Virtumonde & Combofix Help Please!!!!

I have been infected with what I believe is virtumonde but cannot get rid of it on my computer. I have run Combofix a couple of times and here is the log file produced from the most latest run. Can someone please lead me in the right direction?? Thank you.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.

2008-08-29 14:15 . 2008-08-29 14:15 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-08-29 14:15 . 2008-08-29 14:14 160,792 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-08-29 14:14 . 2008-08-29 14:15 d-------- C:\Program Files\Common Files\PC Tools
2008-08-28 10:05 . 2008-08-28 10:05 d-------- C:\Documents and Settings\lmeyers\Application Data\PC Tools
2008-08-28 10:04 . 2008-08-28 10:04 d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-08-27 19:37 . 2008-08-31 07:41 d-------- C:\Program Files\Spyware Doctor
2008-08-27 19:37 . 2008-06-10 21:22 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-27 19:37 . 2008-06-02 15:19 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-27 19:37 . 2008-06-02 15:19 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-27 19:37 . 2008-06-02 15:19 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-26 19:11 . 2008-08-26 19:11 d-------- C:\Program Files\Lavasoft
2008-08-26 19:11 . 2008-08-28 10:04 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-20 07:17 . 2008-08-20 07:17 d-------- C:\Program Files\UltraMon
2008-08-20 07:17 . 2008-08-20 07:17 d-------- C:\Program Files\Common Files\Realtime Soft
2008-08-18 14:30 . 2008-08-18 14:30 d-------- C:\Program Files\CCleaner
2008-08-17 19:49 . 2008-08-17 19:49 d–h----- C:\BJPrinter
2008-08-17 19:49 . 2004-04-23 14:00 116,736 --a------ C:\WINDOWS\system32\CNMLM5y.DLL
2008-08-17 19:49 . 2004-03-12 01:06 86,016 --a------ C:\WINDOWS\system32\CNMCP5y.exe
2008-08-17 19:49 . 2004-04-23 14:00 7,680 --a------ C:\WINDOWS\system32\CNMVS5y.DLL
2008-08-15 07:05 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-15 07:04 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-07 11:06 . 2008-08-07 11:06 0 --------- C:\G303-R0A.pdf
2008-08-07 10:52 . 2008-08-07 10:52 713,354 --a------ C:\G201-R00.pdf
2008-08-01 14:28 . 2008-08-01 14:28 460,956 --a------ C:\P112-R0C.pdf
2008-07-31 10:38 . 2008-07-31 10:38 d-------- C:\Documents and Settings\syoung\Application Data\Realtime Soft
2008-07-31 10:35 . 2007-09-02 11:53 d-------- C:\Documents and Settings\syoung\Bluetooth Software
2008-07-31 10:35 . 2007-09-02 12:16 d-------- C:\Documents and Settings\syoung\Application Data\ThinkVantage
2008-07-31 10:35 . 2007-09-02 12:04 d-------- C:\Documents and Settings\syoung\Application Data\Symantec
2008-07-31 10:35 . 2007-09-02 12:16 d-------- C:\Documents and Settings\syoung\Application Data\Lenovo
2008-07-31 10:35 . 2008-07-31 10:38 d-------- C:\Documents and Settings\syoung\Application Data\ATI
2008-07-31 10:35 . 2008-07-31 10:35 d-------- C:\Documents and Settings\syoung
2008-07-28 14:14 . 2005-05-10 16:18 37,376 --a------ C:\WINDOWS\system32\hpz3l3xt.dll
2008-07-25 13:26 . 2008-07-25 13:26 d-------- C:\AMD
2008-07-25 09:04 . 2008-07-25 09:04 d-------- C:\Documents and Settings\lmeyers\Application Data\PC-FAX TX
2008-07-25 08:55 . 2008-07-25 09:41 1,029 --a------ C:\WINDOWS\Brpfx04a.ini
2008-07-25 08:55 . 2008-07-25 09:05 153 --a------ C:\WINDOWS\brpcfx.ini
2008-07-25 08:55 . 2008-07-25 08:55 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-07-25 08:54 . 2008-07-25 08:54 d-------- C:\Program Files\Brother
2008-07-25 08:52 . 2008-07-25 08:52 d-------- C:\Program Files\Nuance
2008-07-25 08:52 . 2006-10-24 14:34 31,567 --a------ C:\WINDOWS\maxlink.ini
2008-07-25 08:51 . 2008-07-25 08:51 d-------- C:\Program Files\ScanSoft
2008-07-25 08:51 . 2008-07-25 08:51 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-07-25 08:51 . 2008-07-25 08:52 d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft
2008-07-25 08:50 . 2008-07-25 08:50 d-------- C:\Documents and Settings\All Users\Application Data\Brother
2008-07-24 13:35 . 2008-07-24 13:35 512,641 --a------ C:\P101-R0C.pdf
2008-07-24 10:28 . 2006-10-18 18:32 37,248 --a------ C:\WINDOWS\system32\drivers\lknuhub.sys
2008-07-24 10:28 . 2007-02-14 11:26 12,032 --a------ C:\WINDOWS\system32\drivers\lknuhst.sys
2008-07-24 10:28 . 2007-10-11 01:11 813 -ra------ C:\setup.iss
2008-07-24 08:50 . 2008-07-31 09:54 71,168 --a------ C:\MMPA CALENDAR.xls
2008-07-22 10:50 . 2008-07-22 10:50 2,326,528 --a------ C:\CDL071608-MMPA.XLS
2008-07-22 10:49 . 2008-07-22 10:49 567,563 --a------ C:\P110-R0C.pdf
2008-07-18 11:34 . 2008-07-18 14:36 d-------- C:\Documents and Settings\lmeyers\Application Data\Move Networks
2008-07-16 08:56 . 2008-07-16 08:56 d-------- C:\Program Files\KIP
2008-07-16 08:56 . 2008-07-16 08:56 d-------- C:\Program Files\Common Files\KIP
2008-07-16 08:55 . 2008-07-16 08:55 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-07-16 08:53 . 2008-07-16 08:53 d-------- C:\KUWPD
2008-07-16 08:53 . 2007-02-07 15:00 37,888 --------- C:\WINDOWS\system32\kuwxpppm.dll
2008-07-07 16:26 . 2008-07-07 16:26 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll
2008-07-02 13:38 . 2008-07-02 13:38 dr------- C:\Documents and Settings\lmeyers\Application Data\Brother
2008-07-02 13:38 . 2008-07-25 08:55 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-07-02 13:38 . 2008-07-25 08:55 34 --a------ C:\WINDOWS\system32\BD7840W.DAT
2008-07-02 13:23 . 2006-12-28 13:39 176,128 --------- C:\WINDOWS\system32\BroSNMP.dll
2008-07-02 13:23 . 2007-08-19 12:34 94,208 --a------ C:\WINDOWS\system32\BRRBTOOL.EXE
2008-07-02 13:23 . 2004-08-09 11:42 77,824 --a------ C:\WINDOWS\system32\BRLMW03A.DLL
2008-07-02 13:23 . 2005-01-17 03:10 45,056 --a------ C:\WINDOWS\system32\BRTCPCON.DLL
2008-07-02 13:23 . 2004-09-23 11:00 24,223 --a------ C:\WINDOWS\system32\BRLM03A.DLL
2008-07-02 13:23 . 2004-08-09 03:00 114 --a------ C:\WINDOWS\system32\BRLMW03A.INI

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 11:41 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-31 11:40 5,427 ----a-w C:\WINDOWS\system32\EGATHDRV.SYS
2008-08-29 02:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-28 14:05 --------- d-----w C:\Documents and Settings\SS\Application Data\Lavasoft
2008-08-28 14:04 --------- d-----w C:\Documents and Settings\lmeyers\Application Data\uTorrent
2008-08-26 23:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 18:00 --------- d-----w C:\Documents and Settings\lmeyers\Application Data\AdobeUM
2008-08-07 00:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lenovo
2008-08-05 00:06 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-29 11:50 --------- d-----w C:\Program Files\Java
2008-07-25 12:54 --------- d–h–w C:\Program Files\InstallShield Installation Information
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-16 15:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 90,112 ------w C:\WINDOWS\system32\dllcache\wshext.dll
2008-05-09 10:53 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 180,224 ------w C:\WINDOWS\system32\dllcache\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-09 10:53 172,032 ------w C:\WINDOWS\system32\dllcache\scrrun.dll
2008-05-08 14:02 203,136 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-08 11:24 155,648 ------w C:\WINDOWS\system32\dllcache\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 09:07 135,168 ------w C:\WINDOWS\system32\dllcache\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-02-04 13:07 88,064 —ha-w C:\Documents and Settings\lmeyers\Application Data\rbap550.dll
2008-02-04 13:07 73,728 —ha-w C:\Documents and Settings\lmeyers\Application Data\RBRegEx550.dll
2008-02-04 13:07 29,184 —ha-w C:\Documents and Settings\lmeyers\Application Data\RBInternetEncodings550.dll
2008-05-27 19:09 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052720080528\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-29_15.35.14.56 )))))))))))))))))))))))))))))))))))))))))
.

