/02 19:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2020/02/02 19:36:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2020/02/02 19:36:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2020/02/02 19:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2020/02/02 19:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2020/02/02 19:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tablet PC
[2020/02/02 19:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2020/02/02 19:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2020/02/02 19:36:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2020/02/02 19:36:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2020/02/02 19:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2020/02/02 19:36:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2020/02/02 19:36:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2020/02/02 19:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2020/02/02 19:36:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2020/02/02 19:36:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2020/02/02 19:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2020/02/02 19:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2020/02/02 19:36:46 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2020/02/02 19:36:46 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2020/02/02 19:36:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2020/02/02 19:36:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2020/02/02 19:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2020/02/02 19:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2020/02/02 19:36:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2020/02/02 19:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2020/02/02 19:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2020/02/02 19:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2020/02/02 19:36:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2020/02/02 19:36:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2020/02/02 19:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2020/02/02 19:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2020/02/02 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2020/02/02 19:36:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2020/02/02 19:36:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2020/02/02 19:36:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2020/02/02 19:36:06 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2020/02/02 19:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2020/02/02 19:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2020/02/02 19:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2020/02/02 19:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2020/02/02 19:36:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2020/02/02 19:36:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2020/02/02 19:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2020/02/02 19:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2020/02/02 19:35:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\dllcache
[2020/02/02 19:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2020/02/02 19:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2020/02/02 19:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2020/02/02 19:35:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2020/02/02 19:35:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2020/02/02 19:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2020/02/02 19:35:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2020/02/02 19:35:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2020/02/02 19:35:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2020/02/02 19:35:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2020/02/02 19:35:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2020/02/02 19:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2020/02/02 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2020/02/02 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2020/02/02 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2020/02/02 19:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2020/02/02 19:35:20 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2020/02/02 19:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2020/02/02 19:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2020/02/02 19:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2020/02/02 19:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2020/02/02 19:35:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.Net
[2020/02/02 19:35:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2020/02/02 19:34:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2020/02/02 19:34:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2020/02/02 19:34:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2020/02/02 19:34:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2020/02/02 19:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2020/02/02 19:34:32 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2020/02/02 19:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2020/02/02 19:34:22 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2020/02/02 19:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2020/02/02 19:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2020/02/02 19:34:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2020/02/02 19:34:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2020/02/02 19:34:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2020/02/02 19:34:00 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2020/02/02 19:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2020/02/02 19:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2020/02/02 19:33:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2020/02/02 19:33:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2020/02/02 19:33:44 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2020/02/02 19:33:13 | 000,000,000 | ---D | C] -- C:\CMPNENTS
[2020/02/02 19:31:49 | 000,000,000 | ---D | C] -- C:\I386
[2011/02/11 16:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\My Documents\gegl-0.0
[2011/02/10 22:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\vlc
[2011/02/10 22:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/10 22:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/02/10 21:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\My Documents\Blog Templates
[2011/02/06 16:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/02/06 16:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/06 10:51:43 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/02/05 21:40:21 | 001,818,678 | ---- | C] (Silicon Valley Software) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Anim8or.exe
[2011/02/05 21:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\My Documents\Animation
[2011/02/05 16:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs
[2011/02/05 16:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Desktop\M Office
[2011/01/25 22:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\skypePM
[2011/01/25 22:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/25 22:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/25 22:41:21 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/01/25 22:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Skype
[2011/01/25 22:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp files -> C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2020/02/02 20:19:27 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2020/02/02 20:19:22 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2020/02/02 20:10:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\AccConnAdvanced.html
[2020/02/02 20:08:58 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool 2.0.lnk
[2020/02/02 20:04:03 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2020/02/02 20:00:23 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Hexic Deluxe.lnk
[2020/02/02 20:00:23 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\GoBinder Lite.lnk
[2020/02/02 19:54:58 | 000,000,493 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2020/02/02 19:54:34 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\IBM_6366_4DU_TP.MRK
[2020/02/02 19:43:39 | 000,000,099 | ---- | M] () -- C:\syslevel.lgl
[2011/02/21 16:33:46 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/21 16:32:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/21 16:32:09 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/20 21:50:28 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\OneNote.lnk
[2011/02/20 14:45:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\iTunes.lnk
[2011/02/18 23:03:48 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/17 01:23:13 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/15 20:34:24 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Word.lnk
[2011/02/10 22:03:07 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/10 20:52:21 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/10 20:52:02 | 000,445,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/10 20:52:02 | 000,072,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/09 17:46:06 | 000,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/06 16:54:03 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/06 16:54:03 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/05 23:22:09 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/02/05 21:39:59 | 001,818,678 | ---- | M] (Silicon Valley Software) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Anim8or.exe
[2011/02/05 13:55:30 | 000,000,521 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2011/02/05 13:36:12 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Powerpoint.lnk
[2011/02/04 20:24:29 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/01/25 22:43:50 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp files -> C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2020/02/02 20:19:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2020/02/02 20:19:06 | 000,000,740 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2020/02/02 20:10:32 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2020/02/02 20:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\AccConnAdvanced.html
[2020/02/02 20:09:15 | 001,440,056 | ---- | C] () -- C:\WINDOWS\800_ThinkPad.bmp
[2020/02/02 20:09:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2020/02/02 20:09:14 | 004,410,056 | ---- | C] () -- C:\WINDOWS\1400_ThinkPad.bmp
[2020/02/02 20:09:14 | 002,359,352 | ---- | C] () -- C:\WINDOWS\1024_ThinkPad.bmp
[2020/02/02 20:04:26 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2020/02/02 20:04:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2020/02/02 20:01:10 | 000,009,679 | ---- | C] () -- C:\WINDOWS\System32\msxml4r.cat
[2020/02/02 20:01:10 | 000,009,675 | ---- | C] () -- C:\WINDOWS\System32\msxml4.cat
[2020/02/02 20:01:01 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2020/02/02 20:00:23 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Hexic Deluxe.lnk
[2020/02/02 20:00:23 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\GoBinder Lite.lnk
[2020/02/02 19:55:17 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2020/02/02 19:55:03 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2020/02/02 19:55:02 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2020/02/02 19:55:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4701.dll
[2020/02/02 19:55:02 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2020/02/02 19:55:02 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2020/02/02 19:55:02 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2020/02/02 19:55:02 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2020/02/02 19:54:34 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\IBM_6366_4DU_TP.MRK
[2020/02/02 19:54:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2020/02/02 19:53:35 | 000,106,496 | ---- | C] () -- C:\WINDOWS\stkbtnpn.dll
[2020/02/02 19:52:43 | 000,025,214 | ---- | C] () -- C:\WINDOWS\System32\TpShocks.ICO
[2020/02/02 19:50:09 | 000,001,018 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2020/02/02 19:49:48 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2020/02/02 19:44:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2020/02/02 19:44:46 | 000,013,233 | ---- | C] () -- C:\WINDOWS\System32\tp4scrol.htm
[2020/02/02 19:43:41 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2020/02/02 19:43:37 | 000,002,790 | ---- | C] () -- C:\WINDOWS\System32\e1e5132.din
[2020/02/02 19:43:35 | 000,077,083 | ---- | C] () -- C:\WINDOWS\System32\tp4-sc.gif
[2020/02/02 19:43:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[2020/02/02 19:43:35 | 000,028,493 | ---- | C] () -- C:\WINDOWS\System32\tp4-mg.gif
[2020/02/02 19:43:35 | 000,005,788 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[2020/02/02 19:43:35 | 000,005,537 | ---- | C] () -- C:\WINDOWS\System32\tp4scrol.css
[2020/02/02 19:43:35 | 000,000,201 | ---- | C] () -- C:\WINDOWS\System32\tp4-note.gif
[2020/02/02 19:43:34 | 000,141,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2020/02/02 19:43:32 | 000,000,099 | ---- | C] () -- C:\syslevel.lgl
[2011/02/10 22:03:07 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/06 16:54:03 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/06 16:54:03 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/05 23:22:08 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/02/05 23:21:19 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/04 20:29:33 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2011/02/04 20:29:05 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/02/04 20:24:29 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/01/25 22:43:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/25 22:41:35 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/02 10:17:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/09/02 10:17:39 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/09/02 10:17:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/09/02 10:15:00 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/02 10:07:49 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\Procdb.ini
[2010/06/14 18:21:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\$_hpcst$.hpc
[2010/03/21 17:40:38 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/03 20:20:25 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/12/02 18:16:47 | 000,001,627 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2008/10/13 14:09:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/07 14:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/13 20:32:13 | 000,000,172 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/04/09 16:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/02/15 23:22:37 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\PT4CJXFHYGGCXPMX73253MC85G
[2007/01/28 14:14:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/01/20 22:07:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/20 22:06:50 | 000,000,521 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/01/20 22:06:50 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/01/20 22:06:50 | 000,000,105 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/20 22:06:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/01/18 17:32:55 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 11:04:51 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2007/01/10 10:57:14 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\fusioncache.dat
[2007/01/09 19:55:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/01/09 19:55:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/01/09 19:55:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/01/09 19:55:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/01/09 19:55:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/01/09 19:55:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/09 19:54:54 | 000,000,187 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/10 20:04:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/10/10 20:04:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/09/14 08:59:23 | 001,490,999 | ---- | C] () -- C:\WINDOWS\System32\tkbtnpn1.dll
[2006/04/30 15:36:03 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 08:03:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/03 13:58:12 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2006/01/03 13:58:12 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2006/01/03 13:58:12 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2006/01/03 13:57:58 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/01/03 13:57:58 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/08/08 10:27:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2020/02/02 20:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2020/02/02 20:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2008/12/04 17:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2007/01/10 11:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/12/24 14:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2010/09/02 10:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/12/15 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2010/07/07 15:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/24 20:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Blender Foundation
[2010/01/06 22:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Clickteam
[2010/12/02 19:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\DigiCel
[2007/01/09 23:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\InterVideo
[2008/01/02 08:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Leadertech
[2010/09/02 09:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Lenovo
[2011/01/18 18:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\mjusbsp
[2007/01/10 17:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\MSNInstaller
[2010/11/02 15:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\ScanSoft
[2020/02/02 20:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\ThinkVantage

