csnagyg

Hi, both the wireless and the LAN dapter stopped working in my Lenovo laptop on Sunday and I can not connect to the internet. It did NOT happen after a Windows update. The home network is fine, all other devices are functioning. I tried updating the adapters but Windows says they are up-to-date. I can see my network as available but connection does not happen. The LAN worked for a few hours yesterday when I switched off the firewall in my Avast antivirus but even that is not so any more. Pls help, thanks. Gabor

Hi, OK it worked fine both for Combofix and OTC so I guess we are done? Thanks again!

Hi, the uninstall did not find Combofix and could not uninstall it. I still have an etavaresCF.exe file but its properties say it is from June 4th while you asked me to run it on June 22nd for the last time. Now that I re-read that post of yours from June 22 I think I may have not downloaded a new version of Combofix but just ran what I still had from earlier - I am not sure by now but believe this was the case. I am sorry for missing this piece of the instruction at the time - does it mean I need to download and run it again?

Hi, everything has been running well in the last 3 days, I have not noticed anything wrong or strange. Are we done? Thanks.

Thanks. No, I did not mean to completely remove system restore, I will certainly keep it. I have now set a limit that should allow me to keep more than 40 restore points and I can live with the space required for that. My PC has been doing well in the last 2 days. No erratic behaviour and stand/by started to work again. If it could stay like this and stabilize for a long time I would be happy with it as it is now. The question remains though: what caused the funny things thta I witnessed earlier this week... I do realize that I may never find out exactly :-)

Hi, OK I have done both. The fixit.reg was successfully merged and ESET successfully ran, pls find the log below. The found items are left in quarantine, pls advise what they are and if I should purge them completely, thanks. In addition, I noticed that since the first time I ran Combofix and it made my PC to start creating restore points I have accumulated a total of 66 of them by now and they use up 14 GB of hard drive space. How should I manage this going forward, can I delete the old ones after a while? ESET log: C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\Documents and Settings\Cse\Dokumentumok\Downloads\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined C:\Documents and Settings\Cse\Local Settings\Temp\wO+c2z29.exe.part Win32/Toggle application cleaned by deleting - quarantined C:\Program Files\SoftonicDownloader_for_windvd.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined C:\System Volume Information\_restore{DC4706B7-450E-46FC-B5A9-EBEDB4B4AF89}\RP66\A0014070.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\System Volume Information\_restore{DC4706B7-450E-46FC-B5A9-EBEDB4B4AF89}\RP66\A0014071.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\System Volume Information\_restore{DC4706B7-450E-46FC-B5A9-EBEDB4B4AF89}\RP66\A0014073.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined C:\System Volume Information\_restore{DC4706B7-450E-46FC-B5A9-EBEDB4B4AF89}\RP66\A0014074.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined

Hi, OK I ran it, pls find the log below. However I must add that my computer is behaving really odd... This morning it loaded a completely different Windows view to what I had had before, it looked like it used a restore point from a long time ago (e.g MS Word opened up with a draft of a letter I did not finish in 2008!, also the background picture of the Windows desktop was a world map with the time zones, something I never ever used, the letter and icon sizes were different in all applications, all my previously existing quick start icons in the bottom tray were gone as well as all the cache of the Firefo browser etc.). Strange enough, it did go to standby mode when I pressed Fn-F4... Nevertheless I decided to restart once again and then it loaded normally, as if nothing had happened... however it would again not go into standby mode. As I tried standby mode several times it also happened that after it did not obey this command I wanted to shut it down, it started to log off from Windows and seemed to shut down shortly but in the last second it finally went into standby. Finally, i noticed a Digital line detect folder in my programs which is dated June 14 2012, I do not think I ever saw it before, based on what I found on the net I removed this folder completely. Can you make any sense out of this please, what is happening? Combofix log: ComboFix 12-06-21.03 - Cse 012.06.22. 13:50:55.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3054.1435 [GMT 2:00] Running from: c:\documents and settings\TEMP\Asztal\etavaresCF.exe AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\TEMP\LOCALS~1\Temp\NeroSearchTrayHook_{B6F4D594-3F76-4228-899C-202A3B31D882}.dll c:\documents and settings\TEMP\Local Settings\Temp\NeroSearchTrayHook_{B6F4D594-3F76-4228-899C-202A3B31D882}.dll c:\program files\Combined-Community-Codec-Pack-2011-11-11.exe c:\program files\DTLite4454-0315.exe c:\program files\jxpiinstall-7u4-fcs-bin-b73-windows-i586-31_may_2012.exe c:\windows\msmqinst.log c:\windows\updspapi.log . . ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 ))))))))))))))))))))))))))))))) . . 2012-06-22 12:05 . 2012-06-22 12:05 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2012-06-22 12:05 . 2012-06-22 12:05 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2012-06-22 12:05 . 2012-06-22 12:05 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2012-06-22 12:05 . 2012-06-22 12:05 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2012-06-22 12:05 . 2012-06-22 12:05 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2012-06-22 12:05 . 2012-06-22 12:05 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2012-06-22 12:05 . 2012-06-22 12:05 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2012-06-22 12:05 . 2012-06-22 12:05 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2012-06-22 12:05 . 2012-06-22 12:05 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2012-06-22 12:05 . 2012-06-22 12:05 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2012-06-22 12:05 . 2012-06-22 12:05 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2012-06-22 12:05 . 2012-06-22 12:05 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2012-06-22 12:04 . 2012-06-22 12:04 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2012-06-22 12:04 . 2012-06-22 12:04 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2012-06-22 12:04 . 2012-06-22 12:04 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2012-06-22 12:04 . 2012-06-22 12:04 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2012-06-22 12:04 . 2012-06-22 12:04 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2012-06-22 11:47 . 2012-06-22 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2012-06-15 08:14 . 2012-06-15 08:14 -------- d-----w- c:\program files\HandBrake 2012-06-14 09:33 . 2010-09-22 12:51 91304 ----a-w- c:\windows\system32\drivers\btserial.sys 2012-06-14 09:24 . 2011-12-23 11:32 122128 ----a-w- c:\windows\system32\SynTPCo9.dll 2012-06-14 09:24 . 2011-09-14 17:11 1048576 ----a-w- c:\windows\system32\syndata.bin 2012-06-14 09:22 . 2012-06-14 09:23 -------- d-----w- c:\program files\Digital Line Detect 2012-06-14 09:22 . 2012-06-14 09:22 -------- d-----w- c:\program files\NetWaiting 2012-06-14 09:21 . 2012-06-14 09:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2012-06-14 09:19 . 2010-06-02 12:49 301624 ----a-w- c:\windows\system32\UCI32M57.dll 2012-06-14 08:59 . 2010-09-07 12:09 13680 ----a-w- c:\windows\system32\drivers\smiif32.sys 2012-06-14 08:29 . 2012-06-14 08:29 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-06-14 08:29 . 2012-06-14 08:29 -------- d-----w- c:\program files\DAEMON Tools Lite 2012-06-14 08:25 . 2012-06-14 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis 2012-06-14 08:24 . 2012-06-14 08:24 -------- d-----w- c:\documents and settings\Cse\Corel 2012-06-14 08:24 . 2012-06-14 08:24 -------- d-----w- c:\program files\Common Files\Protexis 2012-06-14 08:24 . 2012-06-14 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2012-06-14 08:23 . 2010-11-16 14:24 13880 ----a-w- c:\windows\system32\drivers\regi.sys 2012-06-14 08:23 . 2012-06-14 08:23 -------- d-----w- c:\program files\Corel 2012-06-14 08:17 . 2012-06-14 08:17 346160 ----a-w- c:\program files\SoftonicDownloader_for_windvd.exe 2012-06-14 08:06 . 2012-06-14 08:06 -------- d-----w- c:\program files\Combined Community Codec Pack 2012-06-14 08:06 . 2012-06-14 08:06 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll 2012-06-14 08:05 . 2012-06-14 08:05 -------- d-----w- c:\program files\Common Files\xing shared 2012-06-14 08:05 . 2012-06-14 08:05 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2012-06-14 08:05 . 2012-06-14 08:05 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll 2012-06-14 06:42 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm 2012-06-14 06:41 . 2012-06-14 06:42 -------- d-----w- c:\program files\XP Codec Pack 2012-06-14 06:36 . 2012-06-14 06:38 11460600 ----a-w- c:\program files\XP-Codec-Pack-2.5.2-beta2.exe 2012-06-14 03:26 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-13 23:28 . 2012-06-13 23:28 -------- d-----w- c:\program files\Secunia 2012-06-13 23:26 . 2012-06-13 23:26 1754456 ----a-w- c:\program files\PSISetup.exe 2012-06-13 23:18 . 2012-06-13 23:18 204496 ----a-w- c:\program files\StartUpLite.exe 2012-06-13 22:48 . 2012-06-13 22:48 -------- d-----w- c:\program files\Oracle 2012-06-13 22:44 . 2012-06-01 15:39 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-13 22:44 . 2012-06-01 15:39 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-13 21:02 . 2012-06-13 21:02 -------- d-----w- c:\program files\Common Files\Apple 2012-06-13 21:01 . 