  • 2008-08-26 13:42:20 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
  • 2008-08-31 11:42:19 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
  • 2008-08-26 13:42:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
  • 2008-08-31 11:42:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
  • 2008-08-26 13:42:20 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • 2008-08-31 11:42:19 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
  • 2008-08-29 19:25:04 71,308 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-08-31 11:45:34 71,710 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-08-29 19:25:04 441,624 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-08-31 11:45:34 442,192 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-08-31 11:50:50 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_158.dat
  • 2008-08-31 11:40:04 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_394.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    Note empty entries & legit default entries are not shown
    REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2008-04-13 20:12 15360]
“pdfSaver3”=“C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe” [2004-08-10 10:45 380928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“PWRMGRTR”=“C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL” [2007-12-07 02:22 200704]
“BLOG”=“C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL” [2007-12-07 02:22 208896]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2007-08-11 01:30 110592]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-08-11 01:30 512000]
“EZEJMNAP”=“C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe” [2006-02-23 13:22 237568]
“TPKMAPHELPER”=“C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe” [2006-06-03 01:00 856064]
“TPHOTKEY”=“C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe” [2007-03-09 15:49 66176]
“LPManager”=“C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe” [2006-07-04 12:11 110592]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784]
“AMSG”=“C:\Program Files\ThinkVantage\AMSG\Amsg.exe” [2005-11-14 02:23 487424]
“DLA”=“C:\WINDOWS\System32\DLA\DLACTRLW.EXE” [2006-02-02 08:20 122940]
“ISUSPM Startup”=“C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2004-07-27 19:50 221184]
“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2005-02-16 16:15 81920]
“AwaySch”=“C:\Program Files\Lenovo\AwayTask\AwaySch.EXE” [2006-08-16 13:07 69632]
“TVT Scheduler Proxy”=“C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe” [2008-03-04 10:34 487424]
“DiskeeperSystray”=“C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe” [2006-05-18 19:24 196696]
“ACTray”=“C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe” [2007-07-05 15:58 413696]
“ACWLIcon”=“C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe” [2007-07-05 15:51 126976]
“PDService.exe”=“C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe” [2006-03-13 19:38 41472]
“cssauth”=“C:\Program Files\Lenovo\Client Security Solution\cssauth.exe” [2006-07-14 21:13 2341632]
“OfficeScanNT Monitor”=“C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe” [2006-02-07 16:16 356352]
“Discovery User Input”=“C:\Discovery\User Input\userin32.exe” [2005-11-10 15:58 212992]
“Client Access Service”=“C:\Program Files\IBM\Client Access\cwbsvstr.exe” [2006-12-04 08:40 20531]
“Acrobat Assistant 7.0”=“C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” [2008-04-23 02:08 483328]
“SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2005-05-20 10:11 925696]
“IBM Warranty Notification”=“C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe” [2004-03-12 19:24 106496]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 13:35 90112]
“Verizon_McciTrayApp”=“C:\Program Files\Verizon\McciTrayApp.exe” [2007-03-11 17:37 936960]
“EPSON Stylus CX7800 Series”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE” [2005-04-07 04:00 98304]
“EPSON Stylus CX7800 Series (Copy 1)”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE” [2005-04-07 04:00 98304]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2008-05-27 10:50 413696]
“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2008-06-02 11:13 267048]
“SSBkgdUpdate”=“C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” [2006-10-25 09:03 210472]
“PaperPort PTD”=“C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe” [2007-10-11 19:03 29984]
“IndexSearch”=“C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe” [2007-10-11 19:01 46368]
“PPort11reminder”=“C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe” [2007-08-31 09:01 328992]
“BrMfcWnd”=“C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe” [2008-02-19 08:22 1089536]
“ControlCenter3”=“C:\Program Files\Brother\ControlCenter3\brctrcen.exe” [2007-12-21 17:57 86016]
“TpShocks”=“TpShocks.exe” [2007-09-28 14:28 181544 C:\WINDOWS\system32\TpShocks.exe]
“TP4EX”=“tp4ex.exe” [2005-10-17 04:11 65536 C:\WINDOWS\system32\TP4EX.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-11-14 16:21:50 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 04:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 03:01:50 734872]
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2006-05-31 17:51:02 622653]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe [2008-03-01 00:54:44 1269836]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-09-02 11:54:09 24576]
RVIUpdate.lnk - C:\RVI\RVIUPDATE.exe [2008-02-25 16:47:10 99832]
UltraMon.lnk - C:\WINDOWS\Installer{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-08-20 07:17:18 29310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 13:07 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 17:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 12:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
2007-07-05 15:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\uTorrent\uTorrent.exe”=
“C:\Program Files\iTunes\iTunes.exe”=
“C:\Program Files\Brother\Brmfl08g\FAXRX.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“5900:TCP”= 5900:TCP:vnc
“5800:TCP”= 5800:TCP:vncjava
“54925:UDP”= 54925:UDP:BrotherNetwork Scanner

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
“AllowInboundEchoRequest”= 1 (0x1)

R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 17:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 17:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 12:24]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-08-29 14:14]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-12-07 02:22]
R2 CVPNDRV;Cisco Systems IPsec Driver;C:\WINDOWS\system32\Drivers\CVPNDRV.sys [2002-10-28 19:02]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\system32\Machnm32.sys [2003-08-13 03:27]
R2 PrivateDisk;PrivateDisk;C:\Program Files\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys [2006-03-13 19:05]
R2 smi2;smi2;C:\Program Files\SMI2\smi2.sys [2006-07-14 18:55]
R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 16:46]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2006-09-24 20:22]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2007-02-14 11:26]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
R3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 20:23]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-05-14 13:21]
S3 CdProbe;CdProbe;C:\WINDOWS\system32\DRIVERS\cdprobe.sys [2007-11-15 22:53]
S3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP);C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-04-01 06:45]
S3 PTDCMdm;PANTECH PC Card Drivers (UDP);C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-04-01 06:45]
S3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP);C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-04-01 06:45]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the ‘Scheduled Tasks’ folder

2008-08-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-29 C:\WINDOWS\Tasks\PMTask.job

  • C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-12-07 02:22]
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\lmeyers\Application Data\Mozilla\Firefox\Profiles\nkwr1e3i.default
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
    FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.1.0.30401.0.dll
    FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
    .

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 08:09:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0


.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
→ C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2008-08-31 8:10:08
ComboFix-quarantined-files.txt 2008-08-31 12:09:48
ComboFix2.txt 2008-08-29 19:52:24
ComboFix3.txt 2008-08-29 19:36:52
ComboFix4.txt 2008-08-29 19:18:15

Pre-Run: 29,643,714,560 bytes free
Post-Run: 29,620,310,016 bytes free

284 — E O F — 2008-08-16 12:16:24

Hi
I think everyone saw three responses and thought you were well on the way to wellness
I do not do combofix but knowing those who do I would suggest the following
Let me know if you have any anti malware/ anti spyware software installed and if you have run any scans
please run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

* Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
* Then select the items you wish to clean up.
* In the Windows Tab:
* Clean all entries in the Internet Explorer section except Cookies
* Clean all the entries in the Windows Explorer section
* Clean all entries in the System section
* Clean all entries in the Advanced section
* Clean any others that you choose
* In the Applications Tab:
* Clean all except cookies in the Firefox/Mozilla section if you use it
* Clean all in the Opera section if you use it
* Clean Sun Java in the Internet Section
* Clean any others that you choose
* Click the Run Cleaner button.
* A pop up box will appear advising this process will permanently delete files from your system.
* Click OK and it will scan and clean your system.
* Click exit when done.
* If it asks you to reboot at the end, click NO

then
Retrieve the Installed Programs List from CCleaner

Open CCleaner if it’s not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
post the installed programs list

make sure you have no virus
rt click the ball and update programs(and vbs)
rt click the ball and schedule a boot time scan
reboot

If you have done this recently please run a Kaspersky on line scan and post the log if any hits
on all of these please quarentine do not delete/ remove

Check for other complications (and if we are lucky will catch most versions of virtumond)
download, update and run Malware Bytes Anti Malware, update, run, check all hits, click REMOVE CHECKED
a backup will be made
post the log if any hits

I prefer that the recovery console be installed
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed

please run the secunia software inspector and see if everything is up to date

please read the stickie at the top of this forum and post a HJT (in normal not safe mode)

I’ll PM someone to look at your combofix log
)you will most likely be asked to attach a new one after the above scans by the combofix script writing expert if needed)

Hi I see two firewalls but no Antivirus, although there are signs of a Kaspersky online scan. But apart from that a quick glance shows not a great deal amiss . What symptoms are you experiencing ?

Once I log on, I am experiencing a very very slow processor. The light on my notebook for the processor blips about every 15 seconds. When I click on something, it takes about a minute for it to highlight and twice as long for the program to open. I will work on what essexboy has posted. Let me know if I should post something.

Lets have a quick look at your processes and registry

Download OTViewIt to your desktop.

[*]Close all windows and double click OTViewIt
[*]Place a tick in the Scan all Users box
[*]Click Run Scan and let the program run uninterrupted
[*]On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

OTViewIt logfile created on: 9/3/2008 8:22:56 AM - Run 1
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\lmeyers\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.67% Memory free
3.85 Gb Paging File | 3.34 Gb Available in Paging File | 86.92% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.71 Gb Total Space | 27.24 Gb Free Space | 31.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 339-23448
Current User Name: lmeyers
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[06/01/2007 02:02 AM | 00,036,400 | ---- | M] (Lenovo) - C:\WINDOWS\system32\ibmpmsvc.exe
[08/16/2006 01:07 PM | 00,073,728 | ---- | M] (Lenovo Group Limited) - C:\WINDOWS\system32\IPSSVC.EXE
[07/05/2007 04:05 PM | 00,065,536 | ---- | M] (Lenovo ) - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
[04/06/2007 10:25 AM | 00,364,628 | ---- | M] (Atheros) - C:\WINDOWS\system32\acs.exe
[11/10/2005 03:56 PM | 00,774,144 | ---- | M] (Centennial Software Limited ) - C:\CENTENN.IAL\AUDIT\cagent32.exe
[11/10/2005 04:01 PM | 00,073,728 | ---- | M] (Centennial Software Limited ) - C:\CENTENN.IAL\AUDIT\xferwan.exe
[05/24/2006 12:08 AM | 00,622,700 | ---- | M] (Diskeeper Corporation) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
[01/04/2007 08:48 PM | 00,112,152 | R— | M] (InterVideo) - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[03/28/2005 09:49 AM | 00,057,393 | ---- | M] (IBM Corp) - C:\Program Files\lotus\notes\ntmulti.exe
[09/26/2007 06:34 PM | 00,644,408 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
[09/28/2007 05:29 PM | 00,037,424 | ---- | M] (Lenovo.) - C:\WINDOWS\system32\TPHDEXLG.exe
[06/07/2005 12:26 AM | 00,032,768 | ---- | M] () - C:\WINDOWS\system32\TpKmpSvc.exe
[07/14/2006 08:42 PM | 00,723,712 | ---- | M] (IBM) - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
[07/14/2006 09:01 PM | 01,974,272 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
[04/16/2008 01:00 PM | 01,122,304 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
[07/14/2006 06:52 PM | 00,045,056 | ---- | M] () - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
[06/15/2004 05:29 PM | 00,380,928 | ---- | M] (RealVNC Ltd.) - C:\Program Files\RealVNC\VNC4\winvnc4.exe
[07/05/2007 04:03 PM | 00,184,320 | ---- | M] (Lenovo ) - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
[04/29/2008 03:43 PM | 00,032,768 | ---- | M] (Lenovo Group Limited) - c:\Program Files\Lenovo\System Update\SUService.exe
[07/14/2006 08:36 PM | 00,022,016 | ---- | M] () - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
[08/11/2007 01:30 AM | 00,110,592 | ---- | M] (Synaptics, Inc.) - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[08/11/2007 01:30 AM | 00,512,000 | ---- | M] (Synaptics, Inc.) - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[02/23/2006 01:22 PM | 00,237,568 | ---- | M] (Lenovo Group Limited) - C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE
[09/28/2007 02:28 PM | 00,181,544 | ---- | M] (Lenovo.) - C:\WINDOWS\system32\TpShocks.exe
[03/09/2007 03:49 PM | 00,066,176 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
[11/14/2005 02:23 AM | 00,487,424 | ---- | M] (LENOVO) - C:\Program Files\ThinkVantage\AMSG\Amsg.exe
[03/08/2007 02:16 PM | 00,073,776 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
[05/30/2006 02:05 AM | 00,086,016 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
[08/16/2006 01:07 PM | 00,069,632 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
[03/04/2008 10:34 AM | 00,487,424 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[07/05/2007 03:58 PM | 00,413,696 | ---- | M] (Lenovo ) - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
[07/05/2007 03:51 PM | 00,126,976 | ---- | M] (Lenovo ) - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
[03/13/2006 07:38 PM | 00,041,472 | R— | M] (Utimaco Safeware AG) - C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
[07/14/2006 09:13 PM | 02,341,632 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
[05/18/2006 07:24 PM | 00,196,696 | ---- | M] (Diskeeper Corporation) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
[02/07/2006 04:10 PM | 00,172,099 | ---- | M] () - C:\WINDOWS\temp\PV1AD2.EXE
[07/17/2007 12:13 PM | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[03/11/2007 05:37 PM | 00,936,960 | ---- | M] (Motive Communications, Inc.) - C:\Program Files\Verizon\McciTrayApp.exe
[04/07/2005 04:00 AM | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAFA.EXE
[10/11/2007 07:03 PM | 00,029,984 | ---- | M] (Nuance Communications, Inc.) - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
[08/10/2004 10:45 AM | 00,380,928 | ---- | M] (Tracker Software Products Ltd.) - C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
[01/15/2008 02:42 AM | 00,694,040 | ---- | M] (Realtime Soft Ltd) - C:\Program Files\UltraMon\UltraMon.exe
[07/05/2007 04:04 PM | 00,114,688 | ---- | M] (Lenovo ) - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
[01/14/2008 07:24 PM | 00,283,136 | ---- | M] (Realtime Soft Ltd) - C:\Program Files\UltraMon\UltraMonTaskbar.exe