========== Purity Check ==========



< End of report >
  • 0

#4
sempai
Posted 22 February 2011 - 04:54 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi Geny,

There are still registry remnants of "Save Tube Video", let's remove them.


1. Please reopen OTL on your desktop.
  • Copy and Paste the following code into the Custom Scan/Fixes text box. 

    :OTL
IE - HKCU\..\URLSearchHook: {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
[2011/02/10 21:16:17 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\[email protected]
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKCU..\Run: [updateMgr] File not found
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
  • Push the Run Fix button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A massage box "Fix complete! Click OK to open the fix log." will pop-up.
  • Click the OK button and a report will open.
  • Copy and Paste that report in your next reply.



2. Please download Malwarebytes' Anti-Malware from here:

MalwareBytes' AntiMalware download link

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


  • 0

#5
Geny
Posted 22 February 2011 - 07:21 PM

Geny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL Log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7BE8ED1-B138-48FD-BB22-9779A39130B1}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\updateMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:AVGRSSTX.DLL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs\cmd.bat deleted successfully.
C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Genevieve Luyt
->Temp folder emptied: 823120979 bytes
->Temporary Internet Files folder emptied: 116737427 bytes
->Java cache emptied: 85927828 bytes
->FireFox cache emptied: 107453471 bytes
->Flash cache emptied: 1746307 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 65938 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 8958481 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82898054 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91271216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 1103894702 bytes

Total Files Cleaned = 2,310.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Genevieve Luyt
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02222011_164219

Files\Folders moved on Reboot...
C:\Documents and Settings\Genevieve Luyt\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...



MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5847

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

22/02/2011 5:09:16 PM
mbam-log-2011-02-22 (17-09-16).txt

Scan type: Quick scan
Objects scanned: 160757
Time elapsed: 9 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} (Redir.GSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#6
sempai
Posted 23 February 2011 - 03:54 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

How's the computer running now?


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#7
Geny
Posted 23 February 2011 - 10:18 PM

Geny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
My computer seems to be running fine, thank you, but when I open a new tab in Internet Explorer 7, it still redirects to www.landing.savetubevideo.com. The tab displays 'Custom Google' so it seems to be a modified version of Google, yet when I go to settings, it is set to open new tabs as blank pages. I changed this to use my homepage (www.google.ca), but the same Custom Google remained. Perhaps the settings themselves were modidified?