2012-06-13 21:01 -------- d-----w- c:\program files\Apple Software Update 2012-06-13 21:01 . 2012-06-13 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2012-06-13 13:55 . 2012-06-13 13:55 6529156 ----a-w- c:\program files\HandBrake-0.9.3-Win_GUI.exe 2012-06-12 20:26 . 2012-06-12 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2012-06-12 20:26 . 2012-06-12 20:26 -------- d-----w- c:\program files\McAfee Security Scan 2012-06-12 12:59 . 2012-06-15 08:14 6902122 ----a-w- c:\program files\HandBrake-0.9.6-i686-Win_GUI.exe 2012-06-11 07:33 . 2012-06-11 07:33 -------- d-----w- c:\program files\Common Files\Java 2012-06-11 07:32 . 2012-05-04 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-11 07:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-11 07:31 . 2012-06-13 22:46 -------- d-----w- c:\program files\Java 2012-06-06 07:26 . 2012-06-06 07:26 -------- d-----w- c:\program files\Kaspersky Lab 2012-06-06 07:26 . 2012-06-06 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2012-06-01 17:33 . 2012-06-01 17:33 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2012-05-30 11:59 . 2012-05-30 11:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-05-23 15:35 . 2012-05-23 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-14 10:15 . 2009-10-11 20:14 89680 ----a-w- c:\documents and settings\Cse\MSSSerif120.fon 2012-06-14 10:15 . 2009-10-11 20:14 64544 ----a-w- c:\documents and settings\Cse\MSSSerif96.fon 2012-06-14 09:44 . 2009-09-28 15:04 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys 2012-06-14 09:41 . 2009-09-28 14:54 30144 ----a-w- c:\windows\system32\drivers\psadd.sys 2012-06-12 20:31 . 2012-04-03 09:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-12 20:31 . 2011-07-25 23:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 13:19 . 2009-09-28 16:38 23576 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-09-28 16:38 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2009-09-28 16:38 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2009-09-28 15:27 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-09-28 15:27 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-09-28 15:26 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-09-28 16:38 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2009-09-28 15:27 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-09-28 15:27 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-09-28 15:26 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-09-28 16:38 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-09-28 15:27 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-09-28 15:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2009-09-28 20:57 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2009-09-28 20:57 17648 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2008-10-16 12:07 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2009-09-28 15:26 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2009-09-28 15:27 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 14:17 . 2012-05-15 14:17 2130622 ----a-w- c:\program files\freefixersetup.exe 2012-05-15 13:55 . 2009-09-28 15:27 1863168 ------w- c:\windows\system32\win32k.sys 2012-05-14 18:49 . 2012-05-14 18:45 3895848 ----a-w- c:\program files\HPPSdr.exe 2012-05-11 14:44 . 2009-09-28 15:26 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2009-09-28 15:26 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2009-09-28 15:26 385024 ------w- c:\windows\system32\html.iec 2012-05-06 08:03 . 2012-04-14 06:03 4140192 ------w- c:\windows\system32\FlashPlayerInstaller.exe 2012-05-05 03:14 . 2009-09-28 15:27 2149888 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2009-09-28 15:27 2028032 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-04 17:29 . 2010-05-09 07:28 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-04 07:40 . 2012-05-04 07:38 16409960 ------w- c:\program files\spybotsd162.exe 2012-05-03 21:53 . 2012-05-03 21:53 446464 ------w- c:\program files\TFC.exe 2012-05-02 13:47 . 2009-09-28 15:27 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2012-04-18 21:30 . 2012-04-18 21:30 739856 ------w- c:\program files\ChromeSetup.exe 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-04-17 09:11 . 2012-04-17 09:11 2915520 ------w- c:\program files\HPHNDU.exe 2012-04-06 16:32 . 2012-04-06 16:32 1288192 ----a-w- c:\windows\system32\VSFilter.dll 2012-04-06 16:32 . 2012-04-06 16:32 472576 ----a-w- c:\windows\system32\AviSplitter.ax 2012-04-06 16:32 . 2012-04-06 16:32 659456 ----a-w- c:\windows\system32\RealMediaSplitter.ax 2012-04-06 16:32 . 2012-04-06 16:32 548352 ----a-w- c:\windows\system32\MatroskaSplitter.ax 2012-03-30 11:24 . 2012-03-30 11:23 22259528 ------w- c:\program files\vlc-2.0.1-win32.exe 2011-12-08 08:04 . 2011-12-08 08:04 5313141 ------w- c:\program files\install.exe 2011-11-28 22:31 . 2011-11-28 22:31 1107022 ------w- c:\program files\SubtitleWorkshop251.exe 2012-06-18 07:37 . 2012-01-24 16:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "Akamai NetSession Interface"="c:\documents and settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744] "HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-28 68856] "SanDiskSecureAccess_Manager.exe"="c:\documents and settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-10-17 20480] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-10 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2011-12-23 134416] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-23 2321680] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2012-02-27 818240] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2012-02-27 208896] "TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312] "TpShocks"="TpShocks.exe" [2009-12-11 337256] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688] "AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-10-20 191552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568] "LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2011-10-20 101440] "TrayServer"="c:\program files\MAGIX\Movies_on_DVD_7_TerraTec_Edition\TrayServer.exe" [2008-04-09 90112] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-14 296056] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Indítópult\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-9-22 607584] Camera Monitor HD.lnk - c:\program files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-3-29 541976] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-6-14 50688] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-10-17 450560] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-14 20:17 89600 ------w- c:\windows\system32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\aon\\aonInstaller\\Installer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Documents and Settings\\Cse\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\aon\\aonController\\aonController.