Email event

Hi There,
This morning when I was opening subfolder in my Outlook my computer began to make a consistent 'dingind' sound like when doing a backspace in a window that wont accept it (I hope that makes sense!). At the same time, Outlook basically took on a life of its own. It started scrolling through all my emails. When I opened the windows of the two emails that I was in the middle of writing, they were being deleted before my eyes as if someone was holding down the backspace button. I could open and close different windows, but there was no way to stop it. I unplugged the router and closed Outlook and eventually it stopped.

I did a virus scan with my Avast and it found two trojans that I put in the chest. Forgive me, I'm relatively computer illiterate and cant seem to find what their names are/were.

Nothing seems to be wrong with the system now. I did all the updates asked of me prior to posting and am just looking to see if there was anything I should do to make sure I am actually clean. It was very 'Hollywood moviesque' to see that happening before my eyes. My fear is that I dont know the extent of the damage, if any, and if there is still a virus present.

Thanks very much in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:24 AM, on 19/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_tray.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Chris\Downloads\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: WinAVI FLVSense - {E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [TPFNF7] "C:\Program Files (x86)\Lenovo\NPDIRECT\TPFNF7SP.exe" /r
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~2\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~2\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files (x86)\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [wanActivate] "C:\Program Files (x86)\lenovo\ActivateWan\WanActivate.exe" -check
O4 - HKLM\..\Run: [ACTray] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWlIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~2\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [LaerdalUpdateAgent] C:\Program Files (x86)\Laerdal Sophus\UpdateAgent\LaerdalUpdateAgent.exe "lang:C:\Program Files (x86)\Laerdal Sophus\UpdateAgent\en"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe

O8 - Extra context menu item: &Download FLV by WinAVI... - C:\Program Files (x86)\WinAVI FLV Converter\flv_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll
O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll
O13 - Gopher Prefix:
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files (x86)\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Intel PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98f998b14e360) (gupdate1c98f998b14e360) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Unknown owner - C:\Windows\system32\IPSSVC.EXE (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - C:\Users\Chris\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files (x86)\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 19106 bytes

Download OTViewIt to your desktop.

• Close all windows and open it
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up called OTViewIt.txt, the other will be saved on your desktop and called Extras.txt. Just post OTViewIt.txt, I don't need to see Extras.txt
  
• You may need to use more than one post to get it all on the forum.
  

The program stops responding when it is "Scanning service: AEADFilters..."

I tried it twice, and it would not get past this hang up.