===== Win32 Services - Non-Microsoft Only =====

(AcPrfMgrSvc) Ac Profile Manager Service [Auto | Running]
[07/05/2007 04:05 PM | 00,065,536 | ---- | M] (Lenovo ) - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

(acs) Atheros Configuration Service [Auto | Running]
[04/06/2007 10:25 AM | 00,364,628 | ---- | M] (Atheros) - C:\WINDOWS\system32\acs.exe

(AcSvc) Access Connections Main Service [Auto | Running]
[07/05/2007 04:03 PM | 00,184,320 | ---- | M] (Lenovo ) - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

(Autodesk Licensing Service) Autodesk Licensing Service [On_Demand | Stopped]
[04/16/2008 01:46 PM | 00,085,096 | ---- | M] (Autodesk) - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

(CentennialClientAgent) CentennialClientAgent [Auto | Running]
[11/10/2005 03:56 PM | 00,774,144 | ---- | M] (Centennial Software Limited ) - C:\CENTENN.IAL\AUDIT\cagent32.exe

(CentennialIPTransferAgent) CentennialIPTransferAgent [Auto | Running]
[11/10/2005 04:01 PM | 00,073,728 | ---- | M] (Centennial Software Limited ) - C:\CENTENN.IAL\AUDIT\xferwan.exe

(Diskeeper) Diskeeper [Auto | Running]
[05/24/2006 12:08 AM | 00,622,700 | ---- | M] (Diskeeper Corporation) - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

(IBMPMSVC) ThinkPad PM Service [Auto | Running]
[06/01/2007 02:02 AM | 00,036,400 | ---- | M] (Lenovo) - C:\WINDOWS\system32\ibmpmsvc.exe

(IPSSVC) IPS Core Service [Auto | Running]
[08/16/2006 01:07 PM | 00,073,728 | ---- | M] (Lenovo Group Limited) - C:\WINDOWS\system32\IPSSVC.EXE

(IviRegMgr) IviRegMgr [Auto | Running]
[01/04/2007 08:48 PM | 00,112,152 | R— | M] (InterVideo) - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

(Multi-user Cleanup Service) Multi-user Cleanup Service [Auto | Running]
[03/28/2005 09:49 AM | 00,057,393 | ---- | M] (IBM Corp) - C:\Program Files\lotus\notes\ntmulti.exe

(PsaSrv) IBM PSA Access Driver Control [On_Demand | Stopped]
File not found - C:\WINDOWS\system32\PsaSrv.exe

(SUService) System Update [Auto | Running]
[04/29/2008 03:43 PM | 00,032,768 | ---- | M] (Lenovo Group Limited) - c:\Program Files\Lenovo\System Update\SUService.exe

(ThinkVantage Registry Monitor Service) ThinkVantage Registry Monitor Service [Auto | Running]
[09/26/2007 06:34 PM | 00,644,408 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Auto | Running]
[09/28/2007 05:29 PM | 00,037,424 | ---- | M] (Lenovo.) - C:\WINDOWS\system32\TPHDEXLG.exe

(TpKmpSVC) IBM KCU Service [Auto | Running]
[06/07/2005 12:26 AM | 00,032,768 | ---- | M] () - C:\WINDOWS\system32\TpKmpSvc.exe

(TSSCoreService) TSS Core Service [Auto | Running]
[07/14/2006 08:42 PM | 00,723,712 | ---- | M] (IBM) - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

(TVT Backup Service) TVT Backup Service [Auto | Running]
[07/14/2006 09:01 PM | 01,974,272 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

(TVT Scheduler) TVT Scheduler [Auto | Running]
[04/16/2008 01:00 PM | 01,122,304 | ---- | M] (Lenovo Group Limited) - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

(tvtnetwk) tvtnetwk [Auto | Running]
[07/14/2006 06:52 PM | 00,045,056 | ---- | M] () - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

(WinVNC4) VNC Server Version 4 [Auto | Running]
[06/15/2004 05:29 PM | 00,380,928 | ---- | M] (RealVNC Ltd.) - C:\Program Files\RealVNC\VNC4\winvnc4.exe

===== Driver Services - Non-Microsoft Only =====

(AR5416) Atheros AR5008 Wireless Network Adapter Service [On_Demand | Running]
[04/03/2008 05:03 AM | 01,333,152 | ---- | M] (Atheros Communications, Inc.) - C:\WINDOWS\system32\drivers\athw.sys

(atmeltpm) atmeltpm [On_Demand | Running]
[05/17/2005 01:20 PM | 00,015,872 | ---- | M] (Atmel, Inc.) - C:\WINDOWS\system32\drivers\atmeltpm.sys

(catchme) catchme [On_Demand | Stopped]
File not found - C:\ComboFix\catchme.sys

(CdProbe) CdProbe [On_Demand | Stopped]
[11/15/2007 10:53 PM | 00,009,248 | ---- | M] (Centennial Software Limited ) - C:\WINDOWS\system32\drivers\CDProbe.SYS

(DNE) Deterministic Network Enhancer Miniport [On_Demand | Running]
[01/09/2002 05:10 PM | 00,128,380 | ---- | M] (Deterministic Networks, Inc.) - C:\WINDOWS\system32\drivers\dne2000.sys

(IBMPMDRV) IBMPMDRV [On_Demand | Running]
[06/01/2007 02:01 AM | 00,021,424 | ---- | M] (Lenovo.) - C:\WINDOWS\system32\drivers\ibmpmdrv.sys

(IBMTPCHK) IBMTPCHK [System | Running]
[04/02/2007 12:24 PM | 00,004,224 | ---- | M] () - C:\WINDOWS\system32\drivers\IBMBLDID.sys

(Iviaspi) IVI ASPI Shell [On_Demand | Running]
[09/11/2003 02:36 AM | 00,021,060 | ---- | M] (InterVideo, Inc.) - C:\WINDOWS\system32\drivers\iviaspi.sys

(lknuhst) Linksys Network USB Host Controller [On_Demand | Running]
[02/14/2007 11:26 AM | 00,012,032 | ---- | M] (SerComm) - C:\WINDOWS\system32\drivers\lknuhst.sys

(LKNUHUB) Linksys Network USB Root Hub [On_Demand | Running]
[10/18/2006 06:32 PM | 00,037,248 | ---- | M] (SerComm) - C:\WINDOWS\system32\drivers\lknuhub.sys

(Machnm32) Machnm32 Driver [Auto | Running]
[08/13/2003 03:27 AM | 00,002,304 | ---- | M] () - C:\WINDOWS\system32\Machnm32.sys

(mraid35x) mraid35x [Disabled | Stopped]
[08/17/2001 04:52 PM | 00,017,280 | ---- | M] (American Megatrends Inc.) - C:\WINDOWS\system32\drivers\mraid35x.sys

(MREMPR5) MREMPR5 NDIS Protocol Driver [On_Demand | Stopped]
[03/11/2007 05:37 PM | 00,019,345 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MREMPR5.sys

(MRENDIS5) MRENDIS5 NDIS Protocol Driver [On_Demand | Stopped]
[03/11/2007 05:37 PM | 00,018,003 | ---- | M] (Motive, Inc.) - C:\Program Files\Common Files\Motive\MRENDIS5.sys

(PcdrNdisuio) PCDRNDISUIO Usermode I/O Protocol [On_Demand | Stopped]
File not found - C:\WINDOWS\System32\DRIVERS\pcdrndisuio.sys

(PrivateDisk) PrivateDisk [Auto | Running]
[03/13/2006 07:05 PM | 00,058,368 | R— | M] (Utimaco Safeware AG) - C:\Program Files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys

(PROCDD) IPS Helper Driver [Auto | Running]
[08/16/2006 01:07 PM | 00,005,120 | ---- | M] (Lenovo Group Limited) - C:\WINDOWS\system32\drivers\PROCDD.SYS

(psadd) Lenovo Parties Service Access Device Driver [On_Demand | Running]
[02/19/2007 01:56 AM | 00,021,376 | ---- | M] (Lenovo (United States) Inc.) - C:\WINDOWS\system32\drivers\psadd.sys

(PTDCBus) PANTECH PC Card Composite Device Driver (UDP) [On_Demand | Stopped]
[04/01/2007 06:45 AM | 00,027,520 | ---- | M] (DEVGURU Co,LTD.) - C:\WINDOWS\system32\drivers\PTDCBus.sys

(PTDCMdm) PANTECH PC Card Drivers (UDP) [On_Demand | Stopped]
[04/01/2007 06:45 AM | 00,041,728 | ---- | M] (DEVGURU Co,LTD.) - C:\WINDOWS\system32\drivers\PTDCMdm.sys

(PTDCVsp) PANTECH PC Card Diagnostic Serial Port (UDP) [On_Demand | Stopped]
[04/01/2007 06:45 AM | 00,039,808 | ---- | M] (DEVGURU Co,LTD.) - C:\WINDOWS\system32\drivers\PTDCVsp.sys