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Rendszerfelügyeleti webszolgáltatások . R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010.03.08. 18:06 25968] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009.10.09. 13:10 20520] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012.06.14. 10:29 242240] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012.06.14. 10:59 13680] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008.05.09. 5:50 46144] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2009.09.28. 17:27 14336] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011.10.21. 16:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011.10.13. 18:21 249648] R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010.03.08. 18:06 292200] R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012.04.25. 19:53 202296] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011.09.15. 13:06 88576] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009.10.12. 23:19 69632] R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [2012.06.14. 11:14 244800] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2012.06.14. 10:23 13880] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011.10.14. 8:01 399416] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012.05.30. 13:56 3048136] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007.03.14. 22:10 11152] R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [2012.06.14. 10:59 131432] R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2007.03.30. 10:39 142696] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008.05.14. 16:25 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008.05.09. 5:50 253952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012.06.01. 20:04 106656] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007.06.08. 7:36 81280] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006.09.13. 12:42 37312] S2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010.01.31. 10:41 135664] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2009.07.03. 18:47 101736] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012.06.05. 15:17 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012.04.03. 11:48 257224] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2010.03.08. 16:41 1527900] S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010.01.31. 10:41 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011.05.31. 1:03 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010.06.22. 18:01 21248] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011.06.17. 19:33 237008] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012.05.02. 11:00 113120] S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2010.03.02. 23:51 18816] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010.09.01. 10:30 15544] S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2007.03.14. 19:48 116416] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2011.10.14. 8:01 994360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:31] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:41] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:41] . 2012-06-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . 2012-06-22 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-28 23:39] . 2012-06-22 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.index.hu/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = <local>;localhost IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.138 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab FF - ProfilePath - c:\documents and settings\TEMP\Application Data\Mozilla\Firefox\Profiles\1cgvkm9s.default\ . - - - - ORPHANS REMOVED - - - - . BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file) Notify-ACNotify - ACNotify.dll MSConfigStartUp-CTFMON - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-22 14:06 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1200) c:\windows\system32\tvt_gina.dll c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll c:\program files\ThinkPad\ConnectUtilities\AcWrpc.dll c:\program files\ThinkPad\ConnectUtilities\Res\US\ACGinaRes.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\program files\ThinkVantage Fingerprint Software\basegui.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll c:\program files\ThinkVantage Fingerprint Software\biokmd.dll c:\program files\ThinkVantage Fingerprint Software\tpmkey.dll c:\program files\ThinkVantage Fingerprint Software\ibmcore.dll c:\program files\Lenovo\Client Security Solution\css_enroll.dll c:\program files\Lenovo\Client Security Solution\css_banner.dll c:\windows\system32\cssuserdatadispatcher.dll c:\windows\system32\tvttsp.dll c:\windows\system32\tcsrpc.dll . - - - - - - - > 'lsass.exe'(1260) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll . - - - - - - - > 'explorer.exe'(7048) c:\windows\system32\WININET.dll c:\docume~1\Cse\LOCALS~1\Temp\IadHide4.dll c:\windows\system32\btmmhook.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\windows\system32\crypserv.exe c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\system32\TpKmpSVC.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\SearchIndexer.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\lenovo\system update\suservice.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\LENOVO\HOTKEY\tposdsvc.exe c:\windows\system32\wscntfy.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\windows\system32\SearchProtocolHost.exe c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe c:\windows\system32\rundll32.exe c:\windows\system32\TpShocks.exe c:\windows\system32\RUNDLL32.EXE c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe c:\program files\Symantec Client Security\Symantec AntiVirus\DoScan.exe c:\program files\ThinkVantage Fingerprint Software\enrollbtn.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Logitech\Video\FxSvr2.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\windows\system32\RunDll32.exe c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\windows\system32\msiexec.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\windows\system32\SearchFilterHost.exe c:\program files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe . ************************************************************************** . Completion time: 2012-06-22 14:14:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-22 12:14 . Pre-Run: 19 659 345 920 bájt szabad Post-Run: 19 505 975 296 bájt szabad . - - End Of File - - F3A213EB37BEB7A7AD1DD4808AAA0A31