OTViewIt logfile created on: 19/03/2009 1:30:55 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Chris\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.98 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 37.31% Memory free
4.00 Gb Paging File | 2.88 Gb Available in Paging File | 71.98% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 141.65 Gb Total Space | 30.77 Gb Free Space | 21.72% Space Free | Partition Type: NTFS
Drive D: | 148.92 Gb Total Space | 68.89 Gb Free Space | 46.26% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 0.56 Gb Free Space | 7.50% Space Free | Partition Type: FAT32
Drive F: | 149.01 Gb Total Space | 85.14 Gb Free Space | 57.13% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 298.02 Gb Total Space | 203.15 Gb Free Space | 68.17% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: CHRIS-CTOMS
Current User Name: Chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2008/10/24 13:32:46 | 00,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
[2008/10/27 12:01:18 | 00,116,000 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
[2008/01/19 01:33:32 | 00,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\svchost.exe
[2009/02/15 12:16:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2008/11/20 12:30:02 | 00,066,848 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
[2007/08/24 15:52:46 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
[2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
[2007/08/09 12:40:54 | 00,779,576 | ---- | M] (IBM) -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
[2007/01/08 22:03:26 | 00,569,344 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe
[2007/01/08 22:01:46 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
[2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
[2008/10/27 12:01:20 | 00,238,880 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe
[2007/01/08 21:49:46 | 00,022,016 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\Logger\logmon.exe
[2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe
[2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008/10/27 11:28:06 | 00,565,248 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
[2007/08/24 15:52:38 | 01,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
[2008/09/30 17:37:28 | 00,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
[2008/03/24 15:41:22 | 00,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
[2008/10/24 16:29:38 | 00,128,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
[2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
[2007/11/29 12:04:00 | 00,059,168 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\NPDIRECT\tpfnf7sp.exe
[2006/11/02 03:45:37 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rundll32.exe
[2006/11/03 19:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files (x86)\Digital Line Detect\DLG.exe
[2007/03/28 11:32:00 | 00,243,248 | ---- | M] (Lenovo Group Ltd.) -- C:\Program Files (x86)\ThinkPad\Utilities\EZEJMNAP.EXE
[2008/03/04 10:34:20 | 00,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[2008/10/02 10:23:16 | 00,546,288 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
[2008/09/01 04:02:00 | 00,165,208 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
[2007/03/13 11:05:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe
[2009/01/15 12:15:08 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
[2008/10/27 12:01:22 | 00,431,392 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe
[2008/10/27 12:01:26 | 00,148,768 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWLIcon.exe
[2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2008/10/14 22:38:56 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2008/03/01 23:22:00 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
[2007/08/24 15:52:42 | 00,240,112 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
[2007/08/14 03:44:38 | 00,113,136 | ---- | M] () -- C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
[2007/05/17 17:35:28 | 00,053,248 | ---- | M] (HP) -- C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
[2006/12/10 21:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
[2006/06/14 14:20:06 | 00,036,864 | ---- | M] ( ) -- C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
[2007/07/09 14:40:30 | 01,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
[2008/09/01 04:02:00 | 00,124,248 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
[2009/03/11 13:52:26 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
[2007/08/24 15:52:02 | 00,018,928 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
[2008/03/05 12:13:53 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2009/03/11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
[2008/01/19 01:33:04 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
[2007/08/09 13:28:28 | 01,049,912 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_tray.exe
[2008/11/20 12:30:30 | 00,472,352 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMUIAux.EXE
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe
[2008/05/26 23:18:16 | 00,184,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchProtocolHost.exe
[2009/03/19 13:30:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTViewIt(2).exe

========== (O23) Win32 Services ==========

[2008/10/27 12:01:18 | 00,116,000 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc [Auto | Running])
[2008/10/27 12:01:20 | 00,238,880 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc [Auto | Running])
[2008/03/03 22:09:22 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
File not found -- -- (AEADIFilters [Auto | Running])
[2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
[2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/27 12:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
[2007/06/18 19:38:14 | 00,626,796 | ---- | M] (Diskeeper Corporation) -- C:\Program Files (x86)\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Stopped])
File not found -- -- (DPS [Unknown | Running])
[2008/08/20 18:16:10 | 01,449,984 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2008/03/05 12:13:53 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2008/06/19 19:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Running])
File not found -- -- (gpsvc [Unknown | Running])
[2009/02/15 12:16:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c98f998b14e360 [Auto | Stopped])
File not found -- -- (IBMPMSVC [Auto | Running])
[2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2009/03/11 13:52:22 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
File not found -- -- (IPSSVC [Auto | Running])
[2007/01/04 21:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2006/11/02 03:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Running])
[2006/11/02 07:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/19 01:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/06/19 19:16:54 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (nvsvc [Auto | Running])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/19 01:33:19 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2008/11/20 12:30:02 | 00,066,848 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service [Auto | Running])
[2008/08/20 17:39:28 | 00,826,368 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/08/24 15:53:14 | 00,072,176 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10 [On_Demand | Stopped])
[2007/01/12 04:33:14 | 00,057,344 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/08/24 15:53:16 | 00,362,992 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10 [Auto | Stopped])
[2007/01/12 04:32:48 | 00,294,912 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/08/24 15:52:48 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10 [Auto | Stopped])
[2007/08/24 15:52:38 | 01,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10 [On_Demand | Running])
[2007/04/22 15:01:18 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/08/24 15:52:46 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10 [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2008/01/19 01:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
File not found -- -- (SessionLauncher [Auto | Stopped])
[2007/02/10 11:03:26 | 00,156,016 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
[2007/05/30 10:26:26 | 00,073,728 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008/10/20 11:36:40 | 00,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService [Auto | Running])
[2007/09/26 17:34:46 | 00,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service [Auto | Running])
File not found -- -- (TPHDEXLGSVC [Auto | Running])
[2008/10/24 13:32:46 | 00,058,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC [Auto | Running])
[2007/08/09 12:40:54 | 00,779,576 | ---- | M] (IBM) -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe -- (TSSCoreService [Auto | Running])
[2007/01/08 22:03:26 | 00,569,344 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service [Auto | Running])
[2007/01/08 22:01:46 | 00,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service [Auto | Running])
[2008/03/04 10:34:12 | 01,122,304 | ---- | M] (Lenovo Group Limited) -- c:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler [Auto | Running])
[2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2006/11/02 00:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2006/11/02 00:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2008/01/19 02:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
[2008/05/26 23:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])
File not found -- -- (XAudioService [Auto | Running])