The quick search option on the Google toolbar was also still set to www.google-feed.com, but I managed to manually change this back to Google. The question is how this got changed in the first place...

It isn't a problem as I use Firefox, but still rather odd. If those settings were modified, could others have been as well? Is there an easier way to set them back to their default or previous settings? With Firefox, I was able to get rid of the problem by reinstalling it, perhaps I should reinstall Internet Explorer?

And I noticed while looking through the OTL log:
IE - HKCU\..\URLSearchHook: {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - Reg Error: Key error. File not found
Is this error normal?

ESET: No threats were found

I don't know if this html file is any help, but this is the 'source' of the Custom Google (landing.savetubevideo.com[1] is displayed in the header of the Notepad document):

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR...ml4/loose.dtd">
<html>
<head>
<title>Custom search</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" href="style.css">
</head>
<body onload="document.s.q.focus();">
<div class="he24top">
<span style="display:none; ">
<!--LiveInternet counter--><script type="text/javascript">new Image().src = "http://counter.yadro...ru/hit;gfeed?r" + escape(document.referrer) + ((typeof(screen)=="undefined")?"" : ";s"+screen.width+"*"+screen.height+"*" + (screen.colorDepth?screen.colorDepth:screen.pixelDepth)) + ";u"+escape(document.URL) + ";h"+escape(document.title.substring(0,80)) + ";" +Math.random();</script><!--/LiveInternet-->
<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-11118168-2");
pageTracker._trackPageview();
} catch(err) {}</script>
</span>
</div>
<div class="he1blue"></div>
<div class="he29"></div>
<div align="center">
<div class="he29"></div>
<div class="he29"></div>
<form action="http://www.google.com/cse" id="cse-search-box" name="s">
<img src="img/powered.gif" border="0" align="absmiddle"><input type="text" name="q" value="" class="inpsearch">
<input type="submit" value="Search" class="but">
<input type="hidden" name="cx" value="partner-pub-4008570741716635:su8la4-8gpd" />
<input type="hidden" name="ie" value="UTF-8" />
<input type="hidden" name="sa" value="search" />
</form>
</div>
</body>
</html>
  • 0

#8
sempai
Posted 24 February 2011 - 07:17 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Hi,

Thanks for the detailed description of your problem.

And I noticed while looking through the OTL log:
IE - HKCU\..\URLSearchHook: {D7BE8ED1-B138-48FD-BB22-9779A39130B1} - Reg Error: Key error. File not found
Is this error normal?

This is a remnant of "savetubevideo" malware, we removed this registry remnant when we run the OTL fix and some more remnants was removed by MBAM.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7BE8ED1-B138-48FD-BB22-9779A39130B1} (Redir.GSearch) -> Quarantined and deleted successfully.



============================================

1. Restore Internet Explorer default settings.
  • Open Internet Explorer
  • Go to Tools > Internet Options
  • Click Advanced Tab
  • Under "Reset Internet Explorer setting", click the Reset Tab.
  • Put a check mark on Delete Personal Settings.
  • Click Apply > OK.

Note: Putting a check mark on Delete Personal Settings will reset your "Home page, Search providers and Accelerators" to default setting.




2. Please run another OTL scan and post the new report for my review. Thanks.
  • 0

#9
Geny
Posted 24 February 2011 - 06:46 PM

Geny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hooray! My Internet is working properly again!! Thank you so, so much! I'll be sure to be more cautious on the internet now, and learn from my mistakes. Thankfully this one was fixable! Once again, thanks ever so much!

OTL Log:

OTL logfile created on: 24/02/2011 4:32:52 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs
Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 205.00 Mb Available Physical Memory | 20.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.84 Gb Total Space | 20.69 Gb Free Space | 29.62% Space Free | Partition Type: NTFS

Computer Name: GENEVIEVE | User Name: Genevieve Luyt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/12 12:15:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs\OTL.exe
PRC - [2010/12/03 11:43:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/03 11:43:55 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/16 22:12:38 | 000,113,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Mail\wlmail.exe
PRC - [2010/04/16 18:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/04/10 10:00:30 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/04/10 09:58:28 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/04/01 21:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/01/25 14:35:56 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/01/25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/04/13 16:12:40 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wisptis.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/28 15:45:22 | 000,507,904 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/01/29 20:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/11/13 12:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 12:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/11/07 02:03:00 | 000,081,920 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
PRC - [2006/11/07 02:03:00 | 000,053,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
PRC - [2006/11/07 02:03:00 | 000,040,960 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
PRC - [2006/10/01 17:19:48 | 000,094,208 | ---- | M] () -- C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2006/09/22 01:30:20 | 000,037,680 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2006/09/12 09:23:00 | 000,237,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
PRC - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/07/14 18:13:14 | 002,341,632 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2006/07/14 18:05:32 | 000,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006/07/14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2006/07/14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
PRC - [2006/07/14 17:42:22 | 000,723,712 | ---- | M] (IBM) -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
PRC - [2006/07/14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2006/07/14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006/07/14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2006/07/04 08:11:00 | 000,110,592 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
PRC - [2006/03/15 19:04:48 | 000,106,496 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) -- C:\WINDOWS\system32\TpShocks.exe
PRC - [2005/11/13 22:23:20 | 000,487,424 | ---- | M] (LENOVO) -- C:\Program Files\ThinkVantage\AMSG\Amsg.exe
PRC - [2005/11/04 12:18:00 | 000,024,576 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpPenMon.exe
PRC - [2005/07/12 10:55:00 | 000,094,208 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\tp4serv.exe
PRC - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TPHDEXLG.exe
PRC - [2005/05/19 16:11:06 | 000,925,696 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2005/02/16 15:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/08/29 02:41:28 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tabbtnu.exe
PRC - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


========== Modules (SafeList) ==========

MOD - [2011/02/12 12:15:12 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 16:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
MOD - [2008/04/13 16:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 16:11:58 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msctfp.dll
MOD - [2008/04/13 08:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll
MOD - [2002/08/29 02:41:08 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Journal\nbmaptip.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (PsaSrv)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/10 10:00:30 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/04/01 21:31:46 | 001,822,296 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/04/01 19:47:08 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/01/25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/01/25 14:35:30 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/07 02:03:00 | 000,081,920 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe -- (ASRSVC)
SRV - [2006/11/07 02:03:00 | 000,053,248 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe -- (TabletSVC)
SRV - [2006/09/22 01:30:20 | 000,037,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/07/14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006/07/14 18:01:00 | 001,974,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2006/07/14 17:42:22 | 000,723,712 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService)
SRV - [2006/07/14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006/07/14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/20 12:15:00 | 000,077,824 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


