pilotbob

Members

View Profile See their activity

Posts
105
Joined
July 1, 2008
Last visited
March 5, 2014

Content Type

All Activity

Profiles

Forums

Topics
Posts

Blogs

Events

Resources

Videos

Link Directory

Downloads

Everything posted by pilotbob

System Idle Process 99% ???

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

I managed to get chkdsk /r to run from the recovery console, it seemed to gallop through the first 25% then struggled a bit up to 50% often remaining on one figure for some time then took about an hour to reach 75% whereupon it returned to 50% ???????? Another hour passed and gradually we got back to 75% when it reported it was 100% complete having found and repaired one or more sectors. The system has re-booted successfully. Can I assume any repairs are permanent and should I now try to clone the system onto a new HD? I couldn't get the fujitsu drive tools as the link appears to be broken. Oh and by the way what do you play?
- December 7, 2011
- 17 replies
System Idle Process 99% ???

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Ok thanks again for that I'll make sure I get all the data backed up before doing anything else, hopefully that is! Just to be sure, if I use the recovery console will I lose installed programs or will these be safe?
- December 7, 2011
- 17 replies
System Idle Process 99% ???

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Well I couldn't get CHKDSK to complete it hung at stage 4 98% Everything seemed to freeze up even the cooling fan stopped. Anyway I decided just to hard boot it and windows has restarted. Minidump attached.Mini120711-01.zip
- December 7, 2011
- 17 replies
System Idle Process 99% ???

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Hi Bluesplayer, Thanks again, this morning the machine failed to boot and insisted on running CHKDSK, this is still running after 2 hours and is 82% through stage 4 of 5. I'm beginning to suspect the hard drive is failing or has failed. I'll let it continue and try again and if I can get to the files will post them as requested.
- December 7, 2011
- 17 replies
System Idle Process 99% ???

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Many thanks for your reply, details below. Operating System MS Windows XP Professional 32-bit SP3 CPU Intel Mobile Core 2 Duo T5550 @ 1.83GHz 64 °C Merom 65nm Technology RAM 2.00 GB Dual-Channel DDR2 @ 332MHz (5-5-5-15) Motherboard LENOVO IEL10 (U2E1) Graphics Plug and Play Monitor (1280x800@60Hz) Mobile Intel® 965 Express Chipset Family Mobile Intel® 965 Express Chipset Family Hard Drives 488GB FUJITSU MJA2500BH G2 (SATA) 41 °C Free space 300Gb + 1023MB SD Disk Device (IDE) Optical Drives MAT****A DVD-RAM UJ-850 z DTSOFT Virtual CdRom Device DTSOFT Virtual CdRom Device DTSOFT Virtual CdRom Device Audio Total Recorder WDM audio driver Not sure if it's relevant but I also had the following BSOD message tonight. not doing anything with the PC at the time, just crashed. STOP 0x000000F4 (0x00000003,0x8982A718,0x08982A88C,0x8060577E) Never had any blue screens with this machine before. Edited to say I've recently also run chkdsk /F too
- December 6, 2011
- 17 replies
System Idle Process 99% ???

pilotbob posted a topic in Tech Support & Discussions Forum

My XP Pro SP3 Lenovo laptop frequently seems to freeze up, especially after coming out of Standby. If I try to open any programs they appear to freeze. If I open Task Manager the System Idle Process is using 98 to 99% of CPU is this normal and what might be causing the freezing? Re-booting solves the problem although sometimes not all of the System tray icons show up??????. Whether this is related I've no idea. I have tried running sfc /scannow which doesn't ask for the windows cd so I assume all system files are present and correct. As usual I'd be very grateful for any help.
- December 6, 2011
- 17 replies
Dual Boot XP with same OS (Cloned)?

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Hi Ken, Thanks for your reply, I do have the partitioning and clone software having upgraded the original 160Gb drive to 500Gb without re-installing everything. I also have a spare drive with the complete system cloned as a backup. I think you've answered my question as to how I will select which OS to use with your Boot.ini suggestion. I'll give it a go and see what happens. Cheers, Bob.
- November 30, 2011
- 3 replies
Dual Boot XP with same OS (Cloned)?