========== Driver Services ==========

File not found -- -- (ADIHdAudAddService [On_Demand | Running])
[2008/01/19 02:12:01 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/19 02:11:40 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/19 02:10:01 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/19 02:11:12 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2009/02/01 14:17:43 | 00,010,664 | ---- | M] () -- C:\Windows\AegisP.cat -- (AegisP [Auto | Running])
[2008/03/01 23:31:53 | 00,018,488 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/19 02:09:34 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Disabled | Stopped])
[2008/01/19 02:09:37 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- -- (aswFsBlk [Auto | Running])
File not found -- -- (aswMonFlt [Auto | Running])
File not found -- -- (aswRdr [System | Running])
File not found -- -- (aswSP [System | Running])
File not found -- -- (aswTdi [System | Running])
[2006/09/18 15:30:15 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/09/18 15:30:15 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
File not found -- -- (CAXHWAZL [On_Demand | Running])
[2008/03/01 23:31:52 | 00,020,536 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/01/16 11:27:26 | 00,000,000 | ---D | M] -- C:\Windows\CSC -- (CSC [System | Running])
File not found -- -- (DLABMFSE [Auto | Running])
File not found -- -- (DLABOIOE [Auto | Running])
File not found -- -- (DLACDBHE [System | Running])
File not found -- -- (DLADResE [Auto | Running])
File not found -- -- (DLAIFS_E [Auto | Running])
File not found -- -- (DLAOPIOE [Auto | Running])
File not found -- -- (DLAPoolE [Auto | Running])
File not found -- -- (DLARTL_E [System | Running])
File not found -- -- (DLAUDFAE [Auto | Running])
File not found -- -- (DLAUDF_E [Auto | Running])
File not found -- -- (DRVECDB [Boot | Running])
File not found -- -- (DRVEDDM [Auto | Running])
[2008/01/05 05:22:48 | 00,317,952 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1e3e.inf_31bf3856ad364e35_6.0.6001.18000_none_be74415a049dfa61\e1e6032e.sys -- (e1express [On_Demand | Running])
[2008/01/05 05:22:47 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 02:11:53 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Disabled | Stopped])
File not found -- -- (GEARAspiWDM [On_Demand | Running])
[2008/01/19 02:08:42 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
File not found -- -- (HPFXBULK [On_Demand | Running])
[2006/09/18 15:38:12 | 00,286,720 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\WinSxS\amd64_mdmcxhv6.inf_31bf3856ad364e35_6.0.6001.18000_none_0673f8918ab7629e\VSTAZL6.SYS -- (HSFHWAZL [On_Demand | Stopped])
File not found -- -- (HSF_DPV [On_Demand | Running])
File not found -- -- (iaStor [Boot | Running])
[2008/01/19 02:11:31 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Disabled | Stopped])
File not found -- -- (IBMPMDRV [On_Demand | Running])
File not found -- -- (lenovo.smi [System | Running])
[2008/01/19 02:09:57 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/19 02:09:48 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/19 02:09:56 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2006/06/18 23:26:00 | 00,094,208 | ---- | M] (Conexant) -- C:\Windows\System32\mdmxsdk.dll -- (mdmxsdk [Auto | Running])
[2008/01/19 02:08:18 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/16 11:10:56 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
File not found -- -- (NETw5v64 [On_Demand | Running])
[2008/01/19 00:36:12 | 00,036,352 | ---- | M] (National Semiconductor Corporation) -- C:\Windows\WinSxS\amd64_irnsc.inf_31bf3856ad364e35_6.0.6001.18000_none_f2f03ee32d5dd396\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])
[2006/10/13 21:04:34 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/19 02:10:12 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/19 02:08:50 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Disabled | Stopped])
File not found -- -- (PROCDD [Auto | Running])
[2007/05/26 01:27:28 | 00,011,199 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\psadd.cat -- (psadd [On_Demand | Running])
File not found -- -- (PxHlpa64 [Boot | Running])
[2008/01/19 02:12:10 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Disabled | Stopped])
File not found -- -- (rimmptsk [Auto | Running])
File not found -- -- (rimsptsk [Auto | Running])
File not found -- -- (rismxdp [Auto | Running])
[2007/08/18 03:09:04 | 00,065,520 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter [System | Stopped])
[2006/09/29 17:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
File not found -- -- (Shockprf [Boot | Running])
[2008/01/19 02:09:28 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
[2008/11/21 01:11:54 | 00,013,840 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys -- (smihlp2 [Auto | Running])
File not found -- -- (SWMX01 [On_Demand | Running])
File not found -- -- (SWNC5E01 [On_Demand | Running])
File not found -- -- (SynTP [On_Demand | Running])
[2006/09/18 15:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
File not found -- -- (TcUsb [On_Demand | Running])
File not found -- -- (TPDIGIMN [Boot | Running])
[2006/09/18 15:44:13 | 00,144,862 | ---- | M] () -- C:\Windows\System32\tpm.msc -- (TPM [On_Demand | Running])
[2007/12/06 11:11:00 | 00,013,104 | ---- | M] () -- C:\Windows\System32\drivers\TPPWR64V.SYS -- (TPPWRIF [System | Running])
File not found -- -- (tvtfilter [Auto | Running])
[2007/05/26 01:27:24 | 00,012,070 | ---- | M] () -- C:\Program Files (x86)\Common Files\Lenovo\tvti2c.cat -- (TVTI2C [On_Demand | Running])
[2008/01/19 02:11:28 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 05:51:19 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/03/01 23:31:53 | 00,020,536 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 02:10:22 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Disabled | Stopped])
File not found -- -- (winachsf [On_Demand | Running])
[2008/01/19 01:36:56 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll -- (WINUSB [On_Demand | Stopped])
File not found -- -- (XAudio [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://lenovo.live.com
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Secondary Start Pages"=
"Start Page"=http://lenovo.live.com
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E8DF67A1-B618-4F3F-9E7C-CBE175ADEF5B} (HKLM) -- C:\Program Files (x86)\WinAVI FLV Converter\FLVTune.dll (ZJMedia)
{F040E541-A427-4CF7-85D8-75E3E0F476C5} (HKLM) -- C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"ACTray"=C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo)
"ACWLIcon"=C:\Program Files (x86)\ThinkPad\ConnectUtilities\ACWlIcon.exe (Lenovo)
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"BLOG"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog ()
"DiskeeperSystray"="C:\Program Files (x86)\Diskeeper Corporation\Diskeeper\DkIcon.exe" (Diskeeper Corporation)
"DMXLauncher"="C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe" ()
"EZEJMNAP"=C:\PROGRA~2\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Ltd.)
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"HPUsageTracking"="C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" ( )
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" (Apple Inc.)
"LPMailChecker"=C:\PROGRA~2\THINKV~1\PrdCtr\LPMLCHK.exe (Lenovo Group Limited)
"LPManager"=C:\PROGRA~2\THINKV~1\PrdCtr\LPMGR.exe (Lenovo Group Limited)
"PWMTRV"=rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor (Lenovo Group Limited)
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RoxioDragToDisc"="C:\Program Files (x86)\Lenovo2\Drag-to-Disc\DrgToDsc.exe" (Roxio)
"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" (Sonic Solutions)
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"TkBellExe"="C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"ToolBoxFX"="C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on (HP)
"TPFNF7"="C:\Program Files (x86)\Lenovo\NPDIRECT\TPFNF7SP.exe" /r (Lenovo Group Limited)
"TVT Scheduler Proxy"=C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
"wanActivate"="C:\Program Files (x86)\lenovo\ActivateWan\WanActivate.exe" -check ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"LaerdalUpdateAgent"=C:\Program Files (x86)\Laerdal Sophus\UpdateAgent\LaerdalUpdateAgent.exe -- [2005/09/27 12:27:42 | 01,376,364 | ---- | M] (Laerdal)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"DisableCAD"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Download FLV by WinAVI...: C:\Program Files (x86)\WinAVI FLV Converter\flv_link.htm [2008/03/14 14:36:05 | 00,002,090 | ---- | M] ()
Append to existing PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 23:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE File not found
Send image to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm [2007/01/23 14:57:50 | 00,001,199 | ---- | M] ()
Send page to &Bluetooth Device...: C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2007/01/23 14:57:52 | 00,002,758 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{0045D4BC-5189-4b67-969C-83BB1906C421}: Menu: ThinkVantage Password Manager... -- %ProgramFiles%\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007/08/09 13:28:32 | 00,869,688 | ---- | M] (Lenovo Group Limited)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 02:20:58 | 00,606,288 | ---- | M] (Microsoft Corporation)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}: Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}: Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223 -- %SystemRoot%\WindowsMobile\INetRepl.dll [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: Send To Bluetooth -- %SystemDrive%\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2007/01/23 14:57:52 | 00,002,758 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: Send to &Bluetooth Device... -- %SystemDrive%\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm [2007/01/23 14:57:52 | 00,002,758 | ---- | M] ()
{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC}: Button: WinAVI FLV Manager -- %ProgramFiles%\WinAVI FLV Converter\FLVTune.dll [2008/01/28 04:59:08 | 00,114,688 | ---- | M] (ZJMedia)
{DE365254-2F9B-4908-9E3A-7AAA6EC90BCC}: Menu: WinAVI FLV Manager -- %ProgramFiles%\WinAVI FLV Converter\FLVTune.dll [2008/01/28 04:59:08 | 00,114,688 | ---- | M] (ZJMedia)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [Send To Bluetooth] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab -- Java Plug-in 1.6.0_11