I am not sure really. Yesterday, in order to improve performance and startup speed, I was trying to reduce the number of programs which are automatically starting at startup and now once again there is the problem of the laptop not willing to go in stand-by mode when pressing Fn-F4. I do not know if these two things are connected at all... Earlier, it also did not wake up properly from standby, when I pressed the Fn key it opened up only to show the "Preparing to stand-by mode' message and went back to standby without me doing anything. Last night, as I could not put it into standby I shut it down, this morning I started the machine and left it alone for a few min, when I came back it was completely shut down again and I had to start it once again. So, strange things are happening with system startup and shutdown and I do not know why. Any idea from your side?

OK thanks. I will remove this threat from my machine even if it is inactive. I ran OTL, please find the log files attached below (OTL.txt has two parts as it exceeded your limit of 200 kB) and let me know what they mean, thanks!Extras 200612.Txt OTL 200612_2.Txt OTL 200612_1.Txt

Hi etavares, I am back as I noticed something. As you told me on May 30th, one of the programs you asked me to run found an infected userinit.exe on my machine and we replaced it with a good version. After that, I saw that my Windows login process changed - e.g. the screen where I had to give in my Windows pw was blue and next to the pw field I could also see the photo of the user whose userID was displayed and whose pw was being requested. In addition, when I pressed Ctrl+Alt+Del it showed me the running processes in Task Manager view immediately. After a few days this change disappeared and everything is back to as it was - different Windows login screen w/o a picture, Ctrl+Alt+Del showing a window with 6 choices (lock PC, log off, shut down, change pw, task mgr, cancel). This is eactly as it used to be before I raised my problem on this platform. Can it be that my userinit.exe file is corrupted again? What to do? In addition, my AV found a risk called Packed.generic.371 today in one of the RP folders under System Volume Information. The file name was A0004820.dll and the RP folder in which it was found was created on June 4th. I googled this risk and found that Symantec (I am using their AV) discovered it only on June 9th as a new risk i.e. 5 days after the RP folder's creation date. It has quarantined it but due to the fact that it was on my machine earlier than discovered by Symantec, is it a reason for concern? Thanks!

Hi etavares, I have done what you suggested, also installed Secunia and like it very much, I brought my PC from 89 to 98% and will try to keep it this way or even better. I am OK now to close this thread, thanks very much for your help and patience, it has been a pleasure to work with you! :-)

Great news! I will check and try to update those two under vulnerabilities as well as my trusted zones. As to Autorun, yes I know what you mean and I think I will not change the current settings. As to the issues under MS IE: I stopped using IE a while ago so they should not cause a problem but nevertheless I will go and clean these things up. I had two other questions (copied them below for easier reference), would you mind answering those also and then we can close the thread, thanks very much for your support! 2. I noticed 3 folders named 'etawaresCFxxx' (where xxx is a mix of characters) under my C:\ drive and, what are they and shall I leave them there? Two are empty but one contains a file called NircmdB.exe, what is it? 3. What do you suggest I do to prevent the recurring of such malware infections? I have installed Spybot S&D but it is not really user friendly and mostly I do not know whether I should allow or deny the change which it reports to me.