pilotbob posted a topic in Tech Support & Discussions Forum

It's time for me to re-install my XP pro to clear out some of the junk accumalated over the years. In order to separate some of the everyday stuff from the more specialized items (Virtual Machines etc.) I want to create a dual boot system with the same version of XP on both. My laptop (Lenovo) has the recovery sytem built into the hard drive so no OS disc supplied. Can I reinstall from scratch, repartition my drive (500gb to 2x 250gb) then clone the first partition to the second and if so how will I select which one boots on startup. Hope I am making myself clear, I've seen lots of advise on dual boot XP/Vista/Win7 systems but none on what I want to do. Any advise gratefully received as uaual. Many thanks, Bob.
- November 30, 2011
- 3 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Thanks again for an excellent service, I appreciate your help enormously and have no hesitation in recommending you. Hope you don't mind the extra workload ;-) All the best, Oh, and should I mark this thread "Solved" or will you? Bob.
- November 14, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Ah, that's what I thought and as I since my understanding of how the registry works is nill I think I'll leave well alone. I recall seeing references to some files from AVG, Nokia PC suite and one or two others which I no longer use so thought it would be good to get rid of them. Not overly concerned though. Probably best to go ahead with whatever the final process is and I'll see how things go for a few weeks before I trust it all. Bob.
- November 14, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Hi, Everything seems to be fine, I've not noticed any unusual activity. Do you think it's likely to be "clean" now?. Whilst I think about it, although I don't understand the info in all the scan reports produced so far it's evident that there is a lot of "garbage" left over from old uninstalled programs. I can delve into the file system and delete unnecessary foldes and files but is there a reliable registry cleaner you could recommend? I've not had a great deal of success with these in the past. Regards, and thanks again for sticking with me. Bob.
- November 14, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Scan completed results below; 11:44:58.0750 3560 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15 11:44:59.0015 3560 ============================================================ 11:44:59.0015 3560 Current date / time: 2011/11/12 11:44:59.0015 11:44:59.0015 3560 SystemInfo: 11:44:59.0015 3560 11:44:59.0015 3560 OS Version: 5.1.2600 ServicePack: 3.0 11:44:59.0015 3560 Product type: Workstation 11:44:59.0015 3560 ComputerName: LENOVO 11:44:59.0015 3560 UserName: Bob 11:44:59.0015 3560 Windows directory: C:\WINDOWS 11:44:59.0015 3560 System windows directory: C:\WINDOWS 11:44:59.0015 3560 Processor architecture: Intel x86 11:44:59.0015 3560 Number of processors: 2 11:44:59.0015 3560 Page size: 0x1000 11:44:59.0015 3560 Boot type: Normal boot 11:44:59.0015 3560 ============================================================ 11:44:59.0859 3560 Initialize success 11:45:23.0656 5560 ============================================================ 11:45:23.0656 5560 Scan started 11:45:23.0656 5560 Mode: Manual; 11:45:23.0656 5560 ============================================================ 11:45:24.0046 5560 Abiosdsk - ok 11:45:24.0093 5560 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 11:45:24.0093 5560 abp480n5 - ok 11:45:24.0218 5560 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 11:45:24.0218 5560 ac97intc - ok 11:45:24.0281 5560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 11:45:24.0296 5560 ACPI - ok 11:45:24.0406 5560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 11:45:24.0406 5560 ACPIEC - ok 11:45:24.0453 5560 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 11:45:24.0453 5560 adpu160m - ok 11:45:24.0593 5560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 11:45:24.0609 5560 aec - ok 11:45:24.0765 5560 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 11:45:24.0781 5560 AegisP - ok 11:45:24.0890 5560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 11:45:24.0890 5560 AFD - ok 11:45:25.0031 5560 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 11:45:25.0062 5560 AgereSoftModem - ok 11:45:25.0156 5560 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 11:45:25.0156 5560 agp440 - ok 11:45:25.0281 5560 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 11:45:25.0281 5560 agpCPQ - ok 11:45:25.0343 5560 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 11:45:25.0343 5560 Aha154x - ok 11:45:25.0453 5560 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 11:45:25.0453 5560 aic78u2 - ok 11:45:25.0468 5560 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 11:45:25.0468 5560 aic78xx - ok 11:45:25.0484 5560 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 11:45:25.0484 5560 AliIde - ok 11:45:25.0515 5560 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 11:45:25.0515 5560 alim1541 - ok 11:45:25.0546 5560 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 11:45:25.0546 5560 amdagp - ok 11:45:25.0656 5560 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 11:45:25.0671 5560 amsint - ok 11:45:25.0734 5560 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS 11:45:25.0750 5560 ANC - ok 11:45:25.0859 5560 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 11:45:25.0859 5560 Arp1394 - ok 11:45:25.0968 5560 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 11:45:25.0984 5560 asc - ok 11:45:26.0031 5560 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 11:45:26.0031 5560 asc3350p - ok 11:45:26.0109 5560 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 11:45:26.0109 5560 asc3550 - ok 11:45:26.0250 5560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 11:45:26.0250 5560 AsyncMac - ok 11:45:26.0328 5560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 11:45:26.0328 5560 atapi - ok 11:45:26.0437 5560 Atdisk - ok 11:45:26.0562 5560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 11:45:26.0562 5560 Atmarpc - ok 11:45:26.0718 5560 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys 11:45:26.0718 5560 ATSWPDRV - ok 11:45:26.0781 5560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 11:45:26.0781 5560 audstub - ok 11:45:26.0937 5560 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 11:45:26.0937 5560 b57w2k - ok 11:45:27.0000 5560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 11:45:27.0000 5560 Beep - ok 11:45:27.0171 5560 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys 11:45:27.0171 5560 btaudio - ok 11:45:27.0281 5560 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys 11:45:27.0281 5560 BTDriver - ok 11:45:27.0453 5560 BTKRNL (d84166d41a05f66d9084039427e5025b) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 11:45:27.0468 5560 BTKRNL - ok 11:45:27.0671 5560 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 11:45:27.0671 5560 BTWDNDIS - ok 11:45:27.0718 5560 btwmodem (e206ec370646e42dc862fd995869d31d) C:\WINDOWS\system32\DRIVERS\btwmodem.sys 11:45:27.0718 5560 btwmodem - ok 11:45:27.0906 5560 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys 11:45:27.0906 5560 BTWUSB - ok 11:45:27.0921 5560 catchme - ok 11:45:28.0093 5560 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 11:45:28.0093 5560 cbidf - ok 11:45:28.0234 5560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 11:45:28.0250 5560 cbidf2k - ok 11:45:28.0312 5560 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 11:45:28.0312 5560 CCDECODE - ok 11:45:28.0484 5560 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 11:45:28.0484 5560 cd20xrnt - ok 11:45:28.0656 5560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 11:45:28.0656 5560 Cdaudio - ok 11:45:28.0781 5560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 11:45:28.0781 5560 Cdfs - ok 11:45:28.0890 5560 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 11:45:28.0890 5560 Cdrom - ok 11:45:28.0953 5560 Changer - ok 11:45:29.0031 5560 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 11:45:29.0031 5560 CmBatt - ok 11:45:29.0156 5560 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 11:45:29.0156 5560 CmdIde - ok 11:45:29.0375 5560 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 11:45:29.0375 5560 Compbatt - ok 11:45:29.0546 5560 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 11:45:29.0546 5560 Cpqarray - ok 11:45:29.0734 5560 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 11:45:29.0734 5560 dac2w2k - ok 11:45:29.0890 5560 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 11:45:29.0890 5560 dac960nt - ok 11:45:29.0968 5560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 11:45:29.0968 5560 Disk - ok 11:45:30.0203 5560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 11:45:30.0218 5560 dmboot - ok 11:45:30.0437 5560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 11:45:30.0437 5560 dmio - ok 11:45:30.0593 5560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 11:45:30.0593 5560 dmload - ok 11:45:30.0796 5560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 11:45:30.0812 5560 DMusic - ok 11:45:30.0968 5560 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 11:45:30.0968 5560 dpti2o - ok 11:45:31.0171 5560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 11:45:31.0171 5560 drmkaud - ok 11:45:31.0343 5560 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 11:45:31.0343 5560 E100B - ok 11:45:31.0562 5560 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys 11:45:31.0562 5560 ElbyCDFL - ok 11:45:31.0765 5560 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys 11:45:31.0765 5560 ElbyCDIO - ok 11:45:31.0984 5560 eusk2par (0c79689b4840ef8ec522598343f26849) C:\WINDOWS\system32\Drivers\eusk2par.sys 11:45:32.0000 5560 eusk2par - ok 11:45:32.0203 5560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 11:45:32.0218 5560 Fastfat - ok 11:45:32.0421 5560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 11:45:32.0421 5560 Fdc - ok 11:45:32.0609 5560 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB0127.SYS 11:45:32.0609 5560 FINEPIX_PCC - ok 11:45:32.0687 5560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 11:45:32.0703 5560 Fips - ok 11:45:32.0906 5560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 11:45:32.0906 5560 Flpydisk - ok 11:45:33.0109 5560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 11:45:33.0109 5560 FltMgr - ok 11:45:33.0281 5560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 11:45:33.0281 5560 Fs_Rec - ok 11:45:33.0390 5560 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\WINDOWS\system32\drivers\ftdibus.sys 11:45:33.0390 5560 FTDIBUS - ok 11:45:33.0437 5560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 11:45:33.0437 5560 Ftdisk - ok 11:45:33.0546 5560 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys 11:45:33.0546 5560 FTSER2K - ok 11:45:33.0640 5560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 11:45:33.0640 5560 Gpc - ok 11:45:33.0765 5560 hcmon (d0a5716e6095ec080f5a1a5892e9fdc6) C:\WINDOWS\system32\Drivers\hcmon.sys 11:45:33.0765 5560 hcmon - ok 11:45:33.0875 5560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 11:45:33.0875 5560 HDAudBus - ok 11:45:34.0031 5560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 11:45:34.0031 5560 HidUsb - ok 11:45:34.0203 5560 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 11:45:34.0203 5560 hpn - ok 11:45:34.0421 5560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 11:45:34.0421 5560 HTTP - ok 11:45:34.0625 5560 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 11:45:34.0625 5560 i2omgmt - ok 11:45:34.0812 5560 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 11:45:34.0812 5560 i2omp - ok 11:45:35.0156 5560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 11:45:35.0156 5560 i8042prt - ok 11:45:35.0406 5560 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 11:45:35.0531 5560 ialm - ok 11:45:35.0703 5560 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys 11:45:35.0703 5560 iaStor - ok 11:45:35.0765 5560 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys 11:45:35.0781 5560 IBMTPCHK - ok 11:45:36.0000 5560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 11:45:36.0000 5560 Imapi - ok 11:45:36.0046 5560 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 11:45:36.0046 5560 ini910u - ok 11:45:36.0328 5560 IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys 11:45:36.0437 5560 IntcAzAudAddService - ok 11:45:36.0640 5560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 11:45:36.0640 5560 IntelIde - ok 11:45:36.0828 5560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 11:45:36.0828 5560 intelppm - ok 11:45:37.0031 5560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 11:45:37.0031 5560 Ip6Fw - ok 11:45:37.0187 5560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 11:45:37.0203 5560 IpFilterDriver - ok 11:45:37.0265 5560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 11:45:37.0265 5560 IpInIp - ok 11:45:37.0468 5560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 11:45:37.0468 5560 IpNat - ok 11:45:37.0671 5560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 11:45:37.0671 5560 IPSec - ok 11:45:37.0812 5560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 11:45:37.0812 5560 IRENUM - ok 11:45:37.0890 5560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 11:45:37.0906 5560 isapnp - ok 11:45:37.0968 5560 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys 11:45:38.0000 5560 Iviaspi - ok 11:45:38.0171 5560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 11:45:38.0171 5560 Kbdclass - ok 11:45:38.0203 5560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 11:45:38.0203 5560 kmixer - ok 11:45:38.0281 5560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 11:45:38.0281 5560 KSecDD - ok 11:45:38.0375 5560 Lavasoft Kernexplorer - ok 11:45:38.0437 5560 lbrtfdc - ok 11:45:38.0468 5560 MAUSBML - ok 11:45:38.0531 5560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 11:45:38.0531 5560 mnmdd - ok 11:45:38.0640 5560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 11:45:38.0640 5560 Modem - ok 11:45:38.0687 5560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 11:45:38.0687 5560 Mouclass - ok 11:45:38.0796 5560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 11:45:38.0796 5560 MountMgr - ok 11:45:38.0859 5560 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys 11:45:38.0859 5560 MpFilter - ok 11:45:38.0937 5560 MpKsl0a72a4ed - ok 11:45:38.0953 5560 MpKsl1132a2a8 - ok 11:45:39.0015 5560 MpKsl771f9dee (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E3D1B4D-6DCA-4E7A-B176-9BEDCBDE55E7}\MpKsl771f9dee.sys 11:45:39.0015 5560 MpKsl771f9dee - ok 11:45:39.0125 5560 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 11:45:39.0140 5560 mraid35x - ok 11:45:39.0203 5560 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS 11:45:39.0203 5560 MREMP50 - ok 11:45:39.0312 5560 MREMPR5 - ok 11:45:39.0328 5560 MRENDIS5 - ok 11:45:39.0406 5560 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS 11:45:39.0421 5560 MRESP50 - ok 11:45:39.0546 5560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 11:45:39.0546 5560 MRxDAV - ok 11:45:39.0718 5560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 11:45:39.0718 5560 MRxSmb - ok 11:45:39.0875 5560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 11:45:39.0875 5560 Msfs - ok 11:45:39.0937 5560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 11:45:39.0937 5560 MSKSSRV - ok 11:45:40.0062 5560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 11:45:40.0062 5560 MSPCLOCK - ok 11:45:40.0140 5560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 11:45:40.0140 5560 MSPQM - ok 11:45:40.0296 5560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 11:45:40.0296 5560 mssmbios - ok 11:45:40.0359 5560 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 11:45:40.0359 5560 MSTEE - ok 11:45:40.0484 5560 MTDVC2 (cd3c06f56104bac9268587bf1c25a84c) C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys 11:45:40.0484 5560 MTDVC2 - ok 11:45:40.0546 5560 MTDVC2_ENUM (a25b4cec85388f2e88567b4d629aa6e4) C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys 11:45:40.0546 5560 MTDVC2_ENUM - ok 11:45:40.0656 5560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 11:45:40.0656 5560 Mup - ok 11:45:40.0718 5560 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 11:45:40.0718 5560 NABTSFEC - ok 11:45:40.0843 5560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 11:45:40.0843 5560 NDIS - ok 11:45:40.0906 5560 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 11:45:40.0906 5560 NdisIP - ok 11:45:41.0046 5560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 11:45:41.0046 5560 NdisTapi - ok 11:45:41.0109 5560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 11:45:41.0125 5560 Ndisuio - ok 11:45:41.0234 5560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 11:45:41.0250 5560 NdisWan - ok 