========== (O17) DNS Name Servers ==========

{1E272493-AF83-47F7-9DD6-740B9FEBE9A2} (Servers: | Description: Intel(R) 82566MM Gigabit Network Connection)
{283915EA-4ECE-4413-8C18-54F673B02732} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{5D4C5D9A-5272-450A-B4A4-D3AE00F5DEFC} (Servers: | Description: )
{984AEBEA-0B50-4C76-8FA4-E01FB5270A80} (Servers: | Description: Intel(R) Wireless WiFi Link 4965AGN)
{BE665D44-D99A-46EE-A829-5653C31510BD} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{E7DFD5C7-554E-4B71-A53B-5EBB1E2822EB} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)
{EE80CC40-79EA-476D-82E2-818D4CE25F16} (Servers: | Description: )
{F443B826-768A-42F0-AE23-07E21FB7C8B7} (Servers: | Description: Microsoft Windows Mobile Remote Adapter)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 01:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 01:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

autorun []
[2007/05/21 09:01:06 | 00,000,000 | ---D | M] -- F:\autorun -- [ FAT32 ]

autorun.inf [[autorun] | ICON=AUTORUN\WDLOGO.ICO | ]
[2005/11/15 11:08:04 | 00,000,036 | -H-- | M] () -- F:\autorun.inf -- [ FAT32 ]