Hi, OK no problem, I thought it must have been something like this. I have updated my Java and ran the OTL quick scan, pls see the log below, I hope it shows the desired results. Nevertheless can you please answer a few questions before closing the topic: 1. The Kaspersky scan listed several other vulnerabilities and risks other than malware, what should I do about those? 2. I noticed 3 folders named 'etawaresCFxxx' (where xxx is a mix of characters) under my C:\ drive and, what are they and shall I leave them there? Two are empty but one contains a file called NircmdB.exe, what is it? 3. What do you suggest I do to prevent the recurring of such malware infections? I have installed Spybot S&D but it is not really user friendly and mostly I do not know whether I should allow or deny the change which it reports to me. Thanks in advance! OTL logfile created on: 2012.06.11. 10:55:28 - Run 4 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Cse\Asztal Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 2,98 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 39,86% Memory free 4,30 Gb Paging File | 2,57 Gb Available in Paging File | 59,76% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228,67 Gb Total Space | 24,92 Gb Free Space | 10,90% Space Free | Partition Type: NTFS Computer Name: JGRUBITS | User Name: Cse | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Cse\Asztal\OTL.scr (OldTimer Tools) PRC - C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) PRC - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo ) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION) PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe () PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe () PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) PRC - C:\WINDOWS\system32\TpKmpSvc.exe () PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\0856245176949b6c5f69ce0db6c6a19e\UIAutomationProvider.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\246c2e1ace46674db95e253d99f0067e\PresentationFramework.Luna.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e4abab56b79465c688b18faafec4372a\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\7a6f33c72bd7bba0fef9ac1bb22277eb\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\141f0a8fbfb83604fa3dd43dbe8fa0f4\PresentationFramework.Luna.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () MOD - C:\Program Files\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll () MOD - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () MOD - C:\Documents and Settings\Cse\Application Data\SanDisk\My Vaults\dmBackup.dll () MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL () MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_hu_b77a5c561934e089\System.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_hu_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_hu_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll () MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll () MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () MOD - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe () MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - C:\Program Files\Common Files\Lenovo\CDRecord.dll () MOD - C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll () MOD - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe () MOD - C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll () MOD - C:\WINDOWS\system32\TpKmpSvc.exe () MOD - C:\WINDOWS\system32\LXPRMON.DLL () MOD - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll () ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (KSS) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.) SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation) SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation) SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (SavRoam) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (SymSecurePort) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation) SRV - (ISSVC) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation) SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe () SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation) SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe () SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120608.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120608.003\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20120606.001\SymIDSCo.sys (Symantec Corporation) DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider) DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software) DRV - (IntelIde) -- C:\WINDOWS\system32\drivers\intelide.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation) DRV - (i2omp) -- C:\WINDOWS\system32\drivers\i2omp.sys (Microsoft Corporation) DRV - (ViaIde) -- C:\WINDOWS\system32\drivers\viaide.sys (Microsoft Corporation) DRV - (viaagp) -- C:\WINDOWS\system32\drivers\viaagp.sys (Microsoft Corporation) DRV - (agpCPQ) -- C:\WINDOWS\system32\drivers\agpcpq.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (alim1541) -- C:\WINDOWS\system32\drivers\alim1541.sys (Microsoft Corporation) DRV - (agp440) -- C:\WINDOWS\system32\drivers\agp440.sys (Microsoft Corporation) DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation) DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys () DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (LenovoRd) -- C:\WINDOWS\system32\drivers\LenovoRd.sys (Lenovo) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\symids.sys (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\symndis.sys (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\symfw.sys (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\system32\drivers\symdns.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (SAVRT) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys (Symantec Corporation) DRV - (SAVRTPEL) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC) DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation) DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (TosIde) -- C:\WINDOWS\system32\drivers\toside.sys (Microsoft Corporation) DRV - (hpn) -- C:\WINDOWS\system32\drivers\hpn.sys (Microsoft Corporation) DRV - (dpti2o) -- C:\WINDOWS\system32\drivers\dpti2o.sys (Microsoft Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic) DRV - (perc2hib) -- C:\WINDOWS\system32\drivers\perc2hib.sys (Microsoft Corporation) DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic) DRV - (perc2) -- C:\WINDOWS\system32\drivers\perc2.sys (Microsoft Corporation) DRV - (aic78xx) -- C:\WINDOWS\system32\drivers\aic78xx.sys (Microsoft Corporation) DRV - (aic78u2) -- C:\WINDOWS\system32\drivers\aic78u2.sys (Microsoft Corporation) DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.) DRV - (adpu160m) -- C:\WINDOWS\system32\drivers\adpu160m.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation) DRV - (ql1240) -- C:\WINDOWS\system32\drivers\ql1240.sys (Microsoft Corporation) DRV - (Ql10wnt) -- C:\WINDOWS\system32\drivers\ql10wnt.sys (Microsoft Corporation) DRV - (dac960nt) -- C:\WINDOWS\system32\drivers\dac960nt.sys (Microsoft Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.) DRV - (ini910u) -- C:\WINDOWS\system32\drivers\ini910u.sys (Microsoft Corporation) DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation) DRV - (cbidf) -- C:\WINDOWS\system32\drivers\cbidf2k.sys (Microsoft Corporation) DRV - (Cpqarray) -- C:\WINDOWS\system32\drivers\cpqarray.sys (Microsoft Corporation) DRV - (cd20xrnt) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys (Microsoft Corporation) DRV - (asc3350p) -- C:\WINDOWS\system32\drivers\asc3350p.sys (Microsoft Corporation) DRV - (amsint) -- C:\WINDOWS\system32\drivers\amsint.sys (Microsoft Corporation) DRV - (Aha154x) -- C:\WINDOWS\system32\drivers\aha154x.sys (Microsoft Corporation) DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.) DRV - (abp480n5) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS (Microsoft Corporation) DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=WLEM&ocid=bb7hp IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_deAT347 IE - HKCU\..\SearchScopes\{7ABE1B73-0763-423E-B91D-814AB935EF1C}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{FC9CF8B4-59E2-442E-8A8E-B988ADAC399E}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.index.hu/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.05.30 23:26:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.29 23:34:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 11:00:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.11 09:32:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.29 23:34:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions [2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.03 09:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions [2011.05.30 23:21:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.20 14:14:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.05.03 09:34:30 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\plugin@yontoo.com [2012.01.14 23:59:28 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\searchplugins\bing.xml [2012.02.18 18:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.03.25 19:39:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.05.02 11:00:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.11 22:28:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.01.19 20:50:37 | 000,002,032 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.02.11 22:28:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Skype Click to Call = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ O1 HOSTS File: ([2012.06.04 14:48:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movies_on_DVD_7_TerraTec_Edition\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech) O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [sanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [lxbyUninstallerRan] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Camera Monitor HD.lnk = C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254155909672 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254156007953 (MUWebControl Class) O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553541500} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{077AE974-B150-457B-8948-189158AA3A90}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.13 10:50:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.11 09:35:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.06.11 09:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.06.11 09:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.06.11 09:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\Oracle [2012.06.11 09:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.11 09:02:24 | 000,892,400 | ---- | C] (Oracle Corporation) -- C:\Program Files\jxpiinstall-7u4-fcs-bin-b73-windows-i586-31_may_2012.exe [2012.06.06 09:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\Kaspersky Security Scan [2012.06.06 09:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012.06.06 09:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2012.06.06 09:21:28 | 000,179,968 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Cse\Asztal\kss12.0.1.117mlg_en_ru_fr_de.exe [2012.06.05 