11:45:41.0312 5560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 11:45:41.0312 5560 NDProxy - ok 11:45:41.0468 5560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 11:45:41.0468 5560 NetBIOS - ok 11:45:41.0500 5560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 11:45:41.0515 5560 NetBT - ok 11:45:41.0671 5560 NETw3x32 (f43da6b7e26fff9ac4d3210f2f9b5d8c) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys 11:45:41.0718 5560 NETw3x32 - ok 11:45:42.0015 5560 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 11:45:42.0015 5560 NIC1394 - ok 11:45:42.0062 5560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 11:45:42.0062 5560 Npfs - ok 11:45:42.0187 5560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 11:45:42.0203 5560 Ntfs - ok 11:45:42.0359 5560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 11:45:42.0359 5560 Null - ok 11:45:42.0437 5560 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 11:45:42.0468 5560 nv - ok 11:45:42.0609 5560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 11:45:42.0609 5560 NwlnkFlt - ok 11:45:42.0671 5560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 11:45:42.0671 5560 NwlnkFwd - ok 11:45:42.0812 5560 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 11:45:42.0812 5560 ohci1394 - ok 11:45:42.0875 5560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 11:45:42.0875 5560 Parport - ok 11:45:43.0015 5560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 11:45:43.0015 5560 PartMgr - ok 11:45:43.0078 5560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 11:45:43.0078 5560 ParVdm - ok 11:45:43.0171 5560 PbsAuDrv - ok 11:45:43.0234 5560 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 11:45:43.0234 5560 pccsmcfd - ok 11:45:43.0437 5560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 11:45:43.0437 5560 PCI - ok 11:45:43.0593 5560 PCIDump - ok 11:45:43.0656 5560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 11:45:43.0656 5560 PCIIde - ok 11:45:43.0843 5560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 11:45:43.0843 5560 Pcmcia - ok 11:45:43.0953 5560 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys 11:45:43.0953 5560 pcouffin - ok 11:45:44.0078 5560 PDCOMP - ok 11:45:44.0125 5560 PDFRAME - ok 11:45:44.0203 5560 PDRELI - ok 11:45:44.0281 5560 PDRFRAME - ok 11:45:44.0359 5560 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 11:45:44.0359 5560 perc2 - ok 11:45:44.0515 5560 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 11:45:44.0515 5560 perc2hib - ok 11:45:44.0609 5560 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys 11:45:44.0625 5560 pmem - ok 11:45:44.0796 5560 PMHler (c6114ccd63db3925a0450b1089ece503) C:\WINDOWS\system32\drivers\PMHler.sys 11:45:44.0796 5560 PMHler - ok 11:45:44.0890 5560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 11:45:44.0906 5560 PptpMiniport - ok 11:45:45.0062 5560 PROCDD (c9ca089787aa4ca892f2173a8e15c1b0) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS 11:45:45.0062 5560 PROCDD - ok 11:45:45.0265 5560 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 11:45:45.0265 5560 Processor - ok 11:45:45.0437 5560 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys 11:45:45.0437 5560 psadd - ok 11:45:45.0500 5560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 11:45:45.0500 5560 PSched - ok 11:45:45.0656 5560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 11:45:45.0656 5560 Ptilink - ok 11:45:45.0718 5560 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 11:45:45.0718 5560 PxHelp20 - ok 11:45:45.0890 5560 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 11:45:45.0890 5560 ql1080 - ok 11:45:45.0953 5560 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 11:45:45.0953 5560 Ql10wnt - ok 11:45:46.0125 5560 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 11:45:46.0125 5560 ql12160 - ok 11:45:46.0187 5560 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 11:45:46.0187 5560 ql1240 - ok 11:45:46.0359 5560 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 11:45:46.0359 5560 ql1280 - ok 11:45:46.0687 5560 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys 11:45:46.0703 5560 RapportCerberus_32301 - ok 11:45:46.0796 5560 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys 11:45:46.0796 5560 RapportEI - ok 11:45:46.0953 5560 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys 11:45:46.0953 5560 RapportIaso - ok 11:45:47.0156 5560 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys 11:45:47.0156 5560 RapportKELL - ok 11:45:47.0296 5560 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 11:45:47.0296 5560 RapportPG - ok 11:45:47.0421 5560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 11:45:47.0421 5560 RasAcd - ok 11:45:47.0453 5560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 11:45:47.0453 5560 Rasl2tp - ok 11:45:47.0562 5560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 11:45:47.0562 5560 RasPppoe - ok 11:45:47.0609 5560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 11:45:47.0609 5560 Raspti - ok 11:45:47.0734 5560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 11:45:47.0734 5560 Rdbss - ok 11:45:47.0765 5560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 11:45:47.0781 5560 RDPCDD - ok 11:45:47.0906 5560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 11:45:47.0906 5560 rdpdr - ok 11:45:47.0984 5560 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 11:45:47.0984 5560 RDPWD - ok 11:45:48.0171 5560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 11:45:48.0187 5560 redbook - ok 11:45:48.0390 5560 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 11:45:48.0390 5560 rimmptsk - ok 11:45:48.0593 5560 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 11:45:48.0593 5560 rimsptsk - ok 11:45:48.0796 5560 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 11:45:48.0796 5560 rismxdp - ok 11:45:48.0984 5560 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 11:45:48.0984 5560 ROOTMODEM - ok 11:45:49.0062 5560 s24trans (decee0d67d032b57c1f5ef649a67a967) C:\WINDOWS\system32\DRIVERS\s24trans.sys 11:45:49.0109 5560 s24trans - ok 11:45:49.0296 5560 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 11:45:49.0296 5560 sdbus - ok 11:45:49.0406 5560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 11:45:49.0421 5560 Secdrv - ok 11:45:49.0500 5560 Ser2pl (de0a165d9f8ea295e62ea702ef2f8125) C:\WINDOWS\system32\DRIVERS\ser2pl.sys 11:45:49.0500 5560 Ser2pl - ok 11:45:49.0593 5560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 11:45:49.0609 5560 serenum - ok 11:45:49.0703 5560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 11:45:49.0703 5560 Serial - ok 11:45:49.0968 5560 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 11:45:49.0968 5560 sffdisk - ok 11:45:50.0015 5560 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 11:45:50.0015 5560 sffp_sd - ok 11:45:50.0171 5560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 11:45:50.0187 5560 Sfloppy - ok 11:45:50.0343 5560 Simbad - ok 11:45:50.0406 5560 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 11:45:50.0406 5560 sisagp - ok 11:45:50.0578 5560 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 11:45:50.0578 5560 SLIP - ok 11:45:51.0015 5560 SNP2UVC (537cd54295cdbcc4dcffe95e234387ae) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 11:45:51.0250 5560 SNP2UVC - ok 11:45:51.0437 5560 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 11:45:51.0437 5560 Sparrow - ok 11:45:51.0531 5560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 11:45:51.0531 5560 splitter - ok 11:45:51.0703 5560 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\WINDOWS\System32\Drivers\sptd.sys 11:45:51.0703 5560 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9 11:45:51.0703 5560 sptd ( LockedFile.Multi.Generic ) - warning 11:45:51.0703 5560 sptd - detected LockedFile.Multi.Generic (1) 11:45:51.0796 5560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 11:45:51.0796 5560 sr - ok 11:45:51.0953 5560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 11:45:51.0953 5560 Srv - ok 11:45:52.0078 5560 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 11:45:52.0078 5560 StillCam - ok 11:45:52.0171 5560 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 11:45:52.0171 5560 streamip - ok 11:45:52.0265 5560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 11:45:52.0281 5560 swenum - ok 11:45:52.0375 5560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 11:45:52.0375 5560 swmidi - ok 11:45:52.0437 5560 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 11:45:52.0437 5560 symc810 - ok 11:45:52.0562 5560 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 11:45:52.0562 5560 symc8xx - ok 11:45:52.0640 5560 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 11:45:52.0640 5560 sym_hi - ok 11:45:52.0765 5560 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 11:45:52.0765 5560 sym_u3 - ok 11:45:52.0875 5560 SynTP (ae4052fc36bd4c390cee45a38ec1199a) C:\WINDOWS\system32\DRIVERS\SynTP.sys 11:45:52.0875 5560 SynTP - ok 11:45:53.0078 5560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 11:45:53.0078 5560 sysaudio - ok 11:45:53.0312 5560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 11:45:53.0312 5560 Tcpip - ok 11:45:53.0500 5560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 11:45:53.0500 5560 TDPIPE - ok 11:45:53.0687 5560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 11:45:53.0687 5560 TDTCP - ok 11:45:53.0875 5560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 11:45:53.0875 5560 TermDD - ok 11:45:53.0921 5560 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 11:45:53.0921 5560 TosIde - ok 11:45:54.0109 5560 TotRec7 (9f5eeba83c88eb747b831b6eeadc2442) C:\WINDOWS\system32\drivers\TotRec7.sys 11:45:54.0125 5560 TotRec7 - ok 11:45:54.0328 5560 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS 11:45:54.0343 5560 TSMAPIP - ok 11:45:54.0421 5560 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys 11:45:54.0421 5560 tvtfilter - ok 11:45:54.0640 5560 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys 11:45:54.0640 5560 TVTI2C - ok 11:45:54.0843 5560 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys 11:45:54.0843 5560 TVTPktFilter - ok 11:45:54.0906 5560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 11:45:54.0906 5560 Udfs - ok 11:45:55.0078 5560 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 11:45:55.0078 5560 ultra - ok 11:45:55.0187 5560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 11:45:55.0187 5560 Update - ok 11:45:55.0406 5560 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 11:45:55.0406 5560 usbaudio - ok 11:45:55.0578 5560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 11:45:55.0593 5560 usbccgp - ok 11:45:55.0781 5560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 11:45:55.0781 5560 usbehci - ok 11:45:55.0875 5560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 11:45:55.0875 5560 usbhub - ok 11:45:56.0031 5560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 11:45:56.0031 5560 usbscan - ok 11:45:56.0093 5560 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys 11:45:56.0093 5560 usbser - ok 11:45:56.0265 5560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 11:45:56.0265 5560 USBSTOR - ok 11:45:56.0453 5560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 11:45:56.0453 5560 usbuhci - ok 11:45:56.0656 5560 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 11:45:56.0656 5560 usbvideo - ok 11:45:56.0859 5560 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 11:45:56.0859 5560 usb_rndisx - ok 11:45:56.0968 5560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 11:45:56.0968 5560 VgaSave - ok 11:45:57.0078 5560 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 11:45:57.0093 5560 viaagp - ok 11:45:57.0234 5560 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 11:45:57.0234 5560 ViaIde - ok 11:45:57.0390 5560 vmkbd (805fc839929789151a95b3e7655a2012) C:\WINDOWS\system32\drivers\VMkbd.sys 11:45:57.0390 5560 vmkbd - ok 11:45:57.0593 5560 VMnetAdapter (f68c99f41c3cf6e1c3c542fadd2e20cf) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys 11:45:57.0593 5560 VMnetAdapter - ok 11:45:58.0000 5560 VMnetBridge (121fbda3a14f0744a8c213d3e9f14d63) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys 11:45:58.0000 5560 VMnetBridge - ok 11:45:58.0078 5560 VMnetuserif (7c4cb8d53945d7d94514259d4b42483e) C:\WINDOWS\system32\drivers\vmnetuserif.sys 11:45:58.0078 5560 VMnetuserif - ok 11:45:58.0281 5560 vmx86 (3c273f0f027cdff4a5799520bd40b22c) C:\WINDOWS\system32\Drivers\vmx86.sys 11:45:58.0296 5560 vmx86 - ok 11:45:58.0500 5560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 11:45:58.0500 5560 VolSnap - ok 11:45:58.0609 5560 vstor2 (9e4ff401725fe6a26d8fe492bf0ea2b1) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys 11:45:58.0609 5560 vstor2 - ok 11:45:58.0656 5560 vstor2-ws60 (256318cdef640ad2062754871bc96bfc) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys 11:45:58.0671 5560 vstor2-ws60 - ok 11:45:58.0781 5560 vvftav - ok 11:45:58.0937 5560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 11:45:58.0937 5560 Wanarp - ok 11:45:59.0125 5560 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys 11:45:59.0125 5560 wceusbsh - ok 11:45:59.0281 5560 WDICA - ok 11:45:59.0437 5560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 11:45:59.0437 5560 wdmaud - ok 11:45:59.0531 5560 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 11:45:59.0531 5560 WmiAcpi - ok 11:45:59.0593 5560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 11:45:59.0593 5560 WSTCODEC - ok 11:45:59.0656 5560 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 11:45:59.0656 5560 WudfPf - ok 11:45:59.0796 5560 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 11:45:59.0796 5560 WudfRd - ok 11:45:59.0875 5560 ZSMC0305 - ok 11:45:59.0921 5560 MBR (0x1B8) (2ab40fd3bc9212826f45ca4f99d15f4d) \Device\Harddisk0\DR0 11:45:59.0921 5560 \Device\Harddisk0\DR0 - ok 11:45:59.0937 5560 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4 11:45:59.0953 5560 \Device\Harddisk1\DR4 - ok 11:45:59.0953 5560 Boot (0x1200) (cd07d4a45b6ff05dc018c13c35a4050d) \Device\Harddisk0\DR0\Partition0 11:45:59.0953 5560 \Device\Harddisk0\DR0\Partition0 - ok 11:45:59.0984 5560 Boot (0x1200) (5a8916ec16e60710f40bccbfa8f1d9eb) \Device\Harddisk0\DR0\Partition1 11:45:59.0984 5560 \Device\Harddisk0\DR0\Partition1 - ok 11:45:59.0984 5560 Boot (0x1200) (4f3c7dd2250b22bc7f96a9f6ff2c7f2c) \Device\Harddisk1\DR4\Partition0 11:45:59.0984 5560 \Device\Harddisk1\DR4\Partition0 - ok 11:45:59.0984 5560 ============================================================ 11:45:59.0984 5560 Scan finished 11:45:59.0984 5560 ============================================================ 11:46:00.0000 2880 Detected object count: 1 11:46:00.0000 2880 Actual detected object count: 1 11:46:37.0953 2880 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot 11:46:37.0953 2880 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot 11:46:37.0953 2880 C:\WINDOWS\System32\Drivers\sptd.sys - will be deleted on reboot 11:46:37.0953 2880 sptd ( LockedFile.Multi.Generic ) - User select action: Delete 11:47:37.0265 2744 Deinitialize success
- November 12, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Many thanks again for your continued support, latest scan results below; aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-11-11 17:09:13 ----------------------------- 17:09:13.609 OS Version: Windows 5.1.2600 Service Pack 3 17:09:13.609 Number of processors: 2 586 0xF0D 17:09:13.609 ComputerName: LENOVO UserName: Bob 17:09:15.484 Initialize success 17:09:42.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 17:09:42.812 Disk 0 Vendor: FUJITSU_ 0000 Size: 476940MB BusType: 3 17:09:42.812 Disk 1 \Device\Harddisk1\DR4 -> \Device\000000a0 17:09:42.812 Disk 1 Vendor: RICOH 01 Size: 976MB BusType: 0 17:09:44.890 Disk 0 MBR read successfully 17:09:44.890 Disk 0 MBR scan 17:09:44.890 Disk 0 unknown MBR code 17:09:44.890 Disk 0 scanning sectors +976768065 17:09:44.968 Disk 0 scanning C:\WINDOWS\system32\drivers 17:09:58.718 Service scanning 17:09:59.328 Service MpKsl4fb75db6 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A00AE24-F257-461D-8528-98D6FBBF8C15}\MpKsl4fb75db6.sys **LOCKED** 32 17:09:59.453 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32 17:10:00.046 Modules scanning 17:10:25.453 Disk 0 trace - called modules: 17:10:25.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys sptd.sys 17:10:25.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7446c8] 17:10:25.578 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000090[0x8a761b58] 17:10:25.578 5 ACPI.sys[f7498620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a75c030] 17:10:25.578 Scan finished successfully 17:10:47.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bob\Desktop\MBR.dat" 17:10:47.515 The log file has been saved successfully to "C:\Documents and Settings\Bob\Desktop\aswMBR.txt"
- November 11, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