autorun.inf [[autorun] | open=WDSetup.exe | ICON=AUTORUN\WDLOGO.ICO | ]
[2008/02/25 10:34:30 | 00,000,054 | -H-- | M] () -- H:\autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3525e34f-a662-11dd-bdf1-00a0d5ffff85}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3525e34f-a662-11dd-bdf1-00a0d5ffff85}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ecb88d4-3b59-11dd-b373-00a0d5ffff85}\Shell\AutoRun\command]
""=C:\Windows\System32\shell32.dll -- [2008/11/06 07:14:25 | 11,580,928 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ecb88d4-3b59-11dd-b373-00a0d5ffff85}\Shell\Open(&0)\command]
""=Recycled\ctfmon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7347e995-1af6-11dd-b87e-00a0d5fffe85}\Shell\AutoRun\command]
""=WDSetup.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6db7dbb-23f0-11dd-af47-00a0d5fffd85}\Shell\AutoRun\command]
""=C:\Windows\System32\shell32.dll -- [2008/11/06 07:14:25 | 11,580,928 | ---- | M] (Microsoft Corporation)


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6db7dbb-23f0-11dd-af47-00a0d5fffd85}\Shell\Open(&0)\command]
""=Recycled\ctfmon.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command]
""=WDSetup.exe


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\Shell\AutoRun\command]
""=WDSetup.exe

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Users\Chris\Documents\*.tmp files]
[7 C:\Users\Chris\Desktop\*.tmp files]
[2009/03/19 11:08:34 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/19 11:08:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/19 11:08:29 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/19 11:08:28 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/19 11:08:27 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/19 11:08:27 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/19 11:08:08 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/19 11:08:03 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/19 11:01:29 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/19 11:01:06 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/19 11:00:52 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/19 11:00:37 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/19 11:00:27 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/19 10:50:37 | 00,000,914 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2009/03/19 10:50:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2009/03/19 10:49:28 | 00,001,927 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/03/19 10:46:35 | 00,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Adobe Reader 9 Installer
[2009/03/19 10:41:31 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/03/19 10:41:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2009/03/19 10:14:31 | 00,062,976 | ---- | C] () -- C:\Users\Chris\Desktop\Master Consultants Agreement - Abridged 06 09 22.doc
[2009/03/12 08:56:01 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/03/12 08:55:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2009/03/12 08:55:28 | 00,000,000 | ---D | C] -- C:\ProgramData\{CD649BED-8A0E-48BE-B3B6-0F5055BED534}
[2009/03/12 08:55:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009/03/12 08:53:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009/03/11 14:28:01 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/11 11:01:18 | 00,040,273 | ---- | C] () -- C:\Users\Chris\Desktop\Copy of Inventory 2009 (2).xlsx
[2009/03/10 13:35:58 | 08,553,406 | ---- | C] () -- C:\Users\Chris\Desktop\Binder_Master_05Mar09_F.docx
[2009/03/10 13:35:58 | 07,369,037 | ---- | C] () -- C:\Users\Chris\Desktop\Binder_Master_05Mar09.docx
[2009/03/08 14:52:23 | 00,000,000 | ---D | C] -- C:\Users\Chris\Documents\Bluetooth Exchange Folder
[2009/03/06 09:51:21 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2009/03/05 14:32:17 | 00,297,832 | ---- | C] () -- C:\Users\Chris\Desktop\CTOMs_T&E_Form.pdf
[2009/03/03 10:02:19 | 00,000,162 | -H-- | C] () -- C:\Users\Chris\Desktop\~$cumentation.doc
[2009/03/02 20:55:02 | 00,369,138 | ---- | C] () -- C:\Users\Chris\Documents\Ack Form.pdf
[2009/03/01 15:34:54 | 00,271,149 | ---- | C] () -- C:\Users\Chris\Desktop\2009 Price Change Letter.pdf
[2009/02/26 15:11:15 | 00,064,126 | ---- | C] () -- C:\Users\Chris\Desktop\CTOMS_TCCCGuidelines_For Translation.docx
[2009/02/26 12:11:08 | 00,194,983 | ---- | C] () -- C:\Users\Chris\Desktop\Calgary Contract Final.pdf
[2009/02/26 08:18:38 | 00,058,317 | ---- | C] () -- C:\Users\Chris\Desktop\Calgary Contract Final.docx
[2009/02/25 18:25:50 | 00,015,995 | ---- | C] () -- C:\Users\Chris\Desktop\Second Line Recommended Packing List.docx
[2009/02/23 23:27:20 | 00,000,393 | ---- | C] () -- C:\Users\Public\Documents\BluetoothLog.html
[2009/02/23 13:49:17 | 00,245,271 | ---- | C] () -- C:\Users\Chris\Desktop\Second Line Recommended Packing List.pdf
[2009/02/18 12:15:35 | 00,001,864 | ---- | C] () -- C:\Users\Chris\Desktop\Suunto Track Exporter.lnk
[2009/02/18 12:15:35 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Suunto Track Exporter
[2009/02/18 12:13:56 | 00,202,048 | ---- | C] (FTDI Ltd.) -- C:\Windows\System32\ftd2xx.dll
[2009/02/18 12:13:54 | 00,684,377 | ---- | C] () -- C:\Windows\unins000.exe
[2009/02/18 12:13:54 | 00,004,281 | ---- | C] () -- C:\Windows\unins000.dat
[2009/02/18 12:13:54 | 00,000,902 | ---- | C] () -- C:\Users\Chris\Desktop\Suunto Trek Manager.lnk
[2009/02/18 12:13:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Suunto Trek Manager

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[1 C:\Users\Chris\Documents\*.tmp files]
[7 C:\Users\Chris\Desktop\*.tmp files]
[2009/03/19 12:44:31 | 00,002,583 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Office OneNote 2007.lnk
[2009/03/19 11:27:44 | 00,290,959 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/03/19 11:24:58 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/19 11:24:45 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/19 11:22:31 | 00,055,240 | ---- | M] () -- C:\Users\Public\Documents\AcSvc.dmp
[2009/03/19 11:21:55 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/03/19 11:21:00 | 03,276,703 | -H-- | M] () -- C:\Users\Chris\AppData\Local\IconCache.db
[2009/03/19 10:50:37 | 00,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2009/03/19 10:49:28 | 00,001,927 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/03/19 10:14:33 | 00,062,976 | ---- | M] () -- C:\Users\Chris\Desktop\Master Consultants Agreement - Abridged 06 09 22.doc
[2009/03/16 09:26:22 | 00,000,333 | ---- | M] () -- C:\Windows\win.ini
[2009/03/16 09:26:21 | 00,290,959 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/03/12 08:56:01 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/03/11 11:01:18 | 00,040,273 | ---- | M] () -- C:\Users\Chris\Desktop\Copy of Inventory 2009 (2).xlsx
[2009/03/10 10:33:48 | 00,235,008 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 06:06:26 | 07,369,037 | ---- | M] () -- C:\Users\Chris\Desktop\Binder_Master_05Mar09.docx
[2009/03/10 05:57:06 | 08,553,406 | ---- | M] () -- C:\Users\Chris\Desktop\Binder_Master_05Mar09_F.docx
[2009/03/09 17:03:52 | 00,002,188 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps64.dat
[2009/03/08 15:36:27 | 00,000,393 | ---- | M] () -- C:\Users\Public\Documents\BluetoothLog.html
[2009/03/05 14:32:19 | 00,297,832 | ---- | M] () -- C:\Users\Chris\Desktop\CTOMs_T&E_Form.pdf
[2009/03/03 10:02:19 | 00,000,162 | -H-- | M] () -- C:\Users\Chris\Desktop\~$cumentation.doc
[2009/03/02 20:55:02 | 00,369,138 | ---- | M] () -- C:\Users\Chris\Documents\Ack Form.pdf
[2009/03/01 15:34:55 | 00,271,149 | ---- | M] () -- C:\Users\Chris\Desktop\2009 Price Change Letter.pdf
[2009/02/28 18:33:55 | 00,071,168 | ---- | M] () -- C:\Users\Chris\Desktop\Documentation.doc
[2009/02/26 15:11:16 | 00,064,126 | ---- | M] () -- C:\Users\Chris\Desktop\CTOMS_TCCCGuidelines_For Translation.docx
[2009/02/26 12:11:12 | 00,194,983 | ---- | M] () -- C:\Users\Chris\Desktop\Calgary Contract Final.pdf
[2009/02/26 12:10:49 | 00,058,317 | ---- | M] () -- C:\Users\Chris\Desktop\Calgary Contract Final.docx
[2009/02/25 18:25:51 | 00,015,995 | ---- | M] () -- C:\Users\Chris\Desktop\Second Line Recommended Packing List.docx
[2009/02/23 13:49:20 | 00,245,271 | ---- | M] () -- C:\Users\Chris\Desktop\Second Line Recommended Packing List.pdf
[2009/02/18 22:01:25 | 00,013,332 | ---- | M] () -- C:\Users\Chris\Desktop\Pictures_Feb2009.docx
[2009/02/18 12:15:57 | 00,004,281 | ---- | M] () -- C:\Windows\unins000.dat
[2009/02/18 12:15:53 | 00,684,377 | ---- | M] () -- C:\Windows\unins000.exe
[2009/02/18 12:15:35 | 00,001,864 | ---- | M] () -- C:\Users\Chris\Desktop\Suunto Track Exporter.lnk
[2009/02/18 12:13:54 | 00,000,902 | ---- | M] () -- C:\Users\Chris\Desktop\Suunto Trek Manager.lnk
< End of report >

Hello.
There is a number of pdf files sat on your Desktop, do know what these pdf files are?
C:\Users\Chris\Desktop\CTOMs_T&E_Form.pdf
C:\Users\Chris\Documents\Ack Form.pdf
C:\Users\Chris\Desktop\2009 Price Change Letter.pdf

I'm only seeing some mountpoints from a flash drive infection.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5ecb88d4-3b59-11dd-b373-00a0d5ffff85}]
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6db7dbb-23f0-11dd-af47-00a0d5fffd85}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units]
  "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}"=-
  "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}"=-
  "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}"=-
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

I am aware of the PDF files. These are ones I am currently working on. I'll go ahead with your instructions now. Thanks very much for your help.

Says:
"Cannot import C:\Userers\Chris\Desktop\fix.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor."

Hello.
You haven't included this as the TOP line:

Windows Registry Editor Version 5.00

If that line isn't present, registry scripts won't work.

Second time is a charm. Is there anything else I need to do?

I would advice you to follow my next instructions for turning off autoplay, because this is how the infection probably got in judging from the mountpoints set in the registry.

This will stop any windows from opening when you plug in USB or put in a CD, and you'll have to enter the drive manually.
But better safe than sorry.

Let me know if you want to do that.

Yes of course. I dont mind manually opening it the drive every time.

A problem I have with one of my external hard drives is that I cannot 'safely remove' it because it says that it is running an open program, when I have no files open on it. It is plugged in right now, and when I did the scans and logs. Is there a virus on it? Or was it solved with what we just did?

Okay.
Time for another registry script.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7347e995-1af6-11dd-b87e-00a0d5fffe85}]
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3525e34f-a662-11dd-bdf1-00a0d5ffff85}]
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
  [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H]
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "NoDriveTypeAutoRun"=dword:000000FF
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
  "NoDriveTypeAutoRun"=dword:000000FF
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

Ok, all done successfully. Anything else? What exactly just happened?

The first registry script removed a malicious mountpoint for loading a file on the external drive.

The second removes other mountpoints loading wdsetup.exe (legit software for the drive so the drive has the WD icon it shows in My Computer), hopefully that fixes the eject error, then sets a policy in the registry that stops USB/CD from loading with a set instructions.

Wow, excellent. Thanks very much for all your help!!!

No problem.
How's the machine running now?

Note: Becareful what emails you open, it's too easy to fake email addresses nowadays.

I did two restarts. The first one didnt go very smooth and didnt open the sidebar or any of the startup programs. The second one was much better. The external hard drive can be safely removed, so far, but it still doesnt display the WD icon. Its the generic 'unrecognized file type' icon. Any idea how to fix that?

As for email, I am VERY careful of what email I open, and dont have a clue which one may have caused what happened. Any tips for future security? Is the Avast anitvirus good enough? Any recommendations on a better protection system? Thanks again for all your time and help.

Hello.
Turning off autoplay does stop the WD-icon from showing, that's one side effect, but you'll get used to it like I have.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.

Outstanding! Again, thank you so much. What an incredible resource you have been.