09:34:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr [2012.06.04 22:02:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.06.04 14:25:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.06.04 14:25:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.06.04 14:25:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.06.04 14:25:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.06.04 14:25:14 | 000,000,000 | ---D | C] -- C:\etavaresCF19709e [2012.06.04 11:20:19 | 000,000,000 | ---D | C] -- C:\etavaresCF15047e [2012.06.01 19:33:53 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe [2012.05.25 09:48:15 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.05.25 09:41:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012.05.25 09:41:46 | 000,000,000 | ---D | C] -- C:\etavaresCF [2012.05.25 09:41:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.05.23 17:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\Malwarebytes [2012.05.23 17:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012.05.15 16:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\Revo Uninstaller [2012.05.15 16:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\FreeFixer [2012.05.15 16:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Local Settings\Application Data\FreeFixer [2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer [2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\FreeFixer [2012.05.15 16:17:25 | 002,130,622 | ---- | C] (Kephyr) -- C:\Program Files\freefixersetup.exe [2012.05.13 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HTC Sync [2012.05.04 09:38:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe [2012.05.03 23:53:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe [2012.04.18 23:30:36 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe [1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.11 11:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.11 11:01:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job [2012.06.11 10:57:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.11 09:26:27 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\Cse\Start Menu\Programs\Indítópult\Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk [2012.06.11 09:24:17 | 000,052,301 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2012.06.11 09:24:11 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012.06.11 09:24:01 | 000,182,428 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.06.11 09:23:11 | 000,025,456 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2012.06.11 09:23:09 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2601519475-432958476-330210462-1006.job [2012.06.11 09:23:01 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.11 09:22:59 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.11 09:21:46 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2012.06.11 09:21:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.11 09:21:03 | 3202,658,304 | -HS- | M] () -- C:\hiberfil.sys [2012.06.11 09:19:05 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat [2012.06.11 09:03:07 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2601519475-432958476-330210462-1006.job [2012.06.11 08:48:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.06.11 08:34:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.06.10 19:56:26 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2012.06.10 12:00:09 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job [2012.06.09 23:27:04 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Skype.lnk [2012.06.06 09:27:03 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Cse\Asztal\Kaspersky Security Scan.lnk [2012.06.06 09:21:29 | 000,179,968 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Cse\Asztal\kss12.0.1.117mlg_en_ru_fr_de.exe [2012.06.05 21:18:51 | 000,000,207 | ---- | M] () -- C:\WINDOWS\GIB30_32.INI [2012.06.05 21:18:50 | 000,002,330 | ---- | M] () -- C:\WINDOWS\gib00001.hst [2012.06.05 16:16:10 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2012.06.05 09:34:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr [2012.06.04 14:48:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.06.04 08:02:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2012.05.31 14:37:45 | 000,000,152 | ---- | M] () -- C:\WINDOWS\gib00002.hst [2012.05.30 20:50:28 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2012.05.25 09:48:21 | 000,000,364 | RHS- | M] () -- C:\boot.ini [2012.05.25 08:59:33 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Google Chrome.lnk [2012.05.22 09:11:06 | 000,000,248 | ---- | M] () -- C:\Boot.bak [2012.05.15 16:47:17 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\Cse\Asztal\Revo Uninstaller.lnk [2012.05.15 16:47:17 | 000,000,924 | ---- | M] () -- C:\Program Files\Revo Uninstaller.lnk [2012.05.15 16:17:46 | 002,130,622 | ---- | M] (Kephyr) -- C:\Program Files\freefixersetup.exe [2012.05.14 20:49:45 | 003,895,848 | ---- | M] () -- C:\Program Files\HPPSdr.exe [2012.05.13 20:12:59 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk [2012.05.13 20:12:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk [2012.05.13 10:13:01 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.11 09:04:42 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\Cse\Asztal\Revo Uninstaller.lnk [2012.06.06 09:27:15 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Cse\Asztal\Kaspersky Security Scan.lnk [2012.06.04 14:25:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.06.04 14:25:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.06.04 14:25:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.06.04 14:25:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.06.04 14:25:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.05.25 09:48:21 | 000,000,248 | ---- | C] () -- C:\Boot.bak [2012.05.25 09:48:17 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012.05.22 09:01:06 | 3202,658,304 | -HS- | C] () -- C:\hiberfil.sys [2012.05.14 20:45:46 | 003,895,848 | ---- | C] () -- C:\Program Files\HPPSdr.exe [2012.05.13 20:12:59 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk [2012.05.13 20:12:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk [2012.05.13 10:11:08 | 000,540,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012.05.04 09:45:04 | 000,000,940 | ---- | C] () -- C:\Program Files\Spybot - Search & Destroy.lnk [2012.05.03 09:34:46 | 000,000,924 | ---- | C] () -- C:\Program Files\Revo Uninstaller.lnk [2012.04.17 11:11:12 | 002,915,520 | ---- | C] () -- C:\Program Files\HPHNDU.exe [2012.03.30 13:23:09 | 022,259,528 | ---- | C] () -- C:\Program Files\vlc-2.0.1-win32.exe [2012.03.29 18:20:58 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini [2012.01.11 15:37:58 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\.backup.dm [2011.12.08 10:04:31 | 005,313,141 | ---- | C] () -- C:\Program Files\install.exe [2011.12.05 08:17:09 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2601519475-432958476-330210462-1006-0.dat [2011.11.29 00:31:19 | 001,107,022 | ---- | C] () -- C:\Program Files\SubtitleWorkshop251.exe [2011.11.13 21:35:20 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2011.05.17 21:58:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini ========== LOP Check ========== [2012.05.22 08:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC [2012.01.11 15:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk [2011.10.16 10:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2011.11.06 12:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin [2011.07.12 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2011.05.30 23:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009.09.28 18:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\m2backup [2010.03.08 16:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX [2009.09.28 18:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mquadr.at [2010.03.05 22:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2009.10.18 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2009.09.28 16:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor [2011.07.18 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2010.03.29 22:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA [2011.12.08 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RavensburgerTipToi [2012.05.03 09:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2009.09.28 17:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB [2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4C64F87B-DDC8-4FB0-BC32-596BDEB52000} [2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{91E14A42-CE18-4B53-9D80-4B6B72AB7C12} [2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14} [2009.10.13 08:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Avaya [2012.03.29 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Canon [2011.10.16 10:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\DAEMON Tools Lite [2012.05.03 09:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\ElevatedDiagnostics [2009.10.17 23:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\FotoWire [2012.05.15 16:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\FreeFixer [2011.11.06 11:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\GARMIN [2011.05.30 23:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\GHISLER [2012.02.02 09:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\HTC [2011.05.31 01:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2009.10.11 23:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\InterVideo [2009.09.29 00:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Leadertech [2009.12.02 16:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Lenovo [2010.03.08 16:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\MAGIX [2010.03.01 22:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Nokia [2012.06.11 09:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Oracle [2010.03.01 22:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\PC Suite [2011.05.29 09:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\PCDr [2010.01.28 03:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\RadLight Company [2011.12.08 10:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\RavensburgerTipToi [2012.01.11 15:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\SanDisk [2011.05.30 23:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Thunderbird [2009.09.29 03:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Thunderbird Sept 29 start backup [2011.05.29 09:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Update [2011.05.30 23:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Windows Desktop Search [2009.10.18 16:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Windows Search [2009.09.28 17:19:53 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\1. regisztrálási emlékeztető.job [2009.10.08 23:50:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\2. regisztrálási emlékeztető.job [2009.10.13 23:50:13 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\3. regisztrálási emlékeztető.job [2012.06.04 08:02:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job [2012.06.11 09:24:11 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [2012.06.10 12:00:09 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report >