OK, OTL scan run again, report below. Java removed and re-installed up to date. Prior to running ESET online scan, msse found and removed the following too, Adware:Win32/ClickPotato Adware:Win32/OpenCandy Exploit:Java/Blacole.AR Exploit:Java/CVE-2010-4452.E Exploit:Java/Blacole.AN Exploit:Java/Blacole.AQ Exploit:Java/Blacole.AP Exploit:Java/Blacole.AO Exploit:Java/Blacole.AR Exploit:Java/CVE-2010-0840.HH Exploit:Java/CVE-2010-0840.DR TrojanDownloader:Java/OpenConnection.OU During the ESET scan the following was found and removed by msse. Trojan:Win32/FakeSysdef Scan Reports below; All processes killed ========== OTL ========== File C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1409_0\plugins/avgnpss.dll not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\ deleted successfully. C:\Program Files\Microsoft Money\System\mnyside.dll moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully. C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVG2012 folder moved successfully. C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5k moved successfully. C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5kr moved successfully. C:\Documents and Settings\All Users\Application Data\iqKl7AdbnVvY5k moved successfully. C:\Documents and Settings\Bob\Local Settings\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2 moved successfully. C:\Documents and Settings\All Users\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2 moved successfully. Folder C:\Documents and Settings\All Users\Application Data\AVG2012\ not found. C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully. C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully. Folder C:\Documents and Settings\All Users\Application Data\jEkOcKn06308\ not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Bob\Desktop\System Tools\cmd.bat deleted successfully. C:\Documents and Settings\Bob\Desktop\System Tools\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Bob ->Temp folder emptied: 14773888 bytes ->Temporary Internet Files folder emptied: 27673155 bytes ->Java cache emptied: 27976417 bytes ->Google Chrome cache emptied: 6235663 bytes ->Flash cache emptied: 1433 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 56466 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 15102 bytes ->Temporary Internet Files folder emptied: 32902 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19593 bytes %systemroot%\System32 .tmp files removed: 5540749 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 101223 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 689 bytes Total Files Cleaned = 79.00 mb C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 11112011_073915 Files\Folders moved on Reboot... C:\Documents and Settings\Bob\Local Settings\Temp\WCESLog.log moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\WOM906MR\ads[5].htm moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\W1NLWHOJ\12620-Icons-quot-Greyed-quot-after-infection-Why[2].htm moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\W1NLWHOJ\KIS2012_728x90_uk_mexad[1].html moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\CL0LRL37\ads[8].htm moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\4PXQ81JO\sed[1].htm moved successfully. C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. C:\WINDOWS\temp\Perflib_Perfdata_14c.dat moved successfully. File\Folder C:\WINDOWS\temp\Perflib_Perfdata_dd4.dat not found! Registry entries deleted on Reboot... C:\Documents and Settings\Bob\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP581\A0138881.exe a variant of Win32/Kryptik.UOE trojan cleaned by deleting - quarantined
- November 11, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Sorry about that, senior moment again, report follows; OTL logfile created on: 10/11/2011 21:15:49 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bob\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.90% Memory free 3.33 Gb Paging File | 2.57 Gb Available in Paging File | 77.28% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 459.74 Gb Total Space | 282.37 Gb Free Space | 61.42% Space Free | Partition Type: NTFS Drive E: | 382.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 182.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive H: | 976.13 Mb Total Space | 505.78 Mb Free Space | 51.82% Space Free | Partition Type: FAT Drive J: | 15.69 Mb Total Space | 3.45 Mb Free Space | 21.96% Space Free | Partition Type: NTFS Computer Name: LENOVO | User Name: Bob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Bob\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.) PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo ) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.) PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.) PRC - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) PRC - C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) PRC - C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.) PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) PRC - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) PRC - C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo) PRC - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe () PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\WINDOWS\vsnp2uvc.exe (Sonix) PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\WINDOWS\system32\PSIService.exe () PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll () MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\devenum.dll () MOD - C:\Program Files\VMware\VMware Workstation\zlib1.dll () MOD - C:\Program Files\VMware\VMware Workstation\libxml2.dll () MOD - C:\WINDOWS\system32\cpwmon2k.dll () MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\libeay32.dll () MOD - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\ssleay32.dll () MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () MOD - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe () MOD - C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll () MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\WINDOWS\system32\PSIService.exe () MOD - C:\WINDOWS\system32\BrMuSNMP.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.) SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.) SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.) SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc) SRV - (vmount2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) SRV - (PMSveH) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo) SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.) SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe () SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found DRV - (MpKslc198cbb5) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{659B2E40-74A5-456B-B197-FE482B2A39F5}\MpKslc198cbb5.sys (Microsoft Corporation) DRV - (RapportCerberus_32301) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys () DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.) DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.) DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (TotRec7) -- C:\WINDOWS\system32\drivers\TotRec7.sys (High Criteria inc.) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (eusk2par) -- C:\WINDOWS\system32\drivers\eusk2par.sys (Aladdin Knowledge Systems Ltd.) DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.) DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.) DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (vstor2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys () DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) DRV - (PMHler) -- C:\WINDOWS\system32\drivers\PMHler.sys (Lenovo ) DRV - (MTDVC2) -- C:\WINDOWS\system32\drivers\mtdv2ku2.sys (Matsu****a Electric Industrial Co., Ltd.) DRV - (MTDVC2_ENUM) -- C:\WINDOWS\system32\drivers\mtdv2ks2.sys (Matsu****a Electric Industrial Co., Ltd.) DRV - (FINEPIX_PCC) -- C:\WINDOWS\system32\drivers\V4CB0127.SYS (FUJI PHOTO FILM CO.,LTD.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://freeola.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2011/09/21 18:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GGLL_en-GB CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Click to call with Skype = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\ O1 HOSTS File: ([2011/11/10 20:56:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix) O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.) O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.) O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://84.92.80.192:8081/activex/AMC.cab (AxisMediaControlEmb Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2221548-3CF3-4A5C-96F8-327872E6716A}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc) O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited) O24 - Desktop WallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/30 07:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2002/10/16 08:16:14 | 000,000,057 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2002/10/18 13:02:47 | 000,126,976 | R--- | M] (Serif SPC) - E:\autorun.exe -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe - (Adobe Systems Incorporated) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit, Inc.) MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: AwaySch - hkey= - key= - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) MsConfig - StartUpReg: btbb_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent) MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) MsConfig - StartUpReg: cssauth - hkey= - key= - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited) MsConfig - StartUpReg: DiskeeperSystray - hkey= - key= - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) MsConfig - StartUpReg: FingerPrintSoftware - hkey= - key= - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc) MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found MsConfig - StartUpReg: LPManager - hkey= - key= - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited) MsConfig - StartUpReg: Message Center Plus - hkey= - key= - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe () MsConfig - StartUpReg: NBAgent - hkey= - key= - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: PMHandler - hkey= - key= - C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: TPFNF7 - hkey= - key= - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) MsConfig - StartUpReg: TPWAUDAP - hkey= - key= - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited) MsConfig - StartUpReg: TVT Scheduler Proxy - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited) MsConfig - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/11/10 21:13:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.scr [2011/11/10 20:45:46 | 000,000,000 | RHSD | C] -- C:\cmdcons [2011/11/10 20:43:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2011/11/10 20:43:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2011/11/10 20:43:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2011/11/10 20:43:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2011/11/10 20:43:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2011/11/10 20:37:41 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/11/10 20:31:07 | 004,289,249 | R--- | C] (Swearware) -- C:\Documents and Settings\Bob\Desktop\Combo.exe [2011/11/10 19:38:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bob\Recent [2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys [2011/10/29 17:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\PolderbitS [2011/10/29 14:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Guitar Stuff [2011/10/18 21:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\WM_Bob My Documents [2011/10/16 19:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011/10/12 16:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2008/08/01 20:36:08 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL [2008/07/30 17:34:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bob\Application Data\pcouffin.sys [2008/04/23 02:13:13 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll [2008/04/23 02:13:13 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/11/10 21:13:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.scr [2011/11/10 21:01:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/11/10 20:59:13 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/11/10 20:56:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011/11/10 20:56:35 | 000,025,314 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2011/11/10 20:56:26 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/11/10 20:56:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/11/10 20:56:13 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys [2011/11/10 20:45:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2011/11/10 20:31:16 | 004,289,249 | R--- | M] (Swearware) -- C:\Documents and Settings\Bob\Desktop\Combo.exe [2011/11/10 20:26:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/11/10 20:15:59 | 000,019,967 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\bookmarks_11_10_11.html [2011/11/10 20:13:24 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\SkyDrive.url [2011/11/10 20:08:13 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Flyer Forum.url [2011/11/10 20:03:52 | 000,305,176 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\census.cache [2011/11/10 20:03:36 | 000,253,041 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\ars.cache [2011/11/10 19:50:02 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\PAFRA Forum.url [2011/11/10 19:33:38 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\CSA.url [2011/11/10 19:31:21 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2011/11/10 19:27:21 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2011/11/10 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8033D9A4-F450-416F-9B7C-AB9C030B3C45}.job [2011/11/09 23:33:22 | 000,000,203 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\XC Weather.url [2011/11/09 23:20:10 | 000,504,416 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/11/09 23:20:10 | 000,090,150 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/11/09 23:05:36 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5k [2011/11/09 23:00:04 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5kr [2011/11/09 22:59:59 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iqKl7AdbnVvY5k [2011/11/09 18:28:34 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Booking Calendar.url [2011/11/09 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2011/11/09 16:59:05 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\ebay.url [2011/11/08 17:12:39 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/11/08 17:12:39 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys [2011/11/05 15:48:33 | 000,000,275 | ---- | M] () -- C:\WINDOWS\BTW.INI [2011/11/04 22:08:23 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Jango Music.url [2011/11/03 17:07:37 | 000,000,155 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/11/02 17:16:52 | 000,000,246 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\PC Help PBEK.url [2011/10/29 18:05:03 | 000,010,915 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2011/10/29 17:53:45 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\Drv64_32.dat [2011/10/28 20:27:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2011/10/27 18:43:44 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\spider.sav [2011/10/27 17:59:11 | 000,473,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/10/23 13:15:50 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Acroread.ini [2011/10/22 10:05:31 | 000,005,054 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\HD2 Forum.url [2011/10/18 21:45:32 | 000,000,076 | ---- | M] () -- C:\WINDOWS\pwkforms.ini [2011/10/18 16:30:07 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\PROTOCOL.INI [2011/10/16 19:38:15 | 000,017,888 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\cc_20111016_203811.reg [2011/10/16 19:03:44 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2011/10/16 08:07:14 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Met Office.url [2011/10/13 19:15:49 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2011/10/13 16:47:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/10/12 17:11:42 | 000,006,278 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\cc_20111012_181137.reg [2011/10/11 22:17:24 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DiagHead.lnk [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/11/10 20:45:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2011/11/10 20:45:50 | 000,260,272 | RHS- | C] () -- C:\cmldr [2011/11/10 