========== Driver Services (SafeList) ==========

DRV - [2020/02/02 20:10:30 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2011/02/20 14:27:40 | 000,005,427 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)
DRV - [2010/12/17 01:00:00 | 001,360,760 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110223.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/12/17 01:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110223.019\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/02 10:47:43 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/19 00:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/19 00:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/08 11:59:14 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/03/08 11:59:14 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/03/08 11:59:14 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/12/18 14:42:12 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/12/04 09:55:56 | 000,141,656 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EMUXMIDI.sys -- (EMUXMIDI)
DRV - [2009/12/02 15:02:10 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/09/03 15:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 15:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/04/13 10:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008/04/13 10:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 10:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 10:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 10:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/11/07 02:03:00 | 000,006,656 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMSMI32.sys -- (TSMSMI)
DRV - [2006/09/27 18:31:28 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/09/27 02:36:24 | 001,709,696 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/09/22 01:30:16 | 000,019,888 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2006/09/07 03:53:22 | 000,874,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/08/17 09:55:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/14 17:27:22 | 000,012,544 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2006/07/14 17:03:04 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2006/07/14 15:55:12 | 000,003,968 | ---- | M] (IBM Corp.) [Kernel | Auto | Running] -- C:\Program Files\SMI2\smi2.sys -- (smi2)
DRV - [2006/06/19 18:56:48 | 000,178,688 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/04/25 19:13:20 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/04/19 22:06:50 | 000,181,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/03/15 17:08:00 | 000,088,576 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\shockprf.sys -- (Shockprf)
DRV - [2005/12/05 18:21:32 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_dpv.sys -- (HSF_DPV)
DRV - [2005/12/05 18:20:48 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsxhwazl.sys -- (HSXHWAZL)
DRV - [2005/12/05 18:20:42 | 000,670,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hsx_cnxt.sys -- (winachsf)
DRV - [2005/11/14 17:03:36 | 000,007,463 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tkbtnpn.sys -- (HBtnKey)
DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2005/07/12 10:55:00 | 000,013,840 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tp4track.sys -- (Tp4Track)
DRV - [2005/07/04 21:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005/06/20 12:18:00 | 000,004,736 | ---- | M] (Lenovo.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShockMgr.sys -- (ShockMgr)
DRV - [2005/05/19 05:33:00 | 000,100,605 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2005/05/19 05:33:00 | 000,098,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2005/05/19 05:33:00 | 000,086,940 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2005/05/19 05:33:00 | 000,034,845 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2005/05/19 05:33:00 | 000,025,725 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2005/05/19 05:33:00 | 000,014,909 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2005/05/19 05:33:00 | 000,006,365 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2005/05/19 05:33:00 | 000,004,125 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2005/05/19 05:33:00 | 000,002,241 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2005/05/17 10:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2005/03/24 03:22:00 | 000,088,352 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2005/03/24 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/12/02 11:04:20 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/12/02 11:04:10 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/09/30 23:08:38 | 000,018,048 | R--- | M] (CASIO COMPUTER CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pl40rwdm.sys -- (PL-40R)
DRV - [2004/08/03 14:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/12 05:27:18 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/10 04:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/12/19 21:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 04:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.shaw.ca/start/enCA/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.shaw.ca/start/enCA/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/06 16:54:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/10 16:27:58 | 000,000,000 | ---D | M]