(Shockprf) Shockprf [Boot | Running]
[09/28/2007 05:29 PM | 00,103,472 | ---- | M] (Lenovo.) - C:\WINDOWS\system32\drivers\ApsX86.sys

(smihlp2) SMI Helper Driver (smihlp2) [Auto | Running]
[08/14/2007 04:46 PM | 00,010,896 | ---- | M] (UPEK Inc.) - C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys

(Sparrow) Sparrow [Disabled | Stopped]
[08/17/2001 05:07 PM | 00,019,072 | ---- | M] (Adaptec, Inc.) - C:\WINDOWS\system32\drivers\sparrow.sys

(SynTP) Synaptics TouchPad Driver [On_Demand | Running]
[08/11/2007 01:25 AM | 00,177,664 | ---- | M] (Synaptics, Inc.) - C:\WINDOWS\system32\drivers\SynTP.sys

(tbhsd) Tunebite High-Speed Dubbing [On_Demand | Stopped]
[12/11/2007 10:52 AM | 00,026,784 | ---- | M] (RapidSolution Software AG) - C:\WINDOWS\system32\drivers\tbhsd.sys

(TcUsb) TC USB Kernel Driver [On_Demand | Running]
[08/14/2007 04:25 PM | 00,047,376 | ---- | M] (UPEK Inc.) - C:\WINDOWS\system32\drivers\tcusb.sys

(TDSMAPI) TDSMAPI [System | Running]
[10/02/2006 02:55 AM | 00,009,343 | ---- | M] () - C:\WINDOWS\system32\drivers\TDSMAPI.SYS

(TPDIGIMN) TPDIGIMN [Boot | Running]
[09/28/2007 05:28 PM | 00,019,504 | ---- | M] (Lenovo.) - C:\WINDOWS\system32\drivers\ApsHM86.sys

(TPPWRIF) TPPWRIF [System | Running]
[12/07/2007 02:22 AM | 00,004,442 | ---- | M] () - C:\WINDOWS\system32\drivers\TPPWRIF.SYS

(TSMAPIP) TSMAPIP [System | Running]
[07/20/2006 01:54 PM | 00,007,168 | ---- | M] () - C:\WINDOWS\system32\drivers\TSMAPIP.SYS

(tvtfilter) tvtfilter [Auto | Running]
[07/14/2006 08:27 PM | 00,012,544 | ---- | M] (Lenovo) - C:\WINDOWS\system32\drivers\tvtfilter.sys

(TVTPktFilter) TVT Packet Filter Service [On_Demand | Running]
[07/14/2006 08:03 PM | 00,017,664 | ---- | M] (Lenovo Group Limited) - C:\WINDOWS\system32\drivers\tvtpktfilter.sys

(UltraMonMirror) UltraMonMirror [On_Demand | Running]
[09/24/2006 08:23 PM | 00,003,584 | ---- | M] (Realtime Soft) - C:\WINDOWS\system32\drivers\UltraMonMirror.sys

(UltraMonUtility) UltraMon Utility Driver [Auto | Running]
[09/24/2006 08:22 PM | 00,011,776 | ---- | M] (Realtime Soft) - C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys

(vsdatant) vsdatant [On_Demand | Running]
[07/12/2002 07:40 PM | 00,141,752 | ---- | M] (Zone Labs Inc.) - C:\WINDOWS\system32\vsdatant.sys

(WSIMD) wsimd Service [On_Demand | Running]
[05/14/2007 01:21 PM | 00,057,216 | ---- | M] (Atheros Communications, Inc.) - C:\WINDOWS\system32\drivers\wsimd.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Acrobat Assistant 7.0” = “C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe” [04/23/2008 02:08 AM | 00,483,328 | ---- | M] (Adobe Systems Inc.)
“ACTray” = C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [07/05/2007 03:58 PM | 00,413,696 | ---- | M] (Lenovo )
“ACWLIcon” = C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [07/05/2007 03:51 PM | 00,126,976 | ---- | M] (Lenovo )
“AMSG” = C:\Program Files\ThinkVantage\AMSG\Amsg.exe [11/14/2005 02:23 AM | 00,487,424 | ---- | M] (LENOVO)
“AppleSyncNotifier” = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.)
“AwaySch” = C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [08/16/2006 01:07 PM | 00,069,632 | ---- | M] (Lenovo Group Limited)
“BLOG” = rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog [12/07/2007 02:22 AM | 00,208,896 | ---- | M] ()
“BrMfcWnd” = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [02/19/2008 08:22 AM | 01,089,536 | R— | M] (Brother Industries, Ltd.)
“Client Access Service” = “C:\Program Files\IBM\Client Access\cwbsvstr.exe” [12/04/2006 08:40 AM | 00,020,531 | ---- | M] (IBM Corporation)
“ControlCenter3” = C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [12/21/2007 05:57 PM | 00,086,016 | ---- | M] (Brother Industries, Ltd.)
“cssauth” = “C:\Program Files\Lenovo\Client Security Solution\cssauth.exe” silent [07/14/2006 09:13 PM | 02,341,632 | ---- | M] (Lenovo Group Limited)
“Discovery User Input” = C:\Discovery\User Input\userin32.exe [11/10/2005 03:58 PM | 00,212,992 | ---- | M] (Centennial Software Limited )
“DiskeeperSystray” = “C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe” [05/18/2006 07:24 PM | 00,196,696 | ---- | M] (Diskeeper Corporation)
“DLA” = C:\WINDOWS\System32\DLA\DLACTRLW.EXE [02/02/2006 08:20 AM | 00,122,940 | ---- | M] (Sonic Solutions)
“EPSON Stylus CX7800 Series” = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P26 “EPSON Stylus CX7800 Series” /O6 “USB002” /M “Stylus CX7800” [04/07/2005 04:00 AM | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
“EPSON Stylus CX7800 Series (Copy 1)” = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAFA.EXE /P35 “EPSON Stylus CX7800 Series (Copy 1)” /O6 “USB002” /M “Stylus CX7800” [04/07/2005 04:00 AM | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
“EZEJMNAP” = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [02/23/2006 01:22 PM | 00,237,568 | ---- | M] (Lenovo Group Limited)
“IBM Warranty Notification” = “C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro” [03/12/2004 07:24 PM | 00,106,496 | ---- | M] (IBM Corporation)
“IndexSearch” = “C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe” [10/11/2007 07:01 PM | 00,046,368 | ---- | M] (Nuance Communications, Inc.)
“ISUSPM Startup” = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [07/27/2004 07:50 PM | 00,221,184 | ---- | M] (InstallShield Software Corporation)
“ISUSScheduler” = “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start [02/16/2005 04:15 PM | 00,081,920 | ---- | M] (InstallShield Software Corporation)
“iTunesHelper” = “C:\Program Files\iTunes\iTunesHelper.exe” [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.)
“LPManager” = C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe [07/04/2006 12:11 PM | 00,110,592 | ---- | M] (Lenovo Group Limited)
“OfficeScanNT Monitor” = “C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe” -HideWindow [02/07/2006 04:16 PM | 00,356,352 | ---- | M] (Trend Micro Inc.)
“PaperPort PTD” = “C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe” [10/11/2007 07:03 PM | 00,029,984 | ---- | M] (Nuance Communications, Inc.)
“PDService.exe” = “C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe” [03/13/2006 07:38 PM | 00,041,472 | R— | M] (Utimaco Safeware AG)
“PPort11reminder” = “C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe” -r “C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini” [08/31/2007 09:01 AM | 00,328,992 | ---- | M] (Nuance Communications, Inc.)
“PWRMGRTR” = rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor [12/07/2007 02:22 AM | 00,200,704 | ---- | M] (Lenovo Group Limited)
“QuickTime Task” = “C:\Program Files\QuickTime\QTTask.exe” -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.)
“SoundMAXPnP” = C:\Program Files\Analog Devices\Core\smax4pnp.exe [05/20/2005 10:11 AM | 00,925,696 | ---- | M] (Analog Devices, Inc.)
“SSBkgdUpdate” = “C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe” -Embedding -boot [10/25/2006 09:03 AM | 00,210,472 | ---- | M] (Nuance Communications, Inc.)
“StartCCC” = “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [11/10/2006 01:35 PM | 00,090,112 | ---- | M] ()
“SunJavaUpdateSched” = “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
“SynTPEnh” = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [08/11/2007 01:30 AM | 00,512,000 | ---- | M] (Synaptics, Inc.)
“SynTPLpr” = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [08/11/2007 01:30 AM | 00,110,592 | ---- | M] (Synaptics, Inc.)
“TP4EX” = tp4ex.exe [10/17/2005 04:11 AM | 00,065,536 | ---- | M] (Lenovo Group Limited)
“TPHOTKEY” = C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [03/09/2007 03:49 PM | 00,066,176 | ---- | M] (Lenovo Group Limited)
“TPKMAPHELPER” = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper [06/03/2006 01:00 AM | 00,856,064 | ---- | M] (Lenovo)
“TpShocks” = TpShocks.exe [09/28/2007 02:28 PM | 00,181,544 | ---- | M] (Lenovo.)
“TVT Scheduler Proxy” = C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [03/04/2008 10:34 AM | 00,487,424 | ---- | M] (Lenovo Group Limited)
“Verizon_McciTrayApp” = C:\Program Files\Verizon\McciTrayApp.exe [03/11/2007 05:37 PM | 00,936,960 | ---- | M] (Motive Communications, Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“load” = Reg Error: Value load does not exist or could not be read.
“run” = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“pdfSaver3” = “C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe” [08/10/2004 10:45 AM | 00,380,928 | ---- | M] (Tracker Software Products Ltd.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“load” = Reg Error: Value load does not exist or could not be read.
“run” = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“load” = Reg Error: Value load does not exist or could not be read.
“run” = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“load” = Reg Error: Value load does not exist or could not be read.
“run” = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“load” =
“run” = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“load” =
“run” = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-860435787-757077814-314601362-1627\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“pdfSaver3” = “C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe” [08/10/2004 10:45 AM | 00,380,928 | ---- | M] (Tracker Software Products Ltd.)