20:43:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/11/10 20:43:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/11/10 20:43:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/11/10 20:43:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/11/10 20:43:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/11/10 20:15:59 | 000,019,967 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\bookmarks_11_10_11.html [2011/11/10 20:13:12 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\SkyDrive.url [2011/11/10 20:03:52 | 000,305,176 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\census.cache [2011/11/10 20:03:36 | 000,253,041 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\ars.cache [2011/11/10 19:31:21 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2011/11/09 23:14:52 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys [2011/11/09 23:00:04 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5k [2011/11/09 23:00:04 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5kr [2011/11/09 22:59:59 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iqKl7AdbnVvY5k [2011/10/29 17:53:21 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv64_32.dat [2011/10/16 19:38:13 | 000,017,888 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\cc_20111016_203811.reg [2011/10/16 19:03:44 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2011/10/16 19:03:41 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2011/10/16 19:02:41 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2011/10/12 17:11:40 | 000,006,278 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\cc_20111012_181137.reg [2011/10/01 18:37:01 | 000,037,192 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\Microsoft Excel.ADR [2011/09/28 16:06:44 | 000,037,203 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\Comma Separated Values (Windows).ADR [2011/08/16 16:57:59 | 000,000,052 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\mm-device-08.ini [2011/05/18 16:12:36 | 000,007,620 | -HS- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2 [2011/05/18 16:12:36 | 000,007,620 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2 [2011/05/08 09:11:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/05/08 09:11:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011/05/02 22:30:50 | 001,144,147 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll [2011/05/02 22:27:54 | 003,935,545 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll [2011/05/02 20:23:46 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll [2011/05/02 20:19:34 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2011/05/02 20:19:20 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/05/02 09:26:21 | 000,789,346 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1680706785-1795540141-2034184868-1008-0.dat [2011/04/23 18:51:11 | 000,394,810 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2011/03/30 21:22:16 | 000,000,998 | ---- | C] () -- C:\WINDOWS\OBD.INI [2011/03/18 21:32:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll [2011/03/18 21:29:56 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll [2011/03/18 21:28:30 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll [2011/03/18 21:27:08 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll [2011/03/18 21:26:44 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll [2011/03/18 21:25:38 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll [2011/03/18 21:25:24 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll [2011/03/03 11:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll [2011/03/03 11:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll [2011/03/03 11:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll [2011/03/03 11:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll [2011/03/03 11:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe [2011/03/03 11:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll [2011/03/03 11:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll [2011/03/03 11:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll [2011/03/03 11:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe [2011/03/03 11:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll [2011/03/03 11:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe [2011/03/03 11:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll [2011/03/03 11:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll [2011/02/22 19:39:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2011/02/22 19:37:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2011/02/09 17:34:24 | 000,459,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/02/01 17:06:09 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\vmcoinst_vc0305.dll [2010/12/24 23:41:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\housecall.guid.cache [2010/08/27 11:52:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010/08/18 19:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini [2010/05/25 17:04:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\NReq.dat [2010/05/25 17:04:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\CNFrs.drv [2010/01/22 07:50:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\prvlcl.dat [2009/11/23 17:58:56 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2009/11/01 22:17:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll [2009/10/31 14:59:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll [2009/10/29 20:36:00 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll [2009/09/17 19:01:27 | 000,225,280 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\SharedSettings.ccs [2009/09/16 13:19:20 | 001,015,808 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2009/09/16 13:19:20 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll [2009/09/16 13:19:17 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2009/09/16 13:19:17 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll [2009/09/16 13:19:16 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2009/09/16 13:19:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2009/09/16 13:19:16 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll [2009/08/11 21:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe [2009/08/11 21:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe [2009/04/30 17:53:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/02/01 15:24:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2009/01/30 12:12:07 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2008/11/06 15:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/10/06 20:25:19 | 000,010,915 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/10/04 14:23:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc [2008/08/28 21:40:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2008/08/08 19:25:39 | 000,030,048 | ---- | C] () -- C:\WINDOWS\unsetup.exe [2008/08/08 19:25:33 | 000,000,275 | ---- | C] () -- C:\WINDOWS\BTW.INI [2008/08/01 20:46:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Acroread.ini [2008/07/31 22:28:28 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/07/31 22:08:22 | 000,000,099 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\ftpfile.dat [2008/07/30 20:57:08 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib [2008/07/30 19:21:27 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\$_hpcst$.hpc [2008/07/30 17:34:56 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll [2008/07/30 17:34:43 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\ezpinst.exe [2008/07/30 17:34:43 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\pcouffin.cat [2008/07/30 17:34:43 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\pcouffin.inf [2008/07/30 15:42:05 | 000,000,424 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS [2008/07/30 15:30:31 | 000,000,076 | ---- | C] () -- C:\WINDOWS\pwkforms.ini [2008/07/30 14:23:56 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/07/30 08:08:55 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll [2008/07/30 08:08:55 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini [2008/07/29 21:32:15 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008/07/29 21:32:15 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008/07/29 21:31:49 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2008/07/29 21:31:49 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2008/07/29 21:31:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat [2008/07/29 21:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2008/07/29 21:31:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2008/07/29 21:29:26 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2008/07/29 21:04:50 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI [2008/07/29 17:21:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/07/29 16:06:44 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\A98658C768.sys [2008/07/29 16:06:43 | 000,005,954 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2008/04/23 02:50:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008/04/23 02:32:18 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys [2008/04/23 02:30:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe [2008/04/23 02:22:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/04/23 02:22:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/04/23 02:22:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/04/23 02:22:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/04/23 02:22:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/04/23 02:22:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/04/23 02:16:37 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll [2008/04/23 02:16:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll [2008/04/23 02:16:30 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe [2008/04/23 02:15:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008/04/23 02:15:15 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat [2008/04/23 02:13:58 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2008/04/23 02:13:14 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini [2008/04/23 02:13:13 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys [2008/04/23 02:07:27 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config [2007/08/16 10:28:38 | 000,025,314 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI [2007/02/09 19:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2006/11/12 04:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2006/11/03 03:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe [2006/04/30 07:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/04/30 07:22:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006/04/30 07:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006/04/30 07:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006/04/30 06:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/04/30 06:55:55 | 000,504,416 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/04/30 06:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/04/30 06:55:55 | 000,090,150 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/04/30 06:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/04/30 06:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/04/30 06:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/04/30 06:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006/04/30 06:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/04/30 06:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/04/30 06:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/04/30 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/04/30 00:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006/04/30 00:03:29 | 000,473,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006/03/04 04:52:00 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll [2003/03/27 13:18:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\akrip.dll [2002/03/18 11:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ezmp3enc.dll [2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001/11/14 19:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2000/09/13 17:15:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll [1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== LOP Check ========== [2009/09/16 23:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica [2008/10/08 19:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo [2008/12/14 10:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery [2011/10/16 19:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2010/12/05 11:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2008/09/14 12:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDEnetfile [2010/12/24 23:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bOgHm05310 [2008/11/05 19:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland [2009/10/07 16:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations [2011/03/04 15:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software [2010/12/05 11:52:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2011/11/08 17:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2008/07/30 17:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio [2009/08/14 21:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM [2009/08/14 21:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail [2010/03/19 18:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions [2010/04/09 22:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2011/02/27 19:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jEkOcKn06308 [2009/08/30 15:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009/08/31 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2011/05/03 21:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\M-Audio [2011/11/09 21:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memory-Map-License [2011/10/16 19:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2009/08/21 13:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2010/01/17 09:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks [2009/09/22 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2008/10/06 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2009/05/29 17:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2011/07/25 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist [2010/01/14 17:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2010/03/02 17:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail [2011/02/19 23:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT [2008/07/29 21:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2008/08/10 10:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft [2008/07/29 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaskMgr [2009/12/22 22:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [2011/03/09 17:32:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0 [2011/09/14 16:54:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~1 [2009/09/16 23:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Acoustica [2011/06/19 15:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Arduino [2008/10/08 19:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Ashampoo [2011/02/15 17:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Business Suite [2011/06/22 18:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\CoffeeCup Software [2008/07/31 08:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\DAEMON Tools [2011/11/05 16:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\DAEMON Tools Lite [2011/10/08 11:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\DevFind [2009/06/23 16:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Downloaded Installations [2008/08/06 19:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\ESBUnitConv [2008/10/20 21:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Inkscape [2009/12/07 20:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\KEDDS [2008/07/29 16:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Leadertech [2009/08/30 15:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Lenovo [2009/07/01 19:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Nokia [2008/08/20 18:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Nvu [2009/04/13 13:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\OpenOffice.org [2009/12/28 21:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\PC Suite [2011/02/15 18:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\PO Management [2011/01/10 18:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\ScanSoft [2009/01/30 12:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Serif [2009/12/07 20:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Skinux [2008/09/19 14:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\SlySoft [2011/06/18 15:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\SoftMaker [2011/11/06 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Spotify [2009/05/01 21:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Thunderbird [2009/08/15 12:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\TotalRecorder [2009/12/22 22:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Trusteer [2009/08/31 15:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Vso [2011/01/18 17:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Watchtower [2011/11/10 21:01:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2011/11/09 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job [2011/10/13 19:15:49 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job [2011/11/10 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8033D9A4-F450-416F-9B7C-AB9C030B3C45}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/03/30 19:09:35 | 000,001,024 | ---- | M] () -- C:\.rnd [2011/09/07 18:28:05 | 000,021,276 | ---- | M] () -- C:\aaw7boot.log [2010/05/07 17:35:26 | 000,034,228 | ---- | M] () -- C:\ASLog.txt [2006/04/30 07:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2008/07/30 05:18:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2011/11/10 20:45:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr [2011/11/10 21:05:54 | 000,026,032 | ---- | M] () -- C:\ComboFix.txt [2006/04/30 07:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008/04/23 02:23:26 | 000,001,496 | ---- | M] () -- C:\drivez.log [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2009/12/22 14:10:57 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2011/11/10 20:56:13 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2006/04/30 07:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2006/04/30 07:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/07/29 22:36:35 | 000,250,048 | RHS- | M] () -- C:\NTLDR [2004/02/29 15:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp [2011/11/10 20:56:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys [2008/04/23 02:15:26 | 000,000,542 | ---- | M] () -- C:\RHDSetup.log [2008/04/23 02:02:13 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl [2008/09/28 16:36:04 | 000,000,336 | ---- | M] () -- C:\TPHKLOCK.TXT [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll [2001/11/20 13:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\ppbiPr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011/08/11 17:08:01 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\system32\*.exe /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\System32\config\*.sav > [2006/04/30 00:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2006/04/30 00:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2006/04/30 00:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %PROGRAMFILES%\* > < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) < End of report >
- November 10, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Second OTL report OTL Extras logfile created on: 10/11/2011 21:15:49 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bob\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.90% Memory free 3.33 Gb Paging File | 2.57 Gb Available in Paging File | 77.28% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 459.74 Gb Total Space | 282.37 Gb Free Space | 61.42% Space Free | Partition Type: NTFS Drive E: | 382.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 182.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive H: | 976.13 Mb Total Space | 505.78 Mb Free Space | 51.82% Space Free | Partition Type: FAT Drive J: | 15.69 Mb Total Space | 3.45 Mb Free Space | 21.96% Space Free | Partition Type: NTFS Computer Name: LENOVO | User Name: Bob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.) "C:\Program Files\CoffeeCup Software\Direct FTP\DirectFTP.exe" = C:\Program Files\CoffeeCup Software\Direct FTP\DirectFTP.exe:*:Enabled:Direct FTP Application -- (CoffeeCup Software, Inc.) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) "C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd) "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google) "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent) "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent) "C:\Program Files\BMW Diagnostic Head Emulator\DiagHead.exe" = C:\Program Files\BMW Diagnostic Head Emulator\DiagHead.exe:*:Enabled:DiagHead -- (SoftCom Ltd.) "C:\EDIABAS\Bin\IFHSrv32.exe" = C:\EDIABAS\Bin\IFHSrv32.exe:*:Enabled:NETMAN Server -- () "C:\Program Files\WebSite X5 v8 - Evolution\WebSite.exe" = C:\Program Files\WebSite X5 v8 - Evolution\WebSite.exe:*:Enabled:WebSite X5 -- (Incomedia - www.websitex5.com) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01A2E33A-8ADA-42D1-9173-8F65149E952F}" = Microsoft Money "{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money System Pack "{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM) "{0345CF70-FA00-4F4E-A218-0FA494F465A4}" = LightScribe Template Designs - Business Pack 1 "{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data "{0C9F8331-C56A-4600-A563-99CDBCE43694}" = WinPCSIGN Letter 2005 "{0DA9CEC1-67FB-473C-A5BF-7FECA017B725}" = PocketFMS EUR 1.5.0 "{0F6D55D8-89AA-4C1D-BC4C-ACBBDE8BE57A}" = Serif PhotoPlus 8.0 "{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message "{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail "{1A8C5BB4-91EB-4AB4-B667-74EC501341B9}" = LightScribe Template Designs - 9 to 5 Pack 1 "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15 "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition "{284A25AA-96B4-449D-BBA0-D0C97A5E213E}" = PCB Artist Version 1.4 "{2b02f824-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier Edition 2004 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{3724743C-C279-4ACA-A451-56479745208A}" = Memory-Map European Edition "{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows "{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1 "{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English "{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback "{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32 "{5FA08EAD-6532-4609-9E78-DBBEBE9AE6D2}" = Visual Site Designer "{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement "{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler "{669179DB-431A-4759-954E-822D254112C0}" = PocketFMS EUR 1.6.0 "{69333A04-5134-40A5-A055-9166A7AA1EC8}" = "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7 "{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution "{7075FDA1-1542-4659-8FC6-4C127B32F907}" = PocketFMS "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77486339-D60A-494D-9492-55385419ED50}" = PocketFMS EUR 1.4.4 "{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite "{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections "{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3 "{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software "{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8FE552F4-52D5-4ED8-B77B-672D5F88B427}" = DVR "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD "{9570A579-88E2-4B73-A28F-3ED8FCB8C0D8}_is1" = Incomedia WebSite X5 v9 - Free "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime "{979B748C-6095-4A5A-BC7B-C15E720529D6}" = PCMSCAN "{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9CE06167-6F6F-40E4-B723-3702FE2831DD}" = BMW Diagnostic Head Emulator "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser "{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio "{ABE02A4F-E00D-4E06-ADB8-CF5AB5B0239A}" = PocketFMS EUR 1.5.1 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1) "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy "{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B293806D-4407-4287-A00C-E9064174EF89}" = Network Magic "{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BDC83FD3-1A0F-46FB-8852-5E9A94294143}" = Serif PagePlus 8.0 PDF Edition "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes "{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007 "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care "{D08E34CE-0106-4C47-83B0-8A31D7098BB6}" = PocketFMS EUR Datapack 1.0.1.0 "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller "{D7D50D63-55C0-11D5-A6A2-00C0DF05DE71}" = TurboCAD Professional v8 "{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media "{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools "{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate "{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers "{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (NEBULA2K) "{E4B024F9-2074-4FEB-9885-EDF9EC39026F}" = PocketFMS "{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F8650CB3-89F1-4AE0-81AC-917423C58DB8}" = Serif PhotoPlus Association File Formats "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "ABC Amber NBU Converter" = ABC Amber NBU Converter "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "ASIO4ALL" = ASIO4ALL "AU65_is1" = Advanced Uninstaller PRO 2004 - version 6 "Audacity_is1" = Audacity 1.2.6 "Avantext TechPubs Manager" = Avantext TechPubs Manager "AwayTask" = Maintenance Manager "AXIS Media Control Embedded" = AXIS Media Control Embedded "BT Broadband Desktop Help" = BT Broadband Desktop Help "BTHomeHub" = BTHomeHub "CCleaner" = CCleaner "CloneCD" = CloneCD "CoffeeCup Direct FTP 6.7.17" = CoffeeCup Direct FTP "CoffeeCup GIF Animator" = CoffeeCup GIF Animator "CoffeeCup HTML Editor" = CoffeeCup HTML Editor "CoffeeCup LockBox" = CoffeeCup LockBox "CoffeeCup Photo Gallery - Registered" = CoffeeCup Photo Gallery - Registered "CoffeeCup PixConverter" = CoffeeCup PixConverter "CoffeeCup Web Form Builder - Registered" = CoffeeCup Web Form Builder - Registered "CoffeeCup Web JukeBox - Registered" = CoffeeCup Web JukeBox - Registered "CutePDF Writer Installation" = CutePDF Writer 2.8 "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "Defraggler" = Defraggler "Digital Media LE" = Roxio Digital Media LE "DTE" = DTE "EditiX-Free-XML Editor2010 Free-2010" = EditiX-Free-XML Editor2010 Free-2010 "ESBUnitConv4_is1" = ESBUnitConv v5.2 "File Recover_is1" = File Recover 7.5 "Garden Encyclopedia" = Garden Encyclopedia version 3.0 "Google Chrome" = Google Chrome "Guitar Pro 5_is1" = Guitar Pro 5.0 "HDMI" = Intel® Graphics Media Accelerator Driver "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "IncrediMail" = IncrediMail 2.0 "Inkscape" = Inkscape 0.46 "InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver "InstallShield_{DA8E52C7-8638-4AD6-B94E-53ED24EE5202}" = DesignPro 5 Lite Edition "KitchenDraw 5.0" = KitchenDraw 5.0 "KitchenDraw_is1" = KitchenDraw 5.5 "Lenovo Registration" = Lenovo Registration "MainApp.exe_is1" = CloneDVD 4.1.0.23 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Media Player - Codec Pack" = Media Player Codec Pack 4.0.0 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MP3 Workshop_is1" = MP3 Workshop 1.92 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero 6 "Nero BurnRights!UninstallKey" = Nero BurnRights "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OnScreenDisplay" = On Screen Display "PC-Doctor for Windows" = Lenovo System Toolbox "PCMCIAPW" = ThinkPad PC Card Power Policy "PhotoMail" = PhotoMail Maker "Picasa2" = Picasa 2 "ProInst" = Intel® PROSet/Wireless Software "Rapport_msi" = Rapport "Recuva" = Recuva (remove only) "sm-un1.u32" = SoftMaker Office 2008 (C:\Program Files\SoftMaker Office 2008) "Spotify" = Spotify "SynTPDeinstKey" = Synaptics Pointing Device Driver "TotalRecorder" = Total Recorder 7.1 "USB Audio_is1" = Ver 1.2.0 "VCDS-Lite 1.1" = VCDS-Lite 1.1 "Vectorian Giotto_is1" = Vectorian Giotto 3.0.0 "WaveLab Lite" = WaveLab Lite "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WinUndelete" = WinUndelete "WinZip" = WinZip "Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4 "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "ZC DVD Audio Ripper_is1" = ZC DVD Audio Ripper 2.8.6.296 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "NATS AFPEx Terminal" = NATS AFPEx Terminal "Notam Map" = Notam Map ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05/11/2011 11:44:43 | Computer Name = LENOVO | Source = Application Error | ID = 1000 Description = Faulting application garden.exe, version 1.0.0.1, faulting module garden.exe, version 1.0.0.1, fault address 0x00015012. Error - 09/11/2011 18:52:02 | Computer Name = LENOVO | Source = Application Error | ID = 1000 Description = Faulting application rer160.tmp, version 0.0.0.0, faulting module rer160.tmp, version 0.0.0.0, fault address 0x00004104. Error - 09/11/2011 18:52:08 | Computer Name = LENOVO | Source = Application Error | ID = 1001 Description = Fault bucket -1606711140. Error - 09/11/2011 18:52:10 | Computer Name = LENOVO | Source = Application Error | ID = 1000 Description = Faulting application rer162.tmp, version 0.0.0.0, faulting module rer162.tmp, version 0.0.0.0, fault address 0x00004104. Error - 09/11/2011 18:52:16 | Computer Name = LENOVO | Source = Application Error | ID = 1000 Description = Faulting application rer164.tmp, version 0.0.0.0, faulting module rer164.tmp, version 0.0.0.0, fault address 0x00004104. Error - 09/11/2011 18:52:18 | Computer Name = LENOVO | Source = Application Error | ID = 1001 Description = Fault bucket -1606625605. Error - 09/11/2011 18:52:19 | Computer Name = LENOVO | Source = Application Error | ID = 1001 Description = Fault bucket -1606625590. Error - 09/11/2011 18:52:20 | Computer Name = LENOVO | Source = Application Error | ID = 1000 Description = Faulting application rer167.tmp, version 0.0.0.0, faulting module rer167.tmp, version 0.0.0.0, fault address 0x00004104. Error - 09/11/2011 18:52:25 | Computer Name = LENOVO | Source = Application Error | ID = 1001 Description = Fault bucket -1606625492. Error - 09/11/2011 19:53:26 | Computer Name = LENOVO | Source = MPSampleSubmission | ID = 5000 Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094), P2 1.1.7801.0, P3 1.115.1571.0, P4 1.115.1571.0, P5 backdoor_win32_cycbot!cfg, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL. [ Lenovo-Message Center Plus/Admin Events ] Error - 03/08/2009 05:30:39 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = The remote server returned an error: (503) Server Unavailable. -> Exception message: The remote server returned an error: (503) Server Unavailable. Error - 18/10/2009 03:55:45 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object. Error - 13/05/2010 14:32:39 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object. Error - 23/12/2010 20:48:01 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object. Error - 24/12/2010 00:49:59 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object. Error - 24/12/2010 04:51:59 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object. Error - 27/01/2011 08:23:46 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2 Description = The remote server returned an error: (503) Server Unavailable. -> Exception message: The remote server returned an error: (503) Server Unavailable. [ System Events ] Error - 09/11/2011 19:15:37 | Computer Name = LENOVO | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 09/11/2011 19:47:43 | Computer Name = LENOVO | Source = iaStor | ID = 262153 Description = The device, \Device\Ide\iaStor0, did not respond within the timeout period. Error - 10/11/2011 16:43:17 | Computer Name = LENOVO | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'desktop.ini' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume. Error - 10/11/2011 16:44:24 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 10/11/2011 16:44:57 | Computer Name = LENOVO | Source = WMPNetworkSvc | ID = 866312 Description = A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. Error - 10/11/2011 16:44:57 | Computer Name = LENOVO | Source = WMPNetworkSvc | ID = 866312 Description = A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. Error - 10/11/2011 16:47:39 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 10/11/2011 16:47:58 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7016 Description = The Fingerprint Server service has reported an invalid current state 0. Error - 10/11/2011 16:50:11 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7031 Description = The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error - 10/11/2011 17:04:15 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7016 Description = The Fingerprint Server service has reported an invalid current state 0. < End of report >
- November 10, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