[2010/10/13 09:04:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Extensions
[2011/02/23 17:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions
[2011/02/08 23:04:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\rk11ugok.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/12 11:28:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\wbclpmeg\extensions
[2011/02/12 11:28:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Genevieve Luyt\Application Data\Mozilla\Firefox\Profiles\wbclpmeg\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/23 17:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/10 16:28:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2008/11/02 11:32:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 09:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 09:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 09:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 09:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 03:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [IBMTBCTL] C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Snippet] C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\Help\splshwrp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TpPenMon] C:\WINDOWS\System32\TpPenMon.exe (Lenovo.)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4serv.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TSMResident] C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [cdloader] C:\Documents and Settings\Genevieve Luyt\Application Data\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1180465178937 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\tabbtnwl.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Ink Desktop) - {80E95280-2D38-3CB8-A215-FB5F14C4343E}
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 15:14:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2020/02/02 20:19:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2020/02/02 20:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Lenovo
[2020/02/02 20:14:15 | 000,000,000 | RHSD | C] -- C:\RRbackups
[2020/02/02 20:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\SMI2
[2020/02/02 20:10:39 | 000,000,000 | ---D | C] -- C:\Program Files\TVT SMBus
[2020/02/02 20:10:36 | 000,000,000 | ---D | C] -- C:\SWSHARE
[2020/02/02 20:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\Picasa2
[2020/02/02 20:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2020/02/02 20:09:13 | 000,010,368 | ---- | C] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys
[2020/02/02 20:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo Virtual Drive
[2020/02/02 20:09:09 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2020/02/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2020/02/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec Client Security
[2020/02/02 20:03:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2020/02/02 20:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2020/02/02 20:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Zinio
[2020/02/02 20:01:34 | 000,000,000 | ---D | C] -- C:\Program Files\Zinio
[2020/02/02 20:01:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Zinio
[2020/02/02 20:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2020/02/02 20:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2020/02/02 20:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkVantage
[2020/02/02 20:00:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2020/02/02 20:00:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2020/02/02 20:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Education Pack for Tablet PC
[2020/02/02 20:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Education Pack
[2020/02/02 19:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Experience Pack for Tablet PC
[2020/02/02 19:58:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Experience Pack
[2020/02/02 19:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2020/02/02 19:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2020/02/02 19:55:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2020/02/02 19:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Line Detect
[2020/02/02 19:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2020/02/02 19:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NetWaiting
[2020/02/02 19:54:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2020/02/02 19:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2020/02/02 19:54:26 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2020/02/02 19:54:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SoundMAX
[2020/02/02 19:53:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2020/02/02 19:53:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2020/02/02 19:53:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2020/02/02 19:52:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2020/02/02 19:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2020/02/02 19:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ThinkVantage
[2020/02/02 19:52:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2020/02/02 19:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2020/02/02 19:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Installshield
[2020/02/02 19:50:09 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2020/02/02 19:47:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2020/02/02 19:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2020/02/02 19:43:37 | 000,098,304 | ---- | C] (Atmel, Inc.) -- C:\WINDOWS\System32\TPMDDL.dll
[2020/02/02 19:43:37 | 000,015,872 | ---- | C] (Atmel, Inc.) -- C:\WINDOWS\System32\drivers\atmeltpm.sys
[2020/02/02 19:43:32 | 000,000,000 | ---D | C] -- C:\drivers
[2020/02/02 19:37:39 | 000,000,000 | ---D | C] -- C:\SWTOOLS
[2020/02/02 19:37:21 | 000,000,000 | ---D | C] -- C:\VALUEADD
[2020/02/02 19:37:20 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2020/02/02 19:37:20 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2020/02/02 19:37:20 | 000,000,000 | ---D | C] -- C:\SUPPORT
[2020/02/02 19:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2020/02/02 19:37:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2020/02/02 19:37:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2020/02/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Journal
[2020/02/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2020/02/02 19:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2020/02/02 19:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2020/02/02 19:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2020/02/02 19:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2020/02/02 19:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2020/02/02 19:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2020/02/02 19:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2020/02/02 19:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2020/02/02 19:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2020/02/02 19:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2020/02/02 19:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2020/02/02 19:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2020/02/02 19:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2020/02/02 19:37:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2020/02/02 19:36:58 | 000,000,000 | R--D | C] -- C:\Program Files
[2020/02/02 19:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2020/02/02 19:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2020/02/02 19:36:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2020/02/02 19:36:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2020/02/02 19:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2020/02/02 19:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2020/02/02 19:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tablet PC
[2020/02/02 19:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2020/02/02 19:36:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2020/02/02 19:36:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2020/02/02 19:36:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2020/02/02 19:36:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2020/02/02 19:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2020/02/02 19:36:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2020/02/02 19:36:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2020/02/02 19:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2020/02/02 19:36:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2020/02/02 19:36:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2020/02/02 19:36:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2020/02/02 19:36:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2020/02/02 19:36:46 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2020/02/02 19:36:46 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2020/02/02 19:36:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2020/02/02 19:36:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2020/02/02 19:36:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2020/02/02 19:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2020/02/02 19:36:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2020/02/02 19:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2020/02/02 19:36:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2020/02/02 19:36:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2020/02/02 19:36:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2020/02/02 19:36:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2020/02/02 19:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2020/02/02 19:36:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2020/02/02 19:36:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2020/02/02 19:36:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2020/02/02 19:36:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2020/02/02 19:36:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2020/02/02 19:36:06 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2020/02/02 19:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2020/02/02 19:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2020/02/02 19:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2020/02/02 19:36:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2020/02/02 19:36:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2020/02/02 19:36:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2020/02/02 19:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2020/02/02 19:35:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2020/02/02 19:35:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\dllcache
[2020/02/02 19:35:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2020/02/02 19:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2020/02/02 19:35:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2020/02/02 19:35:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2020/02/02 19:35:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2020/02/02 19:35:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2020/02/02 19:35:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2020/02/02 19:35:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2020/02/02 19:35:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2020/02/02 19:35:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2020/02/02 19:35:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2020/02/02 19:35:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2020/02/02 19:35:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2020/02/02 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2020/02/02 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2020/02/02 19:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2020/02/02 19:35:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2020/02/02 19:35:20 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2020/02/02 19:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2020/02/02 19:35:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2020/02/02 19:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2020/02/02 19:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2020/02/02 19:35:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.Net
[2020/02/02 19:35:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2020/02/02 19:34:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2020/02/02 19:34:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2020/02/02 19:34:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2020/02/02 19:34:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2020/02/02 19:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2020/02/02 19:34:32 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2020/02/02 19:34:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2020/02/02 19:34:22 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2020/02/02 19:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2020/02/02 19:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2020/02/02 19:34:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2020/02/02 19:34:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2020/02/02 19:34:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2020/02/02 19:34:00 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2020/02/02 19:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2020/02/02 19:34:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2020/02/02 19:33:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2020/02/02 19:33:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2020/02/02 19:33:44 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2020/02/02 19:33:13 | 000,000,000 | ---D | C] -- C:\CMPNENTS