[HKEY_USERS\S-1-5-21-860435787-757077814-314601362-1627\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“load” = Reg Error: Value load does not exist or could not be read.
“run” = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[08/18/2008 07:48 AM | 00,025,214 | R— | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe
[10/23/2006 04:48 AM | 00,040,048 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[10/23/2006 03:01 AM | 00,734,872 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
[05/31/2006 05:51 PM | 00,622,653 | ---- | M] (Broadcom Corporation.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
[10/28/2002 06:59 PM | 01,269,836 | ---- | M] (Cisco Systems, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
[10/29/2003 06:06 AM | 00,024,576 | ---- | M] (BVRP Software) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
[02/25/2008 04:47 PM | 00,099,832 | ---- | M] (Real Vision Software, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RVIUpdate.lnk = C:\RVI\RVIUPDATE.exe
[08/20/2008 07:17 AM | 00,029,310 | R— | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk = C:\WINDOWS\Installer{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

[lmeyers Startup Folder - C:\Documents and Settings\lmeyers\Start Menu\Programs\Startup]
[07/17/2007 12:13 PM | 00,049,152 | ---- | M] (ATI Technologies Inc.) - C:\Documents and Settings\lmeyers\Start Menu\Programs\Startup\CCC.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
File not found - C:\Documents and Settings\lmeyers\Start Menu\Programs\Startup\S&S Office.lnk = C:\Documents and Settings\lmeyers\Application Data\Realtime Soft\UltraMon\3.0.0\Profiles\S&S Office.ump

[SS Startup Folder - C:\Documents and Settings\SS\Start Menu\Programs\Startup]

[syoung Startup Folder - C:\Documents and Settings\syoung\Start Menu\Programs\Startup]

========== BHO’s ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

========== Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
“{47833539-D0C5-4125-9FA8-0819E2EAAC93}”
HKLM CLSID: (Adobe PDF) - [12/18/2006 05:18 AM | 00,231,160 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{47833539-D0C5-4125-9FA8-0819E2EAAC93}”
HKLM CLSID: (Adobe PDF) - [12/18/2006 05:18 AM | 00,231,160 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

[HKEY_USERS\S-1-5-21-860435787-757077814-314601362-1627\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{47833539-D0C5-4125-9FA8-0819E2EAAC93}”
HKLM CLSID: (Adobe PDF) - [12/18/2006 05:18 AM | 00,231,160 | ---- | M] (Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

========== AppInit_Dlls ==========

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell]
= Explorer.exe

Explorer.exe - [04/13/2008 08:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit]
= C:\WINDOWS\system32\userinit.exe,

C:\WINDOWS\system32\userinit.exe - [04/13/2008 08:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL]
= vrlogon.dll

vrlogon.dll - [08/14/2007 04:56 PM | 00,615,936 | ---- | M] (UPEK Inc.) C:\WINDOWS\system32\vrlogon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost]
= logonui.exe

logonui.exe - [04/13/2008 08:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VMApplet]
= rundll32 shell32,Control_RunDLL “sysdm.cpl”

rundll32 shell32 - [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
Control_RunDLL “sysdm.cpl” - [04/13/2008 08:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User’s Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
“DllName” = C:\WINDOWS\system32\ati2evxx.dll [01/03/2008 01:44 PM | 00,122,880 | ---- | M] (ATI Technologies Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AwayNotify]
“DllName” = C:\Program Files\Lenovo\AwayTask\AwayNotify.dll [08/16/2006 01:07 PM | 00,049,152 | ---- | M] (Lenovo Group Limited)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
“DllName” = C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [09/06/2006 05:37 PM | 00,034,344 | ---- | M] ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
“DllName” = C:\Program Files\Lenovo\HOTKEY\tphklock.dll [12/14/2006 12:06 PM | 00,028,672 | ---- | M] ()

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
“NoDriveAutoRun” = 67108863
“NoDriveTypeAutoRun” = 255
“NoDrives” = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
“dontdisplaylastusername” = 0
“legalnoticecaption” =
“legalnoticetext” =
“shutdownwithoutlogon” = 1
“undockwithoutlogon” = 1
“DisableRegistryTools” = 0
“HideLegacyLogonScripts” = 0
“HideLogoffScripts” = 0
“RunLogonScriptSync” = 1
“RunStartupScriptSync” = 0
“HideStartupScripts” = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
“NoDriveTypeAutoRun” = 145
“NoDrives” = 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
“HideLegacyLogonScripts” = 0
“HideLogoffScripts” = 0
“RunLogonScriptSync” = 1
“RunStartupScriptSync” = 0
“HideStartupScripts” = 0

[HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
“NoDriveTypeAutoRun” = 145

[HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
“NoDriveTypeAutoRun” = 145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
“NoDriveTypeAutoRun” = 145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
“NoDriveTypeAutoRun” = 145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!

[HKEY_USERS\S-1-5-21-860435787-757077814-314601362-1627\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
“NoDriveTypeAutoRun” = 145
“NoDrives” = 0

[HKEY_USERS\S-1-5-21-860435787-757077814-314601362-1627\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

[HKEY_USERS\S-1-5-21-860435787-757077814-314601362-1627\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
“HideLegacyLogonScripts” = 0
“HideLogoffScripts” = 0
“RunLogonScriptSync” = 1
“RunStartupScriptSync” = 0
“HideStartupScripts” = 0

========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
“FriendlyName” = “My Current Home Page”
“Source” = “About:Home”
“SubscribedURL” = “About:Home”

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
“AlternateShell” = cmd.exe

========== Disabled MsConfig Items ==========
Unable to open key or key not present!

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
“AutoRun” = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT
[04/30/2006 03:13 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

Autosave
[04/10/2008 03:15 PM | —D | M] C:\Autosave [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{0350cc78-e927-11dc-91f7-001c262095e2}\Shell]
“” = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{353588a5-c5c4-11dc-91b3-001c262095e2}\Shell]
“” = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{371cfd44-d31f-11dc-91c2-001a6bcd47c7}\Shell]
“” = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{8c38d828-b493-11dc-919c-001a6bcd47c7}\Shell]
“” = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{9e371c25-bf83-11dc-91a4-001c262095e2}\Shell]
“” = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{bf444768-1e8f-11dd-9249-001c262095e2}\Shell]
“” = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{eaf0e256-3645-11dd-9265-001c262095e2}\Shell]
“” = None

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2{ffac7d56-5ccb-11dd-929a-001c262095e2}\Shell]
“” = None

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters{44C61121-95BF-4F01-BC80-F60C1AF2E802}]
Servers: | Description: 11a/b/g/n Wireless LAN Mini-PCI Express Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters{8EC78028-A574-45A3-AF74-4917FE45EDDA}]
Servers: | Description: Intel(R) PRO/1000 PL Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters{FE63DCA9-CF3E-46E3-8C33-B3B5B60587F0}]
Servers: | Description:

========== Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries…
127.0.0.1 localhost

========== Files/Folders - Created Within 30 days ==========

[08/07/2008 10:52 AM | 00,713,354 | ---- | C] () - C:\G201-R00.pdf
[08/07/2008 11:06 AM | 00,000,000 | ---- | C] () - C:\G303-R0A.pdf
[08/17/2008 07:49 PM | -H-D | C] - C:\BJPrinter
[08/29/2008 02:27 PM | —D | C] - C:\QooBox
[08/29/2008 04:23 PM | 21,458,32960 | -HS- | C] () - C:\hiberfil.sys
[08/31/2008 01:22 PM | -HSD | C] - C:\Config.Msi
[08/31/2008 02:50 PM | -HSD | C] - C:\RECYCLER
[08/31/2008 08:07 AM | —D | C] - C:\ComboFix
[08/17/2008 07:49 PM | 00,007,680 | ---- | C] () - C:\WINDOWS\System32\CNMVS5y.DLL
[08/17/2008 07:49 PM | 00,086,016 | ---- | C] (CANON INC.) - C:\WINDOWS\System32\CNMCP5y.exe
[08/17/2008 07:49 PM | 00,116,736 | ---- | C] (CANON INC.) - C:\WINDOWS\System32\CNMLM5y.DLL
[1 C:\WINDOWS*.tmp files]
[08/29/2008 02:27 PM | 00,028,672 | ---- | C] (NirSoft) - C:\WINDOWS\Nircmd.exe
[08/29/2008 02:27 PM | 00,049,152 | ---- | C] () - C:\WINDOWS\VFind.exe
[08/29/2008 02:27 PM | 00,068,096 | ---- | C] () - C:\WINDOWS\zip.exe
[08/29/2008 02:27 PM | 00,080,412 | ---- | C] () - C:\WINDOWS\grep.exe
[08/29/2008 02:27 PM | 00,089,504 | ---- | C] (Smallfrogs Studio) - C:\WINDOWS\fdsv.exe
[08/29/2008 02:27 PM | 00,098,816 | ---- | C] () - C:\WINDOWS\sed.exe
[08/29/2008 02:27 PM | 00,136,704 | ---- | C] (SteelWerX) - C:\WINDOWS\swsc.exe
[08/29/2008 02:27 PM | 00,161,792 | ---- | C] (SteelWerX) - C:\WINDOWS\swreg.exe
[08/29/2008 02:27 PM | 00,212,480 | ---- | C] (SteelWerX) - C:\WINDOWS\swxcacls.exe
[08/29/2008 02:28 PM | —D | C] - C:\WINDOWS\erdnt
[08/29/2008 03:52 PM | —D | C] - C:\WINDOWS\temp
[09/03/2008 07:18 AM | —D | C] - C:\WINDOWS\LastGood
[08/31/2008 01:27 PM | 00,000,284 | ---- | C] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/29/2008 02:15 PM | —D | C] - C:\Documents and Settings\All Users\Application Data\PC Tools
[08/20/2008 08:24 AM | 00,741,643 | ---- | C] () - C:\Documents and Settings\lmeyers\My Documents\0904680301-Layout1.pdf
[08/29/2008 02:40 PM | —D | C] - C:\Documents and Settings\lmeyers\My Documents\IBM
[08/31/2008 07:49 AM | —D | C] - C:\Documents and Settings\lmeyers\My Documents\Access Connections
[08/26/2008 07:05 PM | 00,001,609 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/26/2008 07:11 PM | 00,000,800 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08/26/2008 07:11 PM | 00,000,800 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[08/15/2008 08:15 AM | 01,704,518 | ---- | C] () - C:\Documents and Settings\lmeyers\Desktop\untitled.bmp
[08/16/2008 12:32 PM | —D | C] - C:\Documents and Settings\lmeyers\Desktop\VXworkskiller
[08/26/2008 07:08 PM | 19,153,264 | ---- | C] () - C:\Documents and Settings\lmeyers\Desktop\aaw2008.exe
[08/26/2008 09:03 AM | 00,027,136 | ---- | C] () - C:\Documents and Settings\lmeyers\Desktop\MMPA silo schedule.xls
[08/26/2008 10:11 PM | 00,168,592 | ---- | C] () - C:\Documents and Settings\lmeyers\Desktop\FxVMonde.exe
[08/26/2008 10:16 AM | 07,499,056 | ---- | C] (Mozilla) - C:\Documents and Settings\lmeyers\Desktop\Firefox Setup 3.0.1.exe
[08/27/2008 07:36 PM | 13,559,336 | ---- | C] (PC Tools ) - C:\Documents and Settings\lmeyers\Desktop\sdsetup.exe
[08/28/2008 12:11 PM | 04,378,375 | ---- | C] () - C:\Documents and Settings\lmeyers\Desktop\SHAMBAUGH.zip
[08/29/2008 02:26 PM | 02,840,693 | R— | C] () - C:\Documents and Settings\lmeyers\Desktop\ComboFix.exe
[08/31/2008 08:28 AM | 00,001,741 | ---- | C] () - C:\Documents and Settings\lmeyers\Desktop\HijackThis.lnk
[09/02/2008 01:23 PM | 02,928,600 | ---- | C] (Piriform Ltd) - C:\Documents and Settings\lmeyers\Desktop\ccsetup211.exe
[09/02/2008 01:25 PM | 00,001,555 | ---- | C] () - C:\Documents and Settings\lmeyers\Desktop\CCleaner.lnk
[09/02/2008 11:09 AM | 14,080,870 | ---- | C] () - C:\Documents and Settings\lmeyers\Desktop\Walker-SiloTanks-Exempt.pdf
[09/03/2008 07:55 AM | 00,034,304 | ---- | C] () - C:\Documents and Settings\lmeyers\Desktop\20070304 PRFERRED MANUFACTURER LIST 032408.xls
[08/20/2008 07:17 AM | 00,002,299 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[08/20/2008 07:17 AM | —D | C] - C:\Program Files\Common Files\Realtime Soft
[08/18/2008 02:30 PM | —D | C] - C:\Program Files\CCleaner
[08/20/2008 07:17 AM | —D | C] - C:\Program Files\UltraMon
[08/28/2008 10:04 AM | —D | C] - C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[08/31/2008 01:24 PM | —D | C] - C:\Program Files\Bonjour
[08/31/2008 01:26 PM | —D | C] - C:\Program Files\iPod

========== Files - Modified Within 30 days ==========

[08/07/2008 10:52 AM | 00,713,354 | ---- | M] () - C:\G201-R00.pdf
[08/07/2008 11:06 AM | 00,000,000 | ---- | M] () - C:\G303-R0A.pdf
[09/03/2008 07:16 AM | 21,458,32960 | -HS- | M] () - C:\hiberfil.sys
[08/29/2008 02:37 PM | 00,000,027 | ---- | M] () - C:\WINDOWS\System32\drivers\etc\hosts
[1 C:\WINDOWS\System32*.tmp files]
[08/31/2008 07:39 AM | 00,002,278 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl
[09/02/2008 03:33 PM | 00,522,530 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[09/02/2008 03:34 PM | 00,071,710 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat
[09/02/2008 03:34 PM | 00,442,192 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat
[09/03/2008 07:17 AM | 00,009,970 | ---- | M] () - C:\WINDOWS\System32\PROCDB.INI
[1 C:\WINDOWS*.tmp files]
[08/16/2008 08:11 AM | 00,000,624 | ---- | M] () - C:\WINDOWS\win.ini
[08/27/2008 04:45 PM | 00,007,793 | ---- | M] () - C:\WINDOWS\cfgall.ini
[08/28/2008 11:12 AM | 00,000,371 | ---- | M] () - C:\WINDOWS\wininit.ini
[08/31/2008 08:09 AM | 00,000,227 | ---- | M] () - C:\WINDOWS\system.ini
[09/03/2008 07:16 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/31/2008 01:27 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[09/03/2008 07:16 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[09/03/2008 07:17 AM | 00,000,304 | ---- | M] () - C:\WINDOWS\tasks\PMTask.job
[08/18/2008 01:58 PM | 01,102,706 | -H-- | M] () - C:\Documents and Settings\lmeyers\Local Settings\Application Data\IconCache.db
[09/02/2008 07:06 PM | 00,031,232 | ---- | M] () - C:\Documents and Settings\lmeyers\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/20/2008 08:24 AM | 00,741,643 | ---- | M] () - C:\Documents and Settings\lmeyers\My Documents\0904680301-Layout1.pdf
[08/20/2008 07:17 AM | 00,001,844 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Lotus Notes 6.5.lnk
[08/26/2008 07:05 PM | 00,001,609 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/26/2008 07:11 PM | 00,000,800 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[08/26/2008 07:11 PM | 00,000,800 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[08/15/2008 08:15 AM | 01,704,518 | ---- | M] () - C:\Documents and Settings\lmeyers\Desktop\untitled.bmp
[08/26/2008 07:10 PM | 19,153,264 | ---- | M] () - C:\Documents and Settings\lmeyers\Desktop\aaw2008.exe
[08/26/2008 10:11 PM | 00,168,592 | ---- | M] () - C:\Documents and Settings\lmeyers\Desktop\FxVMonde.exe
[08/26/2008 10:16 AM | 07,499,056 | ---- | M] (Mozilla) - C:\Documents and Settings\lmeyers\Desktop\Firefox Setup 3.0.1.exe
[08/27/2008 07:36 PM | 13,559,336 | ---- | M] (PC Tools ) - C:\Documents and Settings\lmeyers\Desktop\sdsetup.exe
[08/28/2008 10:22 AM | 00,027,136 | ---- | M] () - C:\Documents and Settings\lmeyers\Desktop\MMPA silo schedule.xls
[08/28/2008 12:11 PM | 04,378,375 | ---- | M] () - C:\Documents and Settings\lmeyers\Desktop\SHAMBAUGH.zip
[08/31/2008 08:07 AM | 02,840,693 | R— | M] () - C:\Documents and Settings\lmeyers\Desktop\ComboFix.exe
[08/31/2008 08:28 AM | 00,001,741 | ---- | M] () - C:\Documents and Settings\lmeyers\Desktop\HijackThis.lnk
[09/02/2008 01:24 PM | 02,928,600 | ---- | M] (Piriform Ltd) - C:\Documents and Settings\lmeyers\Desktop\ccsetup211.exe
[09/02/2008 01:25 PM | 00,001,555 | ---- | M] () - C:\Documents and Settings\lmeyers\Desktop\CCleaner.lnk
[09/02/2008 03:48 PM | 14,080,870 | ---- | M] () - C:\Documents and Settings\lmeyers\Desktop\Walker-SiloTanks-Exempt.pdf
[09/03/2008 07:17 AM | 00,002,299 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UltraMon.lnk
[09/03/2008 07:17 AM | 00,002,335 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk

< End of report >

OTViewIt Extras logfile created on: 9/3/2008 10:39:05 AM - Run 2
OTViewIt by OldTimer - Version 1.0.1.8 Folder = C:\Documents and Settings\lmeyers\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.56% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.06% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.71 Gb Total Space | 27.19 Gb Free Space | 31.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
“FirstRunDisabled” = 1
“AntiVirusDisableNotify” = 0
“FirewallDisableNotify” = 0
“UpdatesDisableNotify” = 0
“AntiVirusOverride” = 0
“FirewallOverride” = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
“DisableMonitoring” = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
“DisableMonitoring” = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe” = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

“%windir%\Network Diagnostic\xpnetdiag.exe” = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

“C:\WINDOWS\system32\msiexec.exe” = C:\WINDOWS\system32\msiexec.exe:*:Enabled:Windows® installer
[04/13/2008 08:12 PM | 00,078,848 | ---- | M] (Microsoft Corporation)

“C:\Program Files\iTunes\iTunes.exe” = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

“C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe” = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax
[02/28/2008 04:29 AM | 10,343,712 | ---- | M] (Intuit, Inc.)

“C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe” = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager
[10/22/2007 07:56 PM | 03,597,600 | ---- | M] (Intuit, Inc.)

“C:\Program Files\uTorrent\uTorrent.exe” = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[08/21/2008 02:54 PM | 00,268,592 | ---- | M] (BitTorrent, Inc.)

“C:\Program Files\KIP\Request\kawpdft.exe” = C:\Program Files\KIP\Request\kawpdft.exe:*:Enabled:KIP FT
[01/17/2007 01:46 AM | 00,106,496 | ---- | M] (Polyergic Consulting for KIP America)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe” = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation)

“%windir%\Network Diagnostic\xpnetdiag.exe” = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation)

“C:\Program Files\uTorrent\uTorrent.exe” = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[08/21/2008 02:54 PM | 00,268,592 | ---- | M] (BitTorrent, Inc.)

“C:\Program Files\Brother\Brmfl08g\FAXRX.exe” = C:\Program Files\Brother\Brmfl08g\FAXRX.exe:*:Enabled:FAXRX.EXE
[01/08/2008 04:35 PM | 00,520,192 | ---- | M] ()

“C:\Program Files\Bonjour\mDNSResponder.exe” = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.)

“C:\Program Files\iTunes\iTunes.exe” = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.)

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes<extension>]
.bat [@ = batfile] - “%1” %*
.cmd [@ = cmdfile] - “%1” %*
.com [@ = ComFile] - “%1” %*
.exe [@ = exefile] - “%1” %*
.html [@ = Reg Error: Value does not exist or could not be read.] - File not found - Reg Error: Key does not exist or could not be opened.
.pif [@ = piffile] - “%1” %*
.scr [@ = scrfile] - “%1” /S

========== Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========

========== HKEY_CURRENT_USER Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== HKEY_USERS Protocol Defaults ==========

========== Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
ipp: [HKLM - No CLSID value]
msdaipp: [HKLM - No CLSID value]

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“{01B4AC8E-6D83-44B3-958D-2AFE57BE54DB}” = Brother MFL-Pro Suite MFC-6490CW
“{04566A17-0760-23F1-9295-54705E3B877E}” = Catalyst Control Center Localization Swedish
“{055EE59D-217B-43A7-ABFF-507B966405D8}” = ATI Catalyst Control Center
“{06036425-687F-3894-0641-8EA75FFE609A}” = Catalyst Control Center Localization Italian
“{075473F5-846A-448B-BCB3-104AA1760205}” = RecordNow Data
“{08CA9554-B5FE-4313-938F-D4A417B81175}” = QuickTime
“{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}” = MSXML 6.0 Parser (KB933579)
“{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}” = Security Update for CAPICOM (KB931906)
“{1007F41F-7D69-468E-8017-3849A5A973C2}” = ThinkVantage Technologies Welcome Message
“{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}” = Sonic DLA
“{1297C681-92D7-40EF-93BF-03F66EC5105C}” = ThinkPad EasyEject Utility
“{15095BF3-A3D7-4DDF-B193-3A496881E003}” = Microsoft .NET Framework 3.0
“{1AAE3976-3167-4BDF-B785-00E19C6671A3}” = Lotus Notes 6.5.4
“{1B8A2B9C-4561-E3FC-BAF6-D069710D3620}” = Catalyst Control Center Localization Portuguese
“{1C1BCB70-E3E8-C485-7718-43F2BE420BCC}” = Catalyst Control Center Localization Chinese Standard
“{1C8CE90A-1F62-B5E5-7A1F-ECAEA90C1809}” = Catalyst Control Center Localization Japanese
“{2111B23F-7FDA-4A41-8309-E5A1663CA296}” = ThinkPad Keyboard Customizer Utility
“{2BC2781A-F7F6-452E-95EB-018A522F1B2C}” = PaperPort Image Printer
“{2EA132B6-4796-B2AC-066F-CADD3D8C5256}” = CCC Help German
“{30465B6C-B53F-49A1-9EBA-A3F187AD502E}” = Sonic Update Manager
“{3248F0A8-6813-11D6-A77B-00B0D0150060}” = J2SE Runtime Environment 5.0 Update 6
“{3248F0A8-6813-11D6-A77B-00B0D0160030}” = Java™ 6 Update 3
“{3248F0A8-6813-11D6-A77B-00B0D0160050}” = Java™ 6 Update 5
“{3248F0A8-6813-11D6-A77B-00B0D0160070}” = Java™ 6 Update 7
“{32A64E70-2504-6723-002B-F9C04108A2A1}” = CCC Help Japanese
“{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}” = WebFldrs XP
“{3717BCA3-4114-4674-8D80-BB6DDD72095E}” = RVI PC Imaging 8
“{37477865-A3F1-4772-AD43-AAFC6BCFF99F}” = MSXML 4.0 SP2 (KB927978)
“{3CA92ABE-CAEA-BF05-BF4A-A72CEAD7B4D1}” = Catalyst Control Center Localization Dutch
“{3DE0053C-FD9A-483E-B7C9-B06E4392206E}” = iTunes
“{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}” = ATI HYDRAVISION
“{3F4EC965-28EF-45C3-B063-04B25D4E9679}” = ThinkPad Bluetooth with Enhanced Data Rate Software
“{46A84694-59EC-48F0-964C-7E76E9F8A2ED}” = ThinkVantage Active Protection System
“{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}” = Bonjour
“{48227AEB-DC8E-4A90-A274-0B4A39D699B1}” = Client Security Solution
“{491DD792-AD81-429C-9EB4-86DD3D22E333}” = Windows Communication Foundation
“{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}” = Apple Mobile Device Support
“{5624C000-B109-11D4-9DB4-00E0290FCAC5}” = VPN Client
“{56E5C91F-556C-184D-52F5-C3E501B5EEDD}” = CCC Help Portuguese
“{5783F2D7-6009-0409-0002-0060B0CE6BBA}” = AutoCAD LT 2008 - English
“{58B5C4F4-33FF-71DE-6619-FA04F0BC1482}” = CCC Help Italian
“{621FCD24-4498-4324-A81E-07D331376EDF}” = PixiePack Codec Pack
“{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}” = Sonic Express Labeler
“{69333A04-5134-40A5-A055-9166A7AA1EC8}” =
“{6956856F-B6B3-4BE0-BA0B-8F495BE32033}” = Apple Software Update
“{7299052b-02a4-4627-81f2-1818da5d550d}” = Microsoft Visual C++ 2005 Redistributable
“{7379FDD1-D0ED-4FF2-B168-E246772E731E}” = ccc-Branding
“{7726CF62-7B45-4E6D-9266-615346816BCA}” = Rescue and Recovery
“{796E076A-82F7-4D49-98C8-DEC0C3BC733A}” = Diskeeper Lite
“{7A8FF745-BBC5-482B-88E4-18D3178249A9}” = ScanSoft PaperPort 11
“{7C9AD221-994C-45B2-B46D-26F5735158CF}” = Sony Vegas Pro 8.0
“{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}” = Windows Workflow Foundation
“{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}” = AnswerWorks 4.0 Runtime - English
“{7EB114D8-207F-45AE-BABD-1669715F2630}” = ThinkVantage Access Connections
“{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}” = InterVideo WinDVD Creator 3
“{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}” = ThinkPad UltraNav Wizard
“{83E5061B-A69A-46AD-A780-1DA6569FF283}” = Rescue and Recovery Critical Patch for Windows Update (KB917422)
“{8675339C-128C-44DD-83BF-0A5D6ABD8297}” = System Update
“{888A411C-430C-217C-4433-3C9D28385AF2}” = Catalyst Control Center Localization French
“{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}” = Microsoft Silverlight
“{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}” = Adobe Flash Player 9 ActiveX
“{90110409-6000-11D3-8CFE-0150048383C9}” = Microsoft Office Professional Edition 2003
“{90120000-0010-0409-0000-0000000FF1CE}” = Microsoft Software Update for Web Folders (English) 12
“{90120000-001F-0409-0000-0000000FF1CE}” = Microsoft Office Proof (English) 2007
“{90120000-001F-0409-0000-0000000FF1CE}PRJSTD{3EC77D26-799B-4CD8-914F-C1565E796173}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)
“{90120000-001F-040C-0000-0000000FF1CE}” = Microsoft Office Proof (French) 2007
“{90120000-001F-040C-0000-0000000FF1CE}PRJSTD{430971B1-C31E-45DA-81E0-72C095BAB72C}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)
“{90120000-001F-0C0A-0000-0000000FF1CE}” = Microsoft Office Proof (Spanish) 2007
“{90120000-001F-0C0A-0000-0000000FF1CE}PRJSTD{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)
“{90120000-002C-0409-0000-0000000FF1CE}” = Microsoft Office Proofing (English) 2007
“{90120000-003A-0000-0000-0000000FF1CE}” = Microsoft Office Project Standard 2007
“{90120000-003A-0000-0000-0000000FF1CE}PRJSTD{A420F522-7395-4872-9882-C591B4B92278}” = Update for Office 2007 (KB946691)
“{90120000-003A-0000-0000-0000000FF1CE}PRJSTD{C1877F6E-C1C8-486D-A697-86431029690C}” = Microsoft Office Project 2007 Service Pack 1 (SP1)
“{90120000-006E-0409-0000-0000000FF1CE}” = Microsoft Office Shared MUI (English) 2007
“{90120000-006E-0409-0000-0000000FF1CE}PRJSTD{FAD8A83E-9BAC-4179-9268-A35948034D85}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)
“{90120000-00B4-0409-0000-0000000FF1CE}” = Microsoft Office Project MUI (English) 2007
“{90120000-00B4-0409-0000-0000000FF1CE}PRJSTD{75EC8FFC-B913-4991-B3A1-22576D2FC45D}” = Microsoft Office Project 2007 Service Pack 1 (SP1)
“{90120000-0115-0409-0000-0000000FF1CE}” = Microsoft Office Shared Setup Metadata MUI (English) 2007
“{90120000-0115-0409-0000-0000000FF1CE}PRJSTD{FAD8A83E-9BAC-4179-9268-A35948034D85}” = 2007 Microsoft Office Suite Service Pack 1 (SP1)
“{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}” = InterVideo WinDVD
“{92D42AFF-ADC3-7465-3893-00DF5FB4546E}” = ccc-core-static
“{93C6E5F6-DD2F-4984-97BC-3AD0A67977C7}” = HP Designjet 4000 series
“{947BC4E5-F21D-8C14-98A0-54AF74B64E87}” = ccc-utility
“{986F64DC-FF15-449D-998F-EE3BCEC6666A}” = Help Center
“{9A211ECF-1D7B-F6FA-C0D4-1EEC07003F0C}” = CCC Help Chinese Traditional
“{9A346205-EA92-4406-B1AB-50379DA3F057}” = Autodesk DWF Viewer 7
“{9EA84FDD-CCC0-47FD-A993-923165BEA47A}” = System Migration Assistant
“{9ED59DA3-5667-7D3D-008C-68DCC4AC3AD4}” = CCC Help Dutch
“{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}” = ThinkPad 11a/b/g/n Wireless LAN Mini-PCI Express Adapter
“{9FD77787-15D1-E12E-4D69-1CFAE467E77D}” = Catalyst Control Center Localization Spanish
“{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}” = ThinkPad Power Manager
“{A1D50D4D-0327-1E09-E392-EB1278121B3B}” = CCC Help Chinese Standard
“{A2289997-10A3-48F2-AA03-99180D761661}” = ThinkVantage Fingerprint Software 5.6
“{AB708C9B-97C8-4AC9-899B-DBF226AC9382}” = RecordNow Audio
“{AC76BA86-1033-0000-7760-100000000002}” = Adobe Acrobat 7.0 Professional
“{AC76BA86-7AD7-1033-7B44-A80000000002}” = Adobe Reader 8
“{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}” = UltraMon

“{AF28A7B4-F86B-2708-43D8-19F9220C7946}” = CCC Help French
“{B12665F4-4E93-4AB4-B7FC-37053B524629}” = RecordNow Copy
“{B334D9AE-1393-423E-97C0-3BDC3360E692}” = Sonic Icons for Lenovo
“{B508B3F1-A24A-32C0-B310-85786919EF28}” = Microsoft .NET Framework 2.0 Service Pack 1
“{B6108EB8-1C29-FC8A-55E7-BC5044460DB0}” = Catalyst Control Center Core Implementation
“{B686BEB9-6D2A-C2E4-26BB-F52F066B8AA9}” = Catalyst Control Center Localization Korean
“{BAF78226-3200-4DB4-BE33-4D922A799840}” = Windows Presentation Foundation
“{BB17F8F8-926A-1ED0-7354-3644C407C21E}” = ccc-core-preinstall
“{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}” = Adobe Flash Player 9 ActiveX
“{BB9882D2-EF12-7393-1F5F-4EA44C461ED6}” = CCC Help Swedish
“{BBE9CD7B-E894-477F-B5A1-D642D672C713}” = Catalyst Control Center - Branding
“{BD608B39-EB7A-A8F8-3BA8-94A1013A758E}” = Catalyst Control Center Graphics Full Existing
“{C0333997-7B38-416D-B69B-206CC24A9F7C}” = KIP Request 6
“{C04E32E0-0416-434D-AFB9-6969D703A9EF}” = MSXML 4.0 SP2 (KB936181)
“{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}” = XP Themes
“{C5C6E763-C360-11D3-9426-0060089CDD83}” = SEQUEL ViewPoint
“{C5C7FBB0-3EEE-D531-0C2A-D0330193528B}” = Catalyst Control Center Localization German
“{C6FA39A7-26B1-480A-BC74-6D17531AC222}” = Access Help
“{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}” = Microsoft .NET Framework 1.1
“{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}” = ThinkVantage Productivity Center
“{CF91B514-70EF-F45F-56A8-D366C6D84504}” = CCC Help English
“{D0D1EF04-A961-27B9-EAB5-D646F541B0CD}” = Skins
“{D23B2191-2414-974B-FCFE-5DA8A3E27C6C}” = CCC Help Korean
“{D26979FD-F093-C21D-D805-43043BCF8BE3}” = Catalyst Control Center Graphics Full New
“{D728E945-256D-4477-B377-6BBA693714AC}” = Productivity Center Supplement for ThinkPad
“{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}” = Wallpapers
“{DC474FD1-1AEF-6518-5572-F8649F2FDC07}” = Catalyst Control Center Graphics Light
“{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}” = Ad-Aware
“{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}” = Message Center
“{E84BC7F3-69AF-4682-A9C4-ACB065DAD6D6}” = Ecat
“{EA664480-3844-11D5-8C25-444553540000}” = TrackPoint Accessibility Features
“{F036C12B-0FC5-C0E1-DDF5-BDA24AF467D4}” = CCC Help Spanish
“{F0A37341-D692-11D4-A984-009027EC0A9C}” = SoundMAX
“{F18DB86D-BC16-4E01-BCCE-63F62B931D82}” = InterVideo Register Manager
“{F1FC34F1-572D-2681-58B9-796311E3013F}” = Catalyst Control Center Localization Chinese Traditional
“{FA9695CC-BFC6-4E17-8DFC-150EB43DD7E6}” = MySQL Connector/ODBC 3.51
“{FC081D4D-DF1B-4CF1-B530-027E4118D846}” = ThinkPad Configuration
“Adobe Acrobat 7.0 Professional - V” = Adobe Acrobat 7.1.0 Professional
“Adobe Flash Player ActiveX” = Adobe Flash Player ActiveX
“Adobe Flash Player Plugin” = Adobe Flash Player Plugin
“All ATI Software” = ATI - Software Uninstall Utility
“ATI Display Driver” = ATI Display Driver
“AutoCAD LT 2008 - English” = AutoCAD LT 2008 - English
“AwayTask” = ThinkVantage Away Manager
“CANONBJ_Deinstall_CNMCP5y.DLL” = Canon PIXMA iP1500
“CCleaner” = CCleaner (remove only)
“ClientAccessExpress” = IBM iSeries Access for Windows
“CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588” = ThinkPad Modem
“EPSON Printer and Utilities” = EPSON Printer Software
“exPressit S.E. 2.2” = exPressit S.E. 2.2
“Flash Slideshow Maker Pro” = Flash Slideshow Maker Pro 4.79
“Free Raw Print_is1” = Free Raw Print 1.05
“HijackThis” = HijackThis 2.0.2
“IDNMitigationAPIs” = Microsoft Internationalized Domain Names Mitigation APIs
“ie7” = Windows Internet Explorer 7
“KB888111WXPSP2” = High Definition Audio Driver Package - KB888111
“KB892130” = Windows Genuine Advantage Validation Tool (KB892130)
“KB898458” = Security Update for Step By Step Interactive Training (KB898458)
“KB902344” = Hotfix for Windows Media Format SDK (KB902344)
“KB909520” = Microsoft Base Smart Card Cryptographic Service Provider Package
“KB911564” = Security Update for Windows Media Player (KB911564)
“KB917734_WMP10” = Security Update for Windows Media Player 10 (KB917734)
“KB923689” = Security Update for Windows XP (KB923689)
“KB923723” = Security Update for Step By Step Interactive Training (KB923723)
“KB925398_WMP64” = Security Update for Windows Media Player 6.4 (KB925398)
“KB929399” = Hotfix for Windows Media Format 11 SDK (KB929399)
“KB929969” = Security Update for Windows Internet Explorer 7 (KB929969)
“KB931906” = Security Update for CAPICOM (KB931906)
“KB932471.T301_380ToU433_380” = Hotfix for Microsoft .NET Framework 3.0 (KB932471)
“KB936782_WMP10” = Security Update for Windows Media Player 10 (KB936782)
“KB936782_WMP11” = Security Update for Windows Media Player 11 (KB936782)
“KB937143-IE7” = Security Update for Windows Internet Explorer 7 (KB937143)
“KB938127-IE7” = Security Update for Windows Internet Explorer 7 (KB938127)
“KB939653-IE7” = Security Update for Windows Internet Explorer 7 (KB939653)
“KB939683” = Hotfix for Windows Media Player 11 (KB939683)
“KB941569” = Security Update for Windows XP (KB941569)
“KB942615-IE7” = Security Update for Windows Internet Explorer 7 (KB942615)
“KB944533-IE7” = Security Update for Windows Internet Explorer 7 (KB944533)
“KB946648” = Security Update for Windows XP (KB946648)
“KB947864-IE7” = Hotfix for Windows Internet Explorer 7 (KB947864)
“KB950759-IE7” = Security Update for Windows Internet Explorer 7 (KB950759)
“KB950760” = Security Update for Windows XP (KB950760)
“KB950762” = Security Update for Windows XP (KB950762)
“KB950974” = Security Update for Windows XP (KB950974)
“KB951066” = Security Update for Windows XP (KB951066)
“KB951072-v2” = Update for Windows XP (KB951072-v2)
“KB951376” = Security Update for Windows XP (KB951376)
“KB951376-v2” = Security Update for Windows XP (KB951376-v2)
“KB951698” = Security Update for Windows XP (KB951698)
“KB951748” = Security Update for Windows XP (KB951748)
“KB951978” = Update for Windows XP (KB951978)
“KB952287” = Hotfix for Windows XP (KB952287)
“KB952954” = Security Update for Windows XP (KB952954)
“KB953838-IE7” = Security Update for Windows Internet Explorer 7 (KB953838)
“KB953839” = Security Update for Windows XP (KB953839)
“KLiteCodecPack_is1” = K-Lite Codec Pack 3.8.0 Basic
“M928366” = Microsoft .NET Framework 1.1 Hotfix (KB928366)
“Microsoft .NET Framework 1.1 (1033)” = Microsoft .NET Framework 1.1
“Microsoft .NET Framework 3.0” = Microsoft .NET Framework 3.0
“Mozilla Firefox (3.0.1)” = Mozilla Firefox (3.0.1)
“MSCompPackV1” = Microsoft Compression Client Pack 1.0 for Windows XP
“NLSDownlevelMapping” = Microsoft National Language Support Downlevel APIs
“OfficeScanNT” = Trend Micro OfficeScan Client
“OnScreenDisplay” = On Screen Display
“PC-Doctor 5 for Windows” = PC-Doctor 5 for Windows
“PCMCIAPW” = ThinkPad PC Card Power Policy
“PDF-XChange 3_is1” = PDF-XChange 3.0
“Picasa2” = Picasa 2
“Power Management Driver” = ThinkPad Power Management Driver
“Presentation Director” = ThinkPad Presentation Director
“PRJSTD” = Microsoft Office Project Standard 2007
“PROSet” = Intel(R) PRO Network Connections Drivers
“PUMP-FLO” = PUMP-FLO
“RealVNC_is1” = VNC 4.0
“Remove Multimedia Center” = Remove Multimedia Center
“ShockwaveFlash” = Macromedia Flash Player 8
“SynTPDeinstKey” = ThinkPad UltraNav Driver
“ThinkPad FullScreen Magnifier” = ThinkPad FullScreen Magnifier
“TurboTax Deluxe 2007” = TurboTax Deluxe 2007
“Verizon Online Help and Support” = Verizon Online Help and Support
“WGA” = Windows Genuine Advantage Validation Tool (KB892130)
“WIC” = Windows Imaging Component
“Windows Media Format Runtime” = Windows Media Format 11 runtime
“Windows Media Player” = Windows Media Player 11
“Windows XP Service Pack” = Windows XP Service Pack 3
“WinRAR archiver” = WinRAR archiver
“WinZip” = WinZip
“WMCSetup” = Windows Media Connect
“WMFDist11” = Windows Media Format 11 runtime
“wmp11” = Windows Media Player 11
“Wudf01000” = Microsoft User-Mode Driver Framework Feature Pack 1.0
“XpsEPSC” = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“uTorrent” = µTorrent

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-860435787-757077814-314601362-1627\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
“uTorrent” = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/2/2008 11:01:16 PM - Computer Name = 339-23448 - User Name = User SID not found - Source = AutoEnrollment
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 9/2/2008 11:02:08 PM - Computer Name = 339-23448 - User Name = User SID not found - Source = Application Error
Description = Faulting application lpmgr.exe, version 1.0.0.1, faulting module mfc42u.dll,
version 6.2.8071.0, fault address 0x0000dd27.

Error - 9/3/2008 12:54:14 AM - Computer Name = 339-23448 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 9/3/2008 12:54:16 AM - Computer Name = 339-23448 - User Name = User SID not found - Source = AutoEnrollment
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 9/3/2008 12:54:49 AM - Computer Name = 339-23448 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 9/3/2008 12:55:36 AM - Computer Name = 339-23448 - User Name = User SID not found - Source = Application Error
Description = Faulting application lpmgr.exe, version 1.0.0.1, faulting module mfc42u.dll,
version 6.2.8071.0, fault address 0x0000dd27.

Error - 9/3/2008 11:16:37 AM - Computer Name = 339-23448 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 9/3/2008 11:16:37 AM - Computer Name = 339-23448 - User Name = User SID not found - Source = AutoEnrollment
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 9/3/2008 11:16:44 AM - Computer Name = 339-23448 - User Name = NT AUTHORITY\SYSTEM - Source = Userenv
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 9/3/2008 11:17:17 AM - Computer Name = 339-23448 - User Name = User SID not found - Source = Application Error
Description = Faulting application lpmgr.exe, version 1.0.0.1, faulting module mfc42u.dll,
version 6.2.8071.0, fault address 0x0000dd27.

[ Internet Explorer Events ]

[ ODiag Events ]

[ OSession Events ]

[ Security Events ]

[ System Events ]
Error - 8/19/2008 11:34:26 AM - Computer Name = 339-23448 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2008 11:35:50 AM - Computer Name = 339-23448 - User Name = NT AUTHORITY\SYSTEM - Source = Print
Description = Printer Send To OneNote 2007 failed to initialize because a suitable
Send To Microsoft OneNote Driver driver could not be found.

Error - 8/19/2008 11:37:28 AM - Computer Name = 339-23448 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2008 11:52:31 AM - Computer Name = 339-23448 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2008 1:02:50 PM - Computer Name = 339-23448 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2008 1:12:30 PM - Computer Name = 339-23448 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2008 1:24:10 PM - Computer Name = 339-23448 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2008 1:39:12 PM - Computer Name = 339-23448 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2008 2:09:12 PM - Computer Name = 339-23448 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 8/19/2008 2:39:04 PM - Computer Name = 339-23448 - User Name = User SID not found - Source = W32Time
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

< End of report >

Nice and big but I can see nothing untoward there in all the usual bad places. It might be that you just need a clean up after the attack

Please download ATF Cleaner by Atribune.
This program is for XP, Vista and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Then defragment your disk… Also do you have indexer on ?

glad you had a peek essexboy

after the clean up
and answering essexboy’s question (s)
I’d
defrag
set a new restore point

have you run secunia software inspector?