First OTL report ComboFix 11-11-10.03 - Bob 10/11/2011 20:47:48.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.909 [GMT 0:00] Running from: c:\documents and settings\Bob\Desktop\Combo.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\24051EFF.TMP c:\documents and settings\Bob\WINDOWS C:\install.exe c:\windows\AutoRun.ini c:\windows\system32\regobj.dll c:\windows\system32\Thumbs.db c:\windows\system32\win.ini c:\windows\winhelp.ini . . ((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 ))))))))))))))))))))))))))))))) . . 2011-11-10 20:56 . 2011-11-10 20:56 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\offreg.dll 2011-11-10 07:35 . 2011-11-10 07:35 -------- d-----w- c:\windows\LastGood.Tmp 2011-11-09 23:26 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\mpengine.dll 2011-11-09 23:13 . 2011-11-09 23:13 -------- d-----w- c:\windows\system32\wbem\Repository 2011-11-01 17:34 . 2011-11-01 17:34 64272 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-10-29 17:53 . 2011-11-02 17:18 -------- d-----w- c:\program files\PolderbitS 2011-10-16 19:08 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-16 19:02 . 2011-10-16 19:02 -------- d-----w- c:\program files\Microsoft Security Client 2011-10-12 16:44 . 2011-10-16 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-13 16:47 . 2011-05-14 15:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-30 19:48 . 2006-04-30 06:56 26112 ----a-w- c:\windows\system32\userinit.exe 2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 10:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 10:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20 . 2006-04-30 06:55 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:48 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec 2011-08-17 13:49 . 2006-04-30 06:55 138496 ------w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-05 39408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000] "AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240] "VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 55856] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS] 2007-05-31 20:57 155648 ------w- c:\windows\system32\FpWinlogonNp.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-08-08 19:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave"=DrvTrNTm.dll "mixer"=DrvTrNTm.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] backup=c:\windows\pss\Service Manager.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware] c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch] 2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp] 2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2009-01-29 22:20 57344 ------w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] 2007-11-29 17:36 2872632 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] 2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-03-23 07:32 162584 ------w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-03-23 07:32 138008 ------w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] 2007-04-26 17:10 120368 ------w- c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus] 2009-05-27 21:09 49976 ------w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-04-30 11:47 1086760 ----a-w- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ------w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler] 2007-03-16 05:26 31840 ------w- c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 06:24 286720 ------w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-10-14 09:22 155648 ------r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-08-09 20:11 149280 ------w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-09-05 21:46 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7] 2009-01-07 03:03 60704 ------w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP] 2008-03-11 12:33 54560 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] 2008-08-20 23:04 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-03 18:20 866584 ------w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\CoffeeCup Software\\Direct FTP\\DirectFTP.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"= "c:\\Program Files\\BMW Diagnostic Head Emulator\\DiagHead.exe"= "c:\\EDIABAS\\Bin\\IFHSrv32.exe"= "c:\\Program Files\\WebSite X5 v8 - Evolution\\WebSite.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "67:UDP"= 67:UDP:DHCP Discovery Service . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [09/10/2008 16:00 25680] R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 18:48 10240] R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112] R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [22/06/2007 18:45 106496] R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [11/05/2007 02:22 54560] R2 MSSQL$NEBULA2K;MSSQL$NEBULA2K;c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe -sNEBULA2K --> c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe -sNEBULA2K [?] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [29/03/2011 14:33 598312] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [08/02/2007 20:11 569344] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/07/2008 17:34 47360] R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [15/08/2009 12:08 127496] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 22:59 30336] S1 MpKsl0a72a4ed;MpKsl0a72a4ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF74210F-C64C-4EC2-BF73-6B96A7030007}\MpKsl0a72a4ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF74210F-C64C-4EC2-BF73-6B96A7030007}\MpKsl0a72a4ed.sys [?] S1 MpKsl1132a2a8;MpKsl1132a2a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\MpKsl1132a2a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\MpKsl1132a2a8.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 08:51 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 08:51 135664] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16/11/2010 01:10 267568] S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\system32\DRIVERS\mausbmr.sys --> c:\windows\system32\DRIVERS\mausbmr.sys [?] S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?] S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 15:04 21520] S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208] S3 SQLAgent$NEBULA2K;SQLAgent$NEBULA2K;c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlagent.EXE -i NEBULA2K --> c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlagent.EXE -i NEBULA2K [?] S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504] S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - RAPPORTMGMTSERVICE . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-07-30 09:39 451872 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:50] . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:50] . 2011-11-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . 2011-11-09 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25] . 2011-10-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57] . 2011-11-10 c:\windows\Tasks\User_Feed_Synchronization-{8033D9A4-F450-416F-9B7C-AB9C030B3C45}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://freeola.com/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://84.92.80.192:8081/activex/AMC.cab . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) Notify-ACNotify - ACNotify.dll MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-10 20:58 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="97FA5732867E2502AFF1CC07A326271507954929FEB4E2CAE4ED981D5DE58759BC588BA0E5996ED9F1A62C195AB6EB377AC73F9398197BB9C90110516F9ABA9B0EBA9265C6222B2DBA5BD7660EC5D112652E482A857D1A00F5E03B9550E792999D8C507BDB19F3D2275324098F80776D920750C6D458017400E2BB25EB2B9ADBEFDCB99E0FE436A44B76FDDE6474CD92C1B0D7884A0047F17701FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C373F1EA6DA692CF416E5AC1B24F7B8D2665DA4CC9BCEB90099C6C612782B619F08E088ECF9737675ACC55FBD5A8276E6BF3BCD0379F7177E0D8F48B374A2958929096F18EF7ACE43706410C3CC1C2C0FD962799499EC614096E89EC35A34787A7EAD8E8DA65E2E95D7F6B95E8C3A219B626A8098CD5248D138EB1E6663D4C6D6810959195A098049F1F80AA1F9530E0299AFEE8F3DD275DF8875CF209BFD3525BA98F2E99DE1A5DD5C2B63074DE3A05A56530358661A7F3C32276EDDE32EEA904C9F369457DA7177CC0E5C6890EBF762003730B896D776DC7366EB6CF1E50366E6A2308E40642CDD8B6B4087A26DAAFA95859E5BF3425BDB9EDB6D7E4DAB8A9A53ED233466F4117C73CB8D0937F14228A729AACCF311A57698F4CB29D30907C36B0E8345AA89D1E37781767553033A155A53E37EE201BD8F5E6290E8350B6F9CA0D57B65459D9047191D6038D232048B69760BC5E0D2822C7B99FE9B76432C06F35C691A3DB6677F72F567A3641284FD20CC9A5C624BC47614D38A8371499E00FD79DD5171D860872F28DA698BBA1682E051BC5F2EB34C3C5C0EDC46D1341A34E94D9D581391FB000F133A241EC8844F2044D1CF605752F02189CF6F98A3E36A773924642A6DAF2DE7D83ECE46D99044E6AAEB14E8088428BE4BF66D9A373894F7631D8B8DFEE1752061D04B0512F060544BD3F40C19069CA81D161181174644D5B5EA4AEC5EEEE6B45791DCAA1BCB4818B306A0DFE4EB2DE48B251248EA2F3089DEA37D49A528AEB62AD1AC5F9DC14677B2AF275246BF5A8DE7508BC1E08CB223510FEBF872CF23498C18469DCBE0C6CC5DB5FDA19F814B5147F7F9902B674CC6422D3BA5E89E3AA5F6209AB35830D9840BAE80E155A1C9718232412F7FC09E2A2D2D77CBAE411297A3D5FDC4F927B51FD8E7E97BCE85C2C4B746A6E8160A719A4E760F3EEED6E87F115FA8496D343234275E5D297989C736C6B0D560AEAA2FF5292157A3D773235183103789F2B74C6B98485FFBC5F91043D523DC8809FC67AF837A85749C20C81681742A24CC06A502160BD8D6299875FECD00ACACEBD1CBCFE706B57F74D6056AD6C9668EC2E883C8CCC317719A" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1584) c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\windows\system32\MSVCP71.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\FpWinLogonNp.dll c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll c:\program files\Lenovo Fingerprint Software\SharedResources.dll c:\program files\Lenovo Fingerprint Software\FPResource.dll c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll c:\program files\Lenovo\Client Security Solution\css_banner.dll c:\windows\system32\cssuserdatadispatcher.dll c:\windows\system32\tvttsp.dll c:\windows\system32\tcsrpc.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . - - - - - - - > 'explorer.exe'(5704) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe c:\program files\Lenovo\PM Driver\PMSveH.exe c:\windows\system32\PSIService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe c:\windows\system32\vmnetdhcp.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Pure Networks\Network Magic\nmsrvc.exe c:\program files\lenovo\system update\suservice.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\windows\system32\msiexec.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\windows\system32\wscntfy.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe . ************************************************************************** . Completion time: 2011-11-10 21:05:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-10 21:05 . Pre-Run: 303,223,468,032 bytes free Post-Run: 303,163,367,424 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 5D7AA6093E7FB495A6AAEC8FD9210EBA
- November 10, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Thanks for your efforts to assist me with this, much appreciated. I discovered that all my favourites had their properties changed to "Hidden" as had all the icons, I changed these back and all is ok with these now. I thought I would however take up the option of your assistance as re-installing everything would be a real pain in the butt and would take days, so scans complete and details below; hope these help. Regards, Bob. ComboFix 11-11-10.03 - Bob 10/11/2011 20:47:48.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.909 [GMT 0:00] Running from: c:\documents and settings\Bob\Desktop\Combo.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\24051EFF.TMP c:\documents and settings\Bob\WINDOWS C:\install.exe c:\windows\AutoRun.ini c:\windows\system32\regobj.dll c:\windows\system32\Thumbs.db c:\windows\system32\win.ini c:\windows\winhelp.ini . . ((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 ))))))))))))))))))))))))))))))) . . 2011-11-10 20:56 . 2011-11-10 20:56 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\offreg.dll 2011-11-10 07:35 . 2011-11-10 07:35 -------- d-----w- c:\windows\LastGood.Tmp 2011-11-09 23:26 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\mpengine.dll 2011-11-09 23:13 . 2011-11-09 23:13 -------- d-----w- c:\windows\system32\wbem\Repository 2011-11-01 17:34 . 2011-11-01 17:34 64272 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2011-10-29 17:53 . 2011-11-02 17:18 -------- d-----w- c:\program files\PolderbitS 2011-10-16 19:08 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-10-16 19:02 . 2011-10-16 19:02 -------- d-----w- c:\program files\Microsoft Security Client 2011-10-12 16:44 . 2011-10-16 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-13 16:47 . 2011-05-14 15:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-09-30 19:48 . 2006-04-30 06:56 26112 ----a-w- c:\windows\system32\userinit.exe 2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 10:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 10:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20 . 2006-04-30 06:55 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:48 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec 2011-08-17 13:49 . 2006-04-30 06:55 138496 ------w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-05 39408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344] "RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000] "AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240] "VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 55856] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS] 2007-05-31 20:57 155648 ------w- c:\windows\system32\FpWinlogonNp.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] 2008-08-08 19:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave"=DrvTrNTm.dll "mixer"=DrvTrNTm.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk] backup=c:\windows\pss\Service Manager.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware] c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch] 2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp] 2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] 2009-01-29 22:20 57344 ------w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth] 2007-11-29 17:36 2872632 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray] 2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-03-23 07:32 162584 ------w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2007-03-23 07:32 138008 ------w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager] 2007-04-26 17:10 120368 ------w- c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus] 2009-05-27 21:09 49976 ------w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] 2010-04-30 11:47 1086760 ----a-w- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ------w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler] 2007-03-16 05:26 31840 ------w- c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2007-06-29 06:24 286720 ------w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-10-14 09:22 155648 ------r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-08-09 20:11 149280 ------w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-09-05 21:46 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7] 2009-01-07 03:03 60704 ------w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP] 2008-03-11 12:33 54560 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy] 2008-08-20 23:04 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2006-11-03 18:20 866584 ------w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\CoffeeCup Software\\Direct FTP\\DirectFTP.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Spotify\\spotify.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"= "c:\\Program Files\\BMW Diagnostic Head Emulator\\DiagHead.exe"= "c:\\EDIABAS\\Bin\\IFHSrv32.exe"= "c:\\Program Files\\WebSite X5 v8 - Evolution\\WebSite.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "67:UDP"= 67:UDP:DHCP Discovery Service . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [09/10/2008 16:00 25680] R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 18:48 10240] R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312] R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440] R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112] R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [22/06/2007 18:45 106496] R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [11/05/2007 02:22 54560] R2 MSSQL$NEBULA2K;MSSQL$NEBULA2K;c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe -sNEBULA2K --> c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe -sNEBULA2K [?] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [29/03/2011 14:33 598312] R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [08/02/2007 20:11 569344] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/07/2008 17:34 47360] R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [15/08/2009 12:08 127496] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 22:59 30336] S1 MpKsl0a72a4ed;MpKsl0a72a4ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF74210F-C64C-4EC2-BF73-6B96A7030007}\MpKsl0a72a4ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF74210F-C64C-4EC2-BF73-6B96A7030007}\MpKsl0a72a4ed.sys [?] S1 MpKsl1132a2a8;MpKsl1132a2a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\MpKsl1132a2a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\MpKsl1132a2a8.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 08:51 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 08:51 135664] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16/11/2010 01:10 267568] S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\system32\DRIVERS\mausbmr.sys --> c:\windows\system32\DRIVERS\mausbmr.sys [?] S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?] S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 15:04 21520] S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208] S3 SQLAgent$NEBULA2K;SQLAgent$NEBULA2K;c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlagent.EXE -i NEBULA2K --> c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlagent.EXE -i NEBULA2K [?] S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504] S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - RAPPORTMGMTSERVICE . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-07-30 09:39 451872 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:50] . 2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:50] . 2011-11-10 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39] . 2011-11-09 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25] . 2011-10-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57] . 2011-11-10 c:\windows\Tasks\User_Feed_Synchronization-{8033D9A4-F450-416F-9B7C-AB9C030B3C45}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://freeola.com/ uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://84.92.80.192:8081/activex/AMC.cab . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) Notify-ACNotify - ACNotify.dll MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-10 20:58 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG11.00.00.01WORKSTATION"="97FA5732867E2502AFF1CC07A326271507954929FEB4E2CAE4ED981D5DE58759BC588BA0E5996ED9F1A62C195AB6EB377AC73F9398197BB9C90110516F9ABA9B0EBA9265C6222B2DBA5BD7660EC5D112652E482A857D1A00F5E03B9550E792999D8C507BDB19F3D2275324098F80776D920750C6D458017400E2BB25EB2B9ADBEFDCB99E0FE436A44B76FDDE6474CD92C1B0D7884A0047F17701FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C373F1EA6DA692CF416E5AC1B24F7B8D2665DA4CC9BCEB90099C6C612782B619F08E088ECF9737675ACC55FBD5A8276E6BF3BCD0379F7177E0D8F48B374A2958929096F18EF7ACE43706410C3CC1C2C0FD962799499EC614096E89EC35A34787A7EAD8E8DA65E2E95D7F6B95E8C3A219B626A8098CD5248D138EB1E6663D4C6D6810959195A098049F1F80AA1F9530E0299AFEE8F3DD275DF8875CF209BFD3525BA98F2E99DE1A5DD5C2B63074DE3A05A56530358661A7F3C32276EDDE32EEA904C9F369457DA7177CC0E5C6890EBF762003730B896D776DC7366EB6CF1E50366E6A2308E40642CDD8B6B4087A26DAAFA95859E5BF3425BDB9EDB6D7E4DAB8A9A53ED233466F4117C73CB8D0937F14228A729AACCF311A57698F4CB29D30907C36B0E8345AA89D1E37781767553033A155A53E37EE201BD8F5E6290E8350B6F9CA0D57B65459D9047191D6038D232048B69760BC5E0D2822C7B99FE9B76432C06F35C691A3DB6677F72F567A3641284FD20CC9A5C624BC47614D38A8371499E00FD79DD5171D860872F28DA698BBA1682E051BC5F2EB34C3C5C0EDC46D1341A34E94D9D581391FB000F133A241EC8844F2044D1CF605752F02189CF6F98A3E36A773924642A6DAF2DE7D83ECE46D99044E6AAEB14E8088428BE4BF66D9A373894F7631D8B8DFEE1752061D04B0512F060544BD3F40C19069CA81D161181174644D5B5EA4AEC5EEEE6B45791DCAA1BCB4818B306A0DFE4EB2DE48B251248EA2F3089DEA37D49A528AEB62AD1AC5F9DC14677B2AF275246BF5A8DE7508BC1E08CB223510FEBF872CF23498C18469DCBE0C6CC5DB5FDA19F814B5147F7F9902B674CC6422D3BA5E89E3AA5F6209AB35830D9840BAE80E155A1C9718232412F7FC09E2A2D2D77CBAE411297A3D5FDC4F927B51FD8E7E97BCE85C2C4B746A6E8160A719A4E760F3EEED6E87F115FA8496D343234275E5D297989C736C6B0D560AEAA2FF5292157A3D773235183103789F2B74C6B98485FFBC5F91043D523DC8809FC67AF837A85749C20C81681742A24CC06A502160BD8D6299875FECD00ACACEBD1CBCFE706B57F74D6056AD6C9668EC2E883C8CCC317719A" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1584) c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\windows\system32\MSVCP71.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\windows\system32\FpWinLogonNp.dll c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll c:\program files\Lenovo Fingerprint Software\SharedResources.dll c:\program files\Lenovo Fingerprint Software\FPResource.dll c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll c:\program files\Lenovo\Client Security Solution\css_banner.dll c:\windows\system32\cssuserdatadispatcher.dll c:\windows\system32\tvttsp.dll c:\windows\system32\tcsrpc.dll c:\program files\Lenovo\HOTKEY\tphklock.dll . - - - - - - - > 'explorer.exe'(5704) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Motive\McciCMService.exe c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe c:\program files\Lenovo\PM Driver\PMSveH.exe c:\windows\system32\PSIService.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe c:\windows\system32\vmnetdhcp.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Pure Networks\Network Magic\nmsrvc.exe c:\program files\lenovo\system update\suservice.exe c:\program files\VMware\VMware Workstation\vmware-authd.exe c:\windows\system32\msiexec.exe c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\windows\system32\wscntfy.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe . ************************************************************************** . Completion time: 2011-11-10 21:05:54 - machine was rebooted ComboFix-quarantined-files.txt 2011-11-10 21:05 . Pre-Run: 303,223,468,032 bytes free Post-Run: 303,163,367,424 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 5D7AA6093E7FB495A6AAEC8FD9210EBA Other reports follow.
- November 10, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum

Thanks Ken, I'll wait their response. I did find that after the restore MSSE did find and deal with the "bugs" again but what had gone was the installed program which was taking over everything. Bob.
- November 10, 2011
- 21 replies
Icons "Greyed" after infection, Why? (Solved)

pilotbob posted a topic in Tech Support & Discussions Forum

I managed to pick up an infection last night from an innocent site I use regularly, MS security essentials picked it up but not before it had installed a mock version of "Sytem Restore" and started running a scam scan of my system. MSSE found and removed the following ; Backdoor:Win32/Cycbot!cfg Trojan:Win32/Alureon.FE Trojan:Win32/Lukicsel.I Exploit:SWF/Blacole.F After this I still needed to use System Restore to get my system back to the previous days state to get rid of the installed nasty. However, I have a good few icons on my desktop which are shortcuts to web sites, all of these are now "Greyed" or appear to be translucent. They still work but do look rather odd and I'm concerned there is still some kind of infection. Any ideas? System is XP Pro SP3 with all latest updates. Thanks in anticipation, Bob. P.S. Just noticed that all my "Favourites" have dissapeared from IE8 too.
- November 10, 2011
- 21 replies
Remote connection to NAS

pilotbob posted a topic in Tech Support & Discussions Forum

Hi All, I have an LG N1T1 Nas installed in my office network which I'd like to be able to access from home via internet. I've enabled DDNS and UPnP port forwarding on the N1T1. From home I can access and login to the web menu of the device ok by going to http://(mydomainname).lgnas.com, but how do I create a "Network Place" to access the files on the drive. Sorry if this is a numpty question but the user guide is not well translated and seems to assume a complete knowledge of systems networking anyway. I need an idiots guide and need it in English too! Thanks in advance for any help. Bob.
- November 2, 2011
SATA/USB disk not recognised

pilotbob posted a topic in Tech Support & Discussions Forum

I have an external USB/SATA twin drive dock which I've been using successfully so far to check and reformat spare drives. This morning I plugged in a 2.5" sata drive which I removed working from a friends laptop and it does not show in "My Computer" or in "Computer Management". I've had this happen with 2.5" drives in a USB caddy once before. My sytem is XP Pro SP3. Any ideas? Many thanks.
- March 30, 2011
SD card missing?

pilotbob replied to pilotbob's topic in Tech Support & Discussions Forum
- December 22, 2010
- 5 replies
SD card missing?

pilotbob posted a topic in Tech Support & Discussions Forum

Hi All, My Lenovo 3000 N200 with XP3 is no longer showing the SD drive in My Computer, when I insert a card the led used to flicker for a while and the card was visible in explorer or My Computer but not now. Any ideas??? Bob.
- December 19, 2010
- 5 replies
need hellp please

pilotbob replied to slugger's topic in Tech Support & Discussions Forum

Is this a new problem or has it been there since you first had the Laptop?
- January 23, 2010
- 4 replies

Sign In

Profiles

Forums

Blogs

Events

Resources

Videos

Link Directory

Downloads

Everything posted by pilotbob