[2020/02/02 19:31:49 | 000,000,000 | ---D | C] -- C:\I386
[2011/02/22 16:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Malwarebytes
[2011/02/22 16:57:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/22 16:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/22 16:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/22 16:57:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/22 16:57:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/22 16:42:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/11 16:32:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\My Documents\gegl-0.0
[2011/02/10 22:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\vlc
[2011/02/10 22:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/02/10 22:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/02/10 21:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\My Documents\Blog Templates
[2011/02/06 16:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/02/06 16:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/02/06 10:51:43 | 000,000,000 | ---D | C] -- C:\!KillBox
[2011/02/05 21:40:21 | 001,818,678 | ---- | C] (Silicon Valley Software) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Anim8or.exe
[2011/02/05 21:32:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\My Documents\Animation
[2011/02/05 16:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Desktop\Other Programs
[2011/02/05 16:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Desktop\M Office
[2011/01/25 22:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\skypePM
[2011/01/25 22:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/01/25 22:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/01/25 22:41:21 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/01/25 22:41:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Skype
[2011/01/25 22:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[1 C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp files -> C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2020/02/02 20:19:27 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2020/02/02 20:19:22 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2020/02/02 20:10:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\AccConnAdvanced.html
[2020/02/02 20:08:58 | 000,001,926 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool 2.0.lnk
[2020/02/02 20:04:03 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2020/02/02 20:00:23 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Hexic Deluxe.lnk
[2020/02/02 20:00:23 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\GoBinder Lite.lnk
[2020/02/02 19:54:58 | 000,000,493 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2020/02/02 19:54:34 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\IBM_6366_4DU_TP.MRK
[2020/02/02 19:43:39 | 000,000,099 | ---- | M] () -- C:\syslevel.lgl
[2011/02/24 16:06:12 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/24 16:05:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/24 16:05:00 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/23 13:54:35 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Word.lnk
[2011/02/23 08:39:20 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/02/22 17:28:05 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 19:36:44 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\iTunes.lnk
[2011/02/21 17:11:51 | 000,000,521 | ---- | M] () -- C:\WINDOWS\brwmark.ini
[2011/02/20 21:50:28 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\OneNote.lnk
[2011/02/10 22:03:07 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/10 20:52:21 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/10 20:52:02 | 000,445,098 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/10 20:52:02 | 000,072,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/09 17:46:06 | 000,355,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/06 16:54:03 | 000,001,627 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/06 16:54:03 | 000,001,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/05 23:22:09 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2011/02/05 21:39:59 | 001,818,678 | ---- | M] (Silicon Valley Software) -- C:\Documents and Settings\Genevieve Luyt\Desktop\Anim8or.exe
[2011/02/05 13:36:12 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Powerpoint.lnk
[2011/02/04 20:24:29 | 000,000,993 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/01/25 22:43:50 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[1 C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp files -> C:\Documents and Settings\Genevieve Luyt\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2020/02/02 20:19:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2020/02/02 20:19:06 | 000,000,740 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2020/02/02 20:10:32 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2020/02/02 20:10:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\AccConnAdvanced.html
[2020/02/02 20:09:15 | 001,440,056 | ---- | C] () -- C:\WINDOWS\800_ThinkPad.bmp
[2020/02/02 20:09:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2020/02/02 20:09:14 | 004,410,056 | ---- | C] () -- C:\WINDOWS\1400_ThinkPad.bmp
[2020/02/02 20:09:14 | 002,359,352 | ---- | C] () -- C:\WINDOWS\1024_ThinkPad.bmp
[2020/02/02 20:04:26 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2020/02/02 20:04:03 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2020/02/02 20:01:10 | 000,009,679 | ---- | C] () -- C:\WINDOWS\System32\msxml4r.cat
[2020/02/02 20:01:10 | 000,009,675 | ---- | C] () -- C:\WINDOWS\System32\msxml4.cat
[2020/02/02 20:01:01 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2020/02/02 20:00:23 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\Hexic Deluxe.lnk
[2020/02/02 20:00:23 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Desktop\GoBinder Lite.lnk
[2020/02/02 19:55:17 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2020/02/02 19:55:03 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2020/02/02 19:55:02 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2020/02/02 19:55:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4701.dll
[2020/02/02 19:55:02 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2020/02/02 19:55:02 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2020/02/02 19:55:02 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2020/02/02 19:55:02 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2020/02/02 19:54:34 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\IBM_6366_4DU_TP.MRK
[2020/02/02 19:54:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2020/02/02 19:53:35 | 000,106,496 | ---- | C] () -- C:\WINDOWS\stkbtnpn.dll
[2020/02/02 19:52:43 | 000,025,214 | ---- | C] () -- C:\WINDOWS\System32\TpShocks.ICO
[2020/02/02 19:50:09 | 000,001,018 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
[2020/02/02 19:49:48 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2020/02/02 19:44:46 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\tp4uires.dll
[2020/02/02 19:44:46 | 000,013,233 | ---- | C] () -- C:\WINDOWS\System32\tp4scrol.htm
[2020/02/02 19:43:41 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2020/02/02 19:43:37 | 000,002,790 | ---- | C] () -- C:\WINDOWS\System32\e1e5132.din
[2020/02/02 19:43:35 | 000,077,083 | ---- | C] () -- C:\WINDOWS\System32\tp4-sc.gif
[2020/02/02 19:43:35 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\tp4unins.exe
[2020/02/02 19:43:35 | 000,028,493 | ---- | C] () -- C:\WINDOWS\System32\tp4-mg.gif
[2020/02/02 19:43:35 | 000,005,788 | ---- | C] () -- C:\WINDOWS\System32\tp4table.dat
[2020/02/02 19:43:35 | 000,005,537 | ---- | C] () -- C:\WINDOWS\System32\tp4scrol.css
[2020/02/02 19:43:35 | 000,000,201 | ---- | C] () -- C:\WINDOWS\System32\tp4-note.gif
[2020/02/02 19:43:34 | 000,141,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2020/02/02 19:43:32 | 000,000,099 | ---- | C] () -- C:\syslevel.lgl
[2011/02/10 22:03:07 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/02/06 16:54:03 | 000,001,627 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/02/06 16:54:03 | 000,001,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/02/05 23:22:08 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2011/02/05 23:21:19 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/04 20:29:33 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Start Menu\Programs\Adobe Photoshop 7.0.lnk
[2011/02/04 20:29:05 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Start Menu\Programs\Adobe ImageReady 7.0.lnk
[2011/02/04 20:24:29 | 000,000,993 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2011/01/25 22:43:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/25 22:41:35 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/02 10:17:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2010/09/02 10:17:39 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2010/09/02 10:17:37 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/09/02 10:15:00 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/09/02 10:07:49 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\Procdb.ini
[2010/06/14 18:21:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\$_hpcst$.hpc
[2010/03/21 17:40:38 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/03 20:20:25 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/12/02 18:16:47 | 000,001,627 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2008/10/13 14:09:24 | 000,000,072 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2008/08/07 14:06:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/07/13 20:32:13 | 000,000,172 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/04/09 16:17:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/02/15 23:22:37 | 000,000,042 | -HS- | C] () -- C:\Documents and Settings\Genevieve Luyt\Application Data\PT4CJXFHYGGCXPMX73253MC85G
[2007/01/28 14:14:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007/01/20 22:07:37 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2007/01/20 22:06:50 | 000,000,521 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/01/20 22:06:50 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/01/20 22:06:50 | 000,000,105 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/01/20 22:06:50 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/01/18 17:32:55 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 11:04:51 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tvt_userinfo.ini
[2007/01/10 10:57:14 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Genevieve Luyt\Local Settings\Application Data\fusioncache.dat
[2007/01/09 19:55:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/01/09 19:55:32 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/01/09 19:55:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/01/09 19:55:32 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/01/09 19:55:32 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/01/09 19:55:32 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/01/09 19:54:54 | 000,000,187 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/10/10 20:04:16 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2006/10/10 20:04:12 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2006/09/14 08:59:23 | 001,490,999 | ---- | C] () -- C:\WINDOWS\System32\tkbtnpn1.dll
[2006/04/30 15:36:03 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 08:03:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/03 13:58:12 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2006/01/03 13:58:12 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2006/01/03 13:58:12 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[2006/01/03 13:57:58 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2006/01/03 13:57:58 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2005/08/08 10:27:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2020/02/02 20:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix
[2020/02/02 20:01:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agilix GoBinder
[2008/12/04 17:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2007/01/10 11:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo
[2010/12/24 14:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2010/09/02 10:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/12/15 20:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2010/07/07 15:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/24 20:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Blender Foundation
[2010/01/06 22:12:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Clickteam
[2010/12/02 19:36:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\DigiCel
[2007/01/09 23:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\InterVideo
[2008/01/02 08:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Leadertech
[2010/09/02 09:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\Lenovo
[2011/01/18 18:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\mjusbsp
[2007/01/10 17:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\MSNInstaller
[2010/11/02 15:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\ScanSoft
[2020/02/02 20:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Genevieve Luyt\Application Data\ThinkVantage