Hi etavares, good news, thanks. Can you please explain why do I need version 30 (or is it meant to be update 30 instead?) if I have version 6, update 31 now? According to the java.com site I am supposed to update to version 7 update 4, why not use that one? Thanks!

Hi, here it is... I assume this version of the program is newer than the one that your instructions were written to because there is no option to select Settings and tick anything. What I did was running a full scan, please find the log below. As to your point on the free space: I know this rule of thumb and try to keep it above 10%, currently it dropped below but I will do a cleanup to get back above it - thanks for noticing it anyway. System protection (0) Malware (11) Exploit.HTML.CodeBaseExec notepad.html C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000.VBN//CryptZ//XP trükkök/Notepad-Html Trojan-Downloader.Win32.VB.rrl googledownload.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0001\4FDC352F.VBN//CryptZ//$WINDIR Trojan-Downloader.Win32.VB.rrl googledownload.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0002\4FDC3622.VBN//CryptZ//$WINDIR Trojan-Downloader.Win32.VB.rrl googledownload.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000\4FDC31ED.VBN//CryptZ//$WINDIR Trojan-Downloader.Win32.VB.rrl googledownload.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0003\4FDC374C.VBN//CryptZ//$WINDIR Trojan.Win32.Chifrax.d downloader.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\103C0001\5BBED470.VBN//CryptZ//$PLUGINSDIR Trojan.Win32.Chifrax.d downloader.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\103C0000\5BBED1F9.VBN//CryptZ//$PLUGINSDIR Trojan.Win32.Chifrax.d downloader.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10740001\5B7E3A74.VBN//CryptZ//$PLUGINSDIR Trojan.Win32.Chifrax.d downloader.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10740000\5B7E23CB.VBN//CryptZ//$PLUGINSDIR Trojan.Win32.Chifrax.d downloader.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10740002\5B7E3BAF.VBN//CryptZ//$PLUGINSDIR Trojan-Downloader.Win32.VB.rrl googledownload.exe C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10940000\5B9FF840.VBN//CryptZ//$WINDIR Vulnerabilities (2) C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Lenovo\Rescue and Recovery\rnr_gui.exe Other issues (12) "Autorun from hard drives is allowed" "Autorun from network drives is enabled" "CD/DVD autorun is enabled" "Removable media autorun is enabled" "Microsoft Internet Explorer: clear history of typed URLs" "Microsoft Internet Explorer - disable caching data received via protected channel" "Microsoft Internet Explorer: disable sending error reports" "Microsoft Internet Explorer: delete cookies" "Microsoft Internet Explorer: clear the list of trusted domains" "Microsoft Internet Explorer: clear list of pop-up blocker exceptions" "Microsoft Internet Explorer: enable cache autocleanup on browser closing" "Microsoft Internet Explorer: start page reset"