========== Purity Check ==========



< End of report >
  • 0

#10
sempai
Posted 25 February 2011 - 07:31 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Glad to know that everything is working right now :D


========================================


1. Please go to http://virscan.org/
  • Navigate the following file path into the "Suspicious files to scan" box on the top of the page:

    C:\WINDOWS\System32\BRTCPCON.DLL
    C:\WINDOWS\System32\BRLMW03A.INI
    C:\WINDOWS\System32\BrMuSNMP.dll

  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


2. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 24 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment (JRE or J2SE) in the name).
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version.


3. Update Adobe Reader so you will not become vulnerable for infections.
  • Uninstall your old version of Adobe Reader.
  • Download the latest version of Adobe Reader. --> HERE
  • Unchecked any optional download like Free Google Toolbar or Free McAfee® Security Scan Plus.
  • Click download to download the file and install it by following the prompts.

  • 0

#11
Geny
Posted 26 February 2011 - 12:51 AM

Geny

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Note: This file has been scanned before. Therefore, this file's scan result will not be stored in the database.

VirSCAN.org Scanned Report :
Scanned time : 2011/02/25 21:42:35 (PST)
Scanner results: Scanners did not find malware!
File Name : BRTCPCON.DLL
File Size : 45056 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 954388d98b5cbfa1d32c5d43d5fa5275
SHA1 : be8035bb4d83137cac6a4220e0a1e951f8b31b3a
Online report : http://virscan.org/r...970d3e1a96.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110216210205 2011-02-16 0.47 -
AhnLab V3 2011.02.26.00 2011.02.26 2011-02-26 1.66 -
AntiVir 8.2.4.176 7.11.3.240 2011-02-25 0.32 -
Antiy 2.0.18 20110217.7833565 2011-02-17 0.18 -
Arcavir 2010 201102261233 2011-02-26 0.07 -
Authentium 5.1.1 201102251937 2011-02-25 1.56 -
AVAST! 4.7.4 110225-1 2011-02-25 0.01 -
AVG 8.5.850 271.1.1/3468 2011-02-26 0.30 -
BitDefender 7.90123.6687773 7.36425 2011-02-26 6.58 -
ClamAV 0.96.5 12781 2011-02-26 0.04 -
Comodo 4.0 7812 2011-02-25 1.75 -
CP Secure 1.3.0.5 2011.02.25 2011-02-25 0.06 -
Dr.Web 5.0.2.3300 2011.02.26 2011-02-26 14.97 -
F-Prot 4.4.4.56 20110225 2011-02-25 1.64 -
F-Secure 7.02.73807 2011.02.26.01 2011-02-26 0.25 -
Fortinet 4.2.254 12.934 2011-02-25 0.55 -
GData 21.1888/21.712 20110225 2011-02-25 26.11 -
ViRobot 20110225 2011.02.25 2011-02-25 1.66 -
Ikarus T3.1.32.15.0 2011.02.25.77810 2011-02-25 4.51 -
JiangMin 13.0.900 2011.02.25 2011-02-25 3.45 -
Kaspersky 5.5.10 2011.02.25 2011-02-25 0.16 -
KingSoft 2009.2.5.15 2011.2.26.9 2011-02-26 5.27 -
McAfee 5400.1158 6268 2011-02-25 7.37 -
Microsoft 1.6603 2011.02.26 2011-02-26 23.85 -
NOD32 3.0.21 5907 2011-02-25 0.01 -
Norman 6.07.03 6.07.00 2011-02-25 14.03 -
Panda 9.05.01 2011.02.25 2011-02-25 19.81 -
Trend Micro 9.200-1012 7.858.15 2011-02-25 0.04 -
Quick Heal 11.00 2011.02.25 2011-02-25 3.48 -
Rising 20.0 23.46.04.05 2011-02-25 3.94 -
Sophos 3.16.1 4.62 2011-02-26 3.43 -
Sunbelt 3.9.2474.2 8530 2011-02-24 11.16 -
Symantec 1.3.0.24 20110225.003 2011-02-25 0.24 -
nProtect 20110225.01 3207073 2011-02-25 33.55 -
The Hacker 6.7.0.1 v00140 2011-02-25 0.67 -
VBA32 3.12.14.3 20110224.2113 2011-02-24 3.60 -
VirusBuster 5.2.0.28 13.6.222.1/45606852011-02-26 0.00 -



VirSCAN.org Scanned Report :
Scanned time : 2011/02/25 22:05:53 (PST)
Scanner results: Scanners did not find malware!
File Name : BRLMW03A.INI
File Size : 114 byte
File Type : ASCII text, with CRLF line terminators
MD5 : c0497c30e6976143cb46c016e8333707
SHA1 : c3ecb89ed5257f1489d6fff49d2c5657cc2cbedb
Online report : http://virscan.org/r...8eef3c007a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110216210205 2011-02-16 2.58 -
AhnLab V3 2011.02.26.00 2011.02.26 2011-02-26 5.44 -
AntiVir 8.2.4.176 7.11.3.240 2011-02-25 0.27 -
Antiy 2.0.18 20110217.7833565 2011-02-17 0.12 -
Arcavir 2010 201102261233 2011-02-26 0.03 -
Authentium 5.1.1 201102251937 2011-02-25 1.53 -
AVAST! 4.7.4 110225-1 2011-02-25 0.00 -
AVG 8.5.850 271.1.1/3468 2011-02-26 0.24 -
BitDefender 7.90123.6687773 7.36425 2011-02-26 7.59 -
ClamAV 0.96.5 12781 2011-02-26 0.00 -
Comodo 4.0 7812 2011-02-25 4.42 -
CP Secure 1.3.0.5 2011.02.25 2011-02-25 0.01 -
Dr.Web 5.0.2.3300 2011.02.26 2011-02-26 10.88 -
F-Prot 4.4.4.56 20110225 2011-02-25 2.89 -
F-Secure 7.02.73807 2011.02.26.01 2011-02-26 4.90 -
Fortinet 4.2.254 12.934 2011-02-25 2.54 -
GData 21.1888/21.712 20110225 2011-02-25 28.84 -
ViRobot 20110225 2011.02.25 2011-02-25 1.12 -
Ikarus T3.1.32.15.0 2011.02.25.77810 2011-02-25 4.59 -
JiangMin 13.0.900 2011.02.25 2011-02-25 3.50 -
Kaspersky 5.5.10 2011.02.25 2011-02-25 0.04 -
KingSoft 2009.2.5.15 2011.2.26.9 2011-02-26 4.36 -
McAfee 5400.1158 6268 2011-02-25 7.91 -
Microsoft 1.6603 2011.02.26 2011-02-26 30.07 -
NOD32 3.0.21 5907 2011-02-25 0.00 -
Norman 6.07.03 6.07.00 2011-02-25 12.02 -
Panda 9.05.01 2011.02.25 2011-02-25 16.75 -
Trend Micro 9.200-1012 7.858.15 2011-02-25 0.08 -
Quick Heal 11.00 2011.02.25 2011-02-25 4.13 -
Rising 20.0 23.46.04.05 2011-02-25 0.65 -
Sophos 3.16.1 4.62 2011-02-26 6.44 -
Sunbelt 3.9.2474.2 8530 2011-02-24 7.45 -
Symantec 1.3.0.24 20110225.003 2011-02-25 0.41 -
nProtect 20110225.01 3207073 2011-02-25 40.17 -
The Hacker 6.7.0.1 v00140 2011-02-25 4.03 -
VBA32 3.12.14.3 20110224.2113 2011-02-24 3.38 -
VirusBuster 5.2.0.28 13.6.222.1/45606852011-02-26 0.00 -





VirSCAN.org Scanned Report :
Scanned time : 2011/02/25 22:16:52 (PST)
Scanner results: Scanners did not find malware!
File Name : BrMuSNMP.dll
File Size : 106496 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 97c8fc42065e54c0fb764ed3a22443db
SHA1 : bab18ce204681054398ff9b9f165113c474f54b1
Online report : http://virscan.org/r...77d0cd9148.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.2 20110216210205 2011-02-16 0.68 -
AhnLab V3 2011.02.26.00 2011.02.26 2011-02-26 1.66 -
AntiVir 8.2.4.176 7.11.3.240 2011-02-25 0.50 -
Antiy 2.0.18 20110217.7833565 2011-02-17 0.32 -
Arcavir 2010 201102261233 2011-02-26 0.19 -
Authentium 5.1.1 201102251937 2011-02-25 3.44 -
AVAST! 4.7.4 110225-1 2011-02-25 0.01 -
AVG 8.5.850 271.1.1/3468 2011-02-26 0.80 -
BitDefender 7.90123.6687773 7.36425 2011-02-26 13.74 -
ClamAV 0.96.5 12781 2011-02-26 0.08 -
Comodo 4.0 7812 2011-02-25 1.62 -
CP Secure 1.3.0.5 2011.02.25 2011-02-25 0.06 -
Dr.Web 5.0.2.3300 2011.02.26 2011-02-26 19.88 -
F-Prot 4.4.4.56 20110225 2011-02-25 2.17 -
F-Secure 7.02.73807 2011.02.26.01 2011-02-26 0.44 -
Fortinet 4.2.254 12.934 2011-02-25 1.98 -
GData 21.1888/21.712 20110225 2011-02-25 40.19 -
ViRobot 20110225 2011.02.25 2011-02-25 12.63 -
Ikarus T3.1.32.15.0 2011.02.25.77810 2011-02-25 4.56 -
JiangMin 13.0.900 2011.02.25 2011-02-25 0.26 -
Kaspersky 5.5.10 2011.02.25 2011-02-25 15.05 -
KingSoft 2009.2.5.15 2011.2.26.9 2011-02-26 40.13 -
McAfee 5400.1158 6268 2011-02-25 14.40 -
Microsoft 1.6603 2011.02.26 2011-02-26 40.17 -
NOD32 3.0.21 5907 2011-02-25 0.00 -
Norman 6.07.03 6.07.00 2011-02-25 14.01 -
Panda 9.05.01 2011.02.25 2011-02-25 40.13 -
Trend Micro 9.200-1012 7.858.15 2011-02-25 0.04 -
Quick Heal 11.00 2011.02.25 2011-02-25 40.13 -
Rising 20.0 23.46.04.05 2011-02-25 40.13 -
Sophos 3.16.1 4.62 2011-02-26 3.03 -
Sunbelt 3.9.2474.2 8530 2011-02-24 40.12 -
Symantec 1.3.0.24 20110225.003 2011-02-25 0.05 -
nProtect 20110225.01 3207073 2011-02-25 40.13 -
The Hacker 6.7.0.1 v00140 2011-02-25 40.13 -
VBA32 3.12.14.3 20110224.2113 2011-02-24 3.73 -
VirusBuster 5.2.0.28 13.6.222.1/45606852011-02-26 0.00 -




Thanks so much for all of your help! My computer and I are now very happy campers! And thanks also for making the world a better place. Geeks to Go shows that not everyone is interested in just money. I'll be sure to recommend you guys and mention you on my blog!
  • 0

#12
sempai
Posted 26 February 2011 - 03:20 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
You're welcome. :D

Congrats! The log is clean and you're good to go.


Uninstall:

ESET online scanner

  • Go to Control Panel > Add Remove Programs > locate and remove ESET Online Scanner.


Clean-up with OTL:
  • Run OTL
  • Click on the CleanUp! button.


Purging System Restore Points
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.



===========================================


Take the time to read below to secure your machine and take the necessary steps to keep it Clean :D

How to prevent malware

How to increase PC speed


Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:

  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.


  • 0

#13
sempai
Posted 27 February 2011 - 06:16 AM

sempai

    Trusted Helper

  • Malware Removal
  • 785 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP