Icons "Greyed" after infection, Why? (Solved)

[pilotbob]

I managed to pick up an infection last night from an innocent site I use regularly, MS security essentials picked it up but not before it had installed a mock version of "Sytem Restore" and started running a scam scan of my system.

 

MSSE found and removed the following ;

 

Backdoor:Win32/Cycbot!cfg

Trojan:Win32/Alureon.FE

Trojan:Win32/Lukicsel.I

Exploit:SWF/Blacole.F

 

After this I still needed to use System Restore to get my system back to the previous days state to get rid of the installed nasty. However, I have a good few icons on my desktop which are shortcuts to web sites, all of these are now "Greyed" or appear to be translucent. They still work but do look rather odd and I'm concerned there is still some kind of infection. Any ideas?

 

System is XP Pro SP3 with all latest updates.

 

Thanks in anticipation, Bob.

 

P.S. Just noticed that all my "Favourites" have dissapeared from IE8 too.

Edited November 10, 2011 by pilotbob

[KenB]

Hi,

 

I think you need one of our Security Experts to take a look at your system.

 

I am no expert - but if you used System Restore you may well have re-introduced the bugs back into your system.

 

I will leave a message for the Security guys - please be patient as they are very busy. They will get to you :)

[pilotbob]

Thanks Ken, I'll wait their response.

 

I did find that after the restore MSSE did find and deal with the "bugs" again but what had gone was the installed program which was taking over everything.

 

Bob.

[Starbuck]

Hi pilotbob

 

I'll move this thread to the Malware Removal forum.

 

Firstly i'm afraid i have to give you this warning:

 

The malware removed are linked to password stealing trojans. It is known that these trojans can communicate with remote computers, download and run code, send emails and redirect browser requests. Unfortunately we cannot be sure about what they have done.

 

If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable and it would be wise to contact those same financial institutions to apprise them of your situation.

 

Though the Trojans have been identified there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS.

 

For more information read ....Here

If you choose to format and reinstall read...... Here

 

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy again.

 

If you wish us to try and clean this system, please follow the steps below.

 

Step 1

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
  For more information read:
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
   
  Then:
   
  Double click on Combo-Fix.exe & follow the prompts.
   
  Vista/Win7 users should right click on the icon and select Run as Administrator.
   
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   
  If running Vista/Win7, you may not see the recovery console screens
   
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

 

Step 2

• Download OTL to your desktop.
  right click on the link and select 'Save Link/Target As'.
   
  if you have problems, try this download link:
  OTL
  
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Check the boxes beside LOP Check and Purity Check

.

 

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

 

Now copy the lines in bold below.

 

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

 

• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
  .
  
• Click the Run Scan button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runscan.png
   
  
• Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

 

 

In your next reply, please submit: ( if you wish to continue)

Combofix.txt

both reports from OTL

 

 

Thanks.

[pilotbob]

Thanks for your efforts to assist me with this, much appreciated. I discovered that all my favourites had their properties changed to "Hidden" as had all the icons, I changed these back and all is ok with these now. I thought I would however take up the option of your assistance as re-installing everything would be a real pain in the butt and would take days, so scans complete and details below; hope these help.

 

Regards, Bob.

 

 

ComboFix 11-11-10.03 - Bob 10/11/2011 20:47:48.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.909 [GMT 0:00]

Running from: c:\documents and settings\Bob\Desktop\Combo.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\24051EFF.TMP

c:\documents and settings\Bob\WINDOWS

C:\install.exe

c:\windows\AutoRun.ini

c:\windows\system32\regobj.dll

c:\windows\system32\Thumbs.db

c:\windows\system32\win.ini

c:\windows\winhelp.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))

.

.

2011-11-10 20:56 . 2011-11-10 20:56 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\offreg.dll

2011-11-10 07:35 . 2011-11-10 07:35 -------- d-----w- c:\windows\LastGood.Tmp

2011-11-09 23:26 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\mpengine.dll

2011-11-09 23:13 . 2011-11-09 23:13 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-01 17:34 . 2011-11-01 17:34 64272 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-10-29 17:53 . 2011-11-02 17:18 -------- d-----w- c:\program files\PolderbitS

2011-10-16 19:08 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-16 19:02 . 2011-10-16 19:02 -------- d-----w- c:\program files\Microsoft Security Client

2011-10-12 16:44 . 2011-10-16 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-13 16:47 . 2011-05-14 15:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-30 19:48 . 2006-04-30 06:56 26112 ----a-w- c:\windows\system32\userinit.exe

2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 10:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2006-04-30 06:55 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2006-04-30 06:55 138496 ------w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-05 39408]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]

"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240]

"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 55856]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2007-05-31 20:57 155648 ------w- c:\windows\system32\FpWinlogonNp.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2008-08-08 19:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave"=DrvTrNTm.dll

"mixer"=DrvTrNTm.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

backup=c:\windows\pss\Service Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware]

c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]

2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]

2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2009-01-29 22:20 57344 ------w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]

2007-11-29 17:36 2872632 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-03-23 07:32 162584 ------w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-03-23 07:32 138008 ------w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]

2007-04-26 17:10 120368 ------w- c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]

2009-05-27 21:09 49976 ------w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-04-30 11:47 1086760 ----a-w- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 ------w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]

2007-03-16 05:26 31840 ------w- c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 06:24 286720 ------w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2003-10-14 09:22 155648 ------r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-08-09 20:11 149280 ------w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-09-05 21:46 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]

2009-01-07 03:03 60704 ------w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]

2008-03-11 12:33 54560 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

2008-08-20 23:04 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 18:20 866584 ------w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\CoffeeCup Software\\Direct FTP\\DirectFTP.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=

"c:\\Program Files\\BMW Diagnostic Head Emulator\\DiagHead.exe"=

"c:\\EDIABAS\\Bin\\IFHSrv32.exe"=

"c:\\Program Files\\WebSite X5 v8 - Evolution\\WebSite.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"67:UDP"= 67:UDP:DHCP Discovery Service

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [09/10/2008 16:00 25680]

R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 18:48 10240]

R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]

R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [22/06/2007 18:45 106496]

R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [11/05/2007 02:22 54560]

R2 MSSQL$NEBULA2K;MSSQL$NEBULA2K;c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe -sNEBULA2K --> c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe -sNEBULA2K [?]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [29/03/2011 14:33 598312]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [08/02/2007 20:11 569344]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/07/2008 17:34 47360]

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [15/08/2009 12:08 127496]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 22:59 30336]

S1 MpKsl0a72a4ed;MpKsl0a72a4ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF74210F-C64C-4EC2-BF73-6B96A7030007}\MpKsl0a72a4ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF74210F-C64C-4EC2-BF73-6B96A7030007}\MpKsl0a72a4ed.sys [?]

S1 MpKsl1132a2a8;MpKsl1132a2a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\MpKsl1132a2a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\MpKsl1132a2a8.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 08:51 135664]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 08:51 135664]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16/11/2010 01:10 267568]

S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\system32\DRIVERS\mausbmr.sys --> c:\windows\system32\DRIVERS\mausbmr.sys [?]

S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]

S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 15:04 21520]

S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]

S3 SQLAgent$NEBULA2K;SQLAgent$NEBULA2K;c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlagent.EXE -i NEBULA2K --> c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlagent.EXE -i NEBULA2K [?]

S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]

S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RAPPORTMGMTSERVICE

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-07-30 09:39 451872 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:50]

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:50]

.

2011-11-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2011-11-09 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25]

.

2011-10-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]

.

2011-11-10 c:\windows\Tasks\User_Feed_Synchronization-{8033D9A4-F450-416F-9B7C-AB9C030B3C45}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://freeola.com/

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://84.92.80.192:8081/activex/AMC.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

Notify-ACNotify - ACNotify.dll

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-10 20:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG11.00.00.01WORKSTATION"="97FA5732867E2502AFF1CC07A326271507954929FEB4E2CAE4ED981D5DE58759BC588BA0E5996ED9F1A62C195AB6EB377AC73F9398197BB9C90110516F9ABA9B0EBA9265C6222B2DBA5BD7660EC5D112652E482A857D1A00F5E03B9550E792999D8C507BDB19F3D2275324098F80776D920750C6D458017400E2BB25EB2B9ADBEFDCB99E0FE436A44B76FDDE6474CD92C1B0D7884A0047F17701FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C373F1EA6DA692CF416E5AC1B24F7B8D2665DA4CC9BCEB90099C6C612782B619F08E088ECF9737675ACC55FBD5A8276E6BF3BCD0379F7177E0D8F48B374A2958929096F18EF7ACE43706410C3CC1C2C0FD962799499EC614096E89EC35A34787A7EAD8E8DA65E2E95D7F6B95E8C3A219B626A8098CD5248D138EB1E6663D4C6D6810959195A098049F1F80AA1F9530E0299AFEE8F3DD275DF8875CF209BFD3525BA98F2E99DE1A5DD5C2B63074DE3A05A56530358661A7F3C32276EDDE32EEA904C9F369457DA7177CC0E5C6890EBF762003730B896D776DC7366EB6CF1E50366E6A2308E40642CDD8B6B4087A26DAAFA95859E5BF3425BDB9EDB6D7E4DAB8A9A53ED233466F4117C73CB8D0937F14228A729AACCF311A57698F4CB29D30907C36B0E8345AA89D1E37781767553033A155A53E37EE201BD8F5E6290E8350B6F9CA0D57B65459D9047191D6038D232048B69760BC5E0D2822C7B99FE9B76432C06F35C691A3DB6677F72F567A3641284FD20CC9A5C624BC47614D38A8371499E00FD79DD5171D860872F28DA698BBA1682E051BC5F2EB34C3C5C0EDC46D1341A34E94D9D581391FB000F133A241EC8844F2044D1CF605752F02189CF6F98A3E36A773924642A6DAF2DE7D83ECE46D99044E6AAEB14E8088428BE4BF66D9A373894F7631D8B8DFEE1752061D04B0512F060544BD3F40C19069CA81D161181174644D5B5EA4AEC5EEEE6B45791DCAA1BCB4818B306A0DFE4EB2DE48B251248EA2F3089DEA37D49A528AEB62AD1AC5F9DC14677B2AF275246BF5A8DE7508BC1E08CB223510FEBF872CF23498C18469DCBE0C6CC5DB5FDA19F814B5147F7F9902B674CC6422D3BA5E89E3AA5F6209AB35830D9840BAE80E155A1C9718232412F7FC09E2A2D2D77CBAE411297A3D5FDC4F927B51FD8E7E97BCE85C2C4B746A6E8160A719A4E760F3EEED6E87F115FA8496D343234275E5D297989C736C6B0D560AEAA2FF5292157A3D773235183103789F2B74C6B98485FFBC5F91043D523DC8809FC67AF837A85749C20C81681742A24CC06A502160BD8D6299875FECD00ACACEBD1CBCFE706B57F74D6056AD6C9668EC2E883C8CCC317719A"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1584)

c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\windows\system32\MSVCP71.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\FpWinLogonNp.dll

c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll

c:\program files\Lenovo Fingerprint Software\SharedResources.dll

c:\program files\Lenovo Fingerprint Software\FPResource.dll

c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll

c:\program files\Lenovo\Client Security Solution\css_banner.dll

c:\windows\system32\cssuserdatadispatcher.dll

c:\windows\system32\tvttsp.dll

c:\windows\system32\tcsrpc.dll

c:\program files\Lenovo\HOTKEY\tphklock.dll

.

- - - - - - - > 'explorer.exe'(5704)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe

c:\program files\Lenovo\PM Driver\PMSveH.exe

c:\windows\system32\PSIService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

c:\windows\system32\vmnetdhcp.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Pure Networks\Network Magic\nmsrvc.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\VMware\VMware Workstation\vmware-authd.exe

c:\windows\system32\msiexec.exe

c:\windows\RTHDCPL.EXE

c:\windows\AGRSMMSG.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

.

**************************************************************************

.

Completion time: 2011-11-10 21:05:54 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-10 21:05

.

Pre-Run: 303,223,468,032 bytes free

Post-Run: 303,163,367,424 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 5D7AA6093E7FB495A6AAEC8FD9210EBA

 

Other reports follow.

[pilotbob]

First OTL report

 

ComboFix 11-11-10.03 - Bob 10/11/2011 20:47:48.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2038.909 [GMT 0:00]

Running from: c:\documents and settings\Bob\Desktop\Combo.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\24051EFF.TMP

c:\documents and settings\Bob\WINDOWS

C:\install.exe

c:\windows\AutoRun.ini

c:\windows\system32\regobj.dll

c:\windows\system32\Thumbs.db

c:\windows\system32\win.ini

c:\windows\winhelp.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-10-10 to 2011-11-10 )))))))))))))))))))))))))))))))

.

.

2011-11-10 20:56 . 2011-11-10 20:56 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\offreg.dll

2011-11-10 07:35 . 2011-11-10 07:35 -------- d-----w- c:\windows\LastGood.Tmp

2011-11-09 23:26 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\mpengine.dll

2011-11-09 23:13 . 2011-11-09 23:13 -------- d-----w- c:\windows\system32\wbem\Repository

2011-11-01 17:34 . 2011-11-01 17:34 64272 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2011-10-29 17:53 . 2011-11-02 17:18 -------- d-----w- c:\program files\PolderbitS

2011-10-16 19:08 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-16 19:02 . 2011-10-16 19:02 -------- d-----w- c:\program files\Microsoft Security Client

2011-10-12 16:44 . 2011-10-16 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-13 16:47 . 2011-05-14 15:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-30 19:48 . 2006-04-30 06:56 26112 ----a-w- c:\windows\system32\userinit.exe

2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 10:41 . 2006-04-30 06:55 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 10:41 . 2006-04-30 06:55 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-09 09:12 . 2006-04-30 06:55 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-06 13:20 . 2006-04-30 06:55 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-22 23:48 . 2006-04-30 06:56 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48 . 2006-04-30 06:55 43520 ------w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48 . 2006-04-30 06:55 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56 . 2006-04-30 06:55 385024 ------w- c:\windows\system32\html.iec

2011-08-17 13:49 . 2006-04-30 06:55 138496 ------w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-05 39408]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-09-12 17351304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]

"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]

"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]

"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-03-03 72240]

"VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2008-03-03 55856]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]

2007-05-31 20:57 155648 ------w- c:\windows\system32\FpWinlogonNp.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]

2008-08-08 19:14 28672 ------w- c:\program files\Lenovo\HOTKEY\tphklock.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"wave"=DrvTrNTm.dll

"mixer"=DrvTrNTm.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]

backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

backup=c:\windows\pss\Service Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftware]

c:\program files\Lenovo Fingerprint Software\fpapp.exe \s [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AwaySch]

2006-11-07 10:51 91688 ------w- c:\program files\Lenovo\AwayTask\AwaySch.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]

2009-12-07 11:50 1584640 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

2009-01-29 22:20 57344 ------w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]

2007-11-29 17:36 2872632 ------w- c:\program files\Lenovo\Client Security Solution\cssauth.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]

2006-05-18 23:24 196696 ------w- c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2007-03-23 07:32 162584 ------w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2007-03-23 07:32 138008 ------w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]

2007-04-26 17:10 120368 ------w- c:\progra~1\Lenovo\LENOVO~2\LPMGR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]

2009-05-27 21:09 49976 ------w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]

2010-04-30 11:47 1086760 ----a-w- c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 ------w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]

2007-03-16 05:26 31840 ------w- c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 06:24 286720 ------w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2003-10-14 09:22 155648 ------r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2009-08-09 20:11 149280 ------w- c:\program files\Java\jre6\bin\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-09-05 21:46 39408 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPFNF7]

2009-01-07 03:03 60704 ------w- c:\progra~1\Lenovo\NPDIRECT\tpfnf7sp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]

2008-03-11 12:33 54560 ------w- c:\program files\Lenovo\HOTKEY\TpWAudAp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

2008-08-20 23:04 487424 ------w- c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2006-11-03 18:20 866584 ------w- c:\program files\Windows Defender\MSASCui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2006-10-18 19:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=

"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"c:\\Program Files\\CoffeeCup Software\\Direct FTP\\DirectFTP.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Spotify\\spotify.exe"=

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"=

"c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=

"c:\\Program Files\\BMW Diagnostic Head Emulator\\DiagHead.exe"=

"c:\\EDIABAS\\Bin\\IFHSrv32.exe"=

"c:\\Program Files\\WebSite X5 v8 - Evolution\\WebSite.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"67:UDP"= 67:UDP:DHCP Discovery Service

.

R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]

R1 eusk2par;Aladdin SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [09/10/2008 16:00 25680]

R1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [24/05/2006 18:48 10240]

R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]

R2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [22/06/2007 18:45 106496]

R2 FNF5SVC;Fn+F5 Service;c:\program files\Lenovo\HOTKEY\FnF5svc.exe [11/05/2007 02:22 54560]

R2 MSSQL$NEBULA2K;MSSQL$NEBULA2K;c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe -sNEBULA2K --> c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe -sNEBULA2K [?]

R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [29/03/2011 14:33 598312]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [08/02/2007 20:11 569344]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [30/07/2008 17:34 47360]

R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [15/08/2009 12:08 127496]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [22/05/2007 22:59 30336]

S1 MpKsl0a72a4ed;MpKsl0a72a4ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF74210F-C64C-4EC2-BF73-6B96A7030007}\MpKsl0a72a4ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CF74210F-C64C-4EC2-BF73-6B96A7030007}\MpKsl0a72a4ed.sys [?]

S1 MpKsl1132a2a8;MpKsl1132a2a8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\MpKsl1132a2a8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3AC00EC9-A436-4671-9E1C-A42B48D0D3C1}\MpKsl1132a2a8.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 08:51 135664]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 18:19 13592]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 08:51 135664]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [16/11/2010 01:10 267568]

S3 MAUSBML;Service for M-Audio Micro (WDM);c:\windows\system32\DRIVERS\mausbmr.sys --> c:\windows\system32\DRIVERS\mausbmr.sys [?]

S3 PbsAuDrv;PolderbitS Audio Driver;c:\windows\system32\drivers\pbsaudrv.sys --> c:\windows\system32\drivers\pbsaudrv.sys [?]

S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 15:04 21520]

S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]

S3 SQLAgent$NEBULA2K;SQLAgent$NEBULA2K;c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlagent.EXE -i NEBULA2K --> c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlagent.EXE -i NEBULA2K [?]

S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys --> c:\windows\system32\drivers\vvftav.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]

S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\Drivers\usbVM305.sys --> c:\windows\system32\Drivers\usbVM305.sys [?]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - RAPPORTMGMTSERVICE

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-07-30 09:39 451872 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:50]

.

2011-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 08:50]

.

2011-11-10 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]

.

2011-11-09 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25]

.

2011-10-13 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]

.

2011-11-10 c:\windows\Tasks\User_Feed_Synchronization-{8033D9A4-F450-416F-9B7C-AB9C030B3C45}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://freeola.com/

uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://84.92.80.192:8081/activex/AMC.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

Notify-ACNotify - ACNotify.dll

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-10 20:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG11.00.00.01WORKSTATION"="97FA5732867E2502AFF1CC07A326271507954929FEB4E2CAE4ED981D5DE58759BC588BA0E5996ED9F1A62C195AB6EB377AC73F9398197BB9C90110516F9ABA9B0EBA9265C6222B2DBA5BD7660EC5D112652E482A857D1A00F5E03B9550E792999D8C507BDB19F3D2275324098F80776D920750C6D458017400E2BB25EB2B9ADBEFDCB99E0FE436A44B76FDDE6474CD92C1B0D7884A0047F17701FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6171C11EC38DE3DFEBC9E127BECC74C373F1EA6DA692CF416E5AC1B24F7B8D2665DA4CC9BCEB90099C6C612782B619F08E088ECF9737675ACC55FBD5A8276E6BF3BCD0379F7177E0D8F48B374A2958929096F18EF7ACE43706410C3CC1C2C0FD962799499EC614096E89EC35A34787A7EAD8E8DA65E2E95D7F6B95E8C3A219B626A8098CD5248D138EB1E6663D4C6D6810959195A098049F1F80AA1F9530E0299AFEE8F3DD275DF8875CF209BFD3525BA98F2E99DE1A5DD5C2B63074DE3A05A56530358661A7F3C32276EDDE32EEA904C9F369457DA7177CC0E5C6890EBF762003730B896D776DC7366EB6CF1E50366E6A2308E40642CDD8B6B4087A26DAAFA95859E5BF3425BDB9EDB6D7E4DAB8A9A53ED233466F4117C73CB8D0937F14228A729AACCF311A57698F4CB29D30907C36B0E8345AA89D1E37781767553033A155A53E37EE201BD8F5E6290E8350B6F9CA0D57B65459D9047191D6038D232048B69760BC5E0D2822C7B99FE9B76432C06F35C691A3DB6677F72F567A3641284FD20CC9A5C624BC47614D38A8371499E00FD79DD5171D860872F28DA698BBA1682E051BC5F2EB34C3C5C0EDC46D1341A34E94D9D581391FB000F133A241EC8844F2044D1CF605752F02189CF6F98A3E36A773924642A6DAF2DE7D83ECE46D99044E6AAEB14E8088428BE4BF66D9A373894F7631D8B8DFEE1752061D04B0512F060544BD3F40C19069CA81D161181174644D5B5EA4AEC5EEEE6B45791DCAA1BCB4818B306A0DFE4EB2DE48B251248EA2F3089DEA37D49A528AEB62AD1AC5F9DC14677B2AF275246BF5A8DE7508BC1E08CB223510FEBF872CF23498C18469DCBE0C6CC5DB5FDA19F814B5147F7F9902B674CC6422D3BA5E89E3AA5F6209AB35830D9840BAE80E155A1C9718232412F7FC09E2A2D2D77CBAE411297A3D5FDC4F927B51FD8E7E97BCE85C2C4B746A6E8160A719A4E760F3EEED6E87F115FA8496D343234275E5D297989C736C6B0D560AEAA2FF5292157A3D773235183103789F2B74C6B98485FFBC5F91043D523DC8809FC67AF837A85749C20C81681742A24CC06A502160BD8D6299875FECD00ACACEBD1CBCFE706B57F74D6056AD6C9668EC2E883C8CCC317719A"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1584)

c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll

c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll

c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll

c:\windows\system32\MSVCP71.dll

c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll

c:\windows\system32\FpWinLogonNp.dll

c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll

c:\program files\Lenovo Fingerprint Software\SharedResources.dll

c:\program files\Lenovo Fingerprint Software\FPResource.dll

c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll

c:\program files\Lenovo\Client Security Solution\css_banner.dll

c:\windows\system32\cssuserdatadispatcher.dll

c:\windows\system32\tvttsp.dll

c:\windows\system32\tcsrpc.dll

c:\program files\Lenovo\HOTKEY\tphklock.dll

.

- - - - - - - > 'explorer.exe'(5704)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe

c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Microsoft SQL Server\MSSQL$NEBULA2K\Binn\sqlservr.exe

c:\program files\Lenovo\PM Driver\PMSveH.exe

c:\windows\system32\PSIService.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe

c:\windows\system32\vmnetdhcp.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Pure Networks\Network Magic\nmsrvc.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\VMware\VMware Workstation\vmware-authd.exe

c:\windows\system32\msiexec.exe

c:\windows\RTHDCPL.EXE

c:\windows\AGRSMMSG.exe

c:\windows\system32\wscntfy.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

.

**************************************************************************

.

Completion time: 2011-11-10 21:05:54 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-10 21:05

.

Pre-Run: 303,223,468,032 bytes free

Post-Run: 303,163,367,424 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 5D7AA6093E7FB495A6AAEC8FD9210EBA

[pilotbob]

Second OTL report

 

OTL Extras logfile created on: 10/11/2011 21:15:49 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bob\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.90% Memory free

3.33 Gb Paging File | 2.57 Gb Available in Paging File | 77.28% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 459.74 Gb Total Space | 282.37 Gb Free Space | 61.42% Space Free | Partition Type: NTFS

Drive E: | 382.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 182.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 976.13 Mb Total Space | 505.78 Mb Free Space | 51.82% Space Free | Partition Type: FAT

Drive J: | 15.69 Mb Total Space | 3.45 Mb Free Space | 21.96% Space Free | Partition Type: NTFS

 

Computer Name: LENOVO | User Name: Bob | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)

"C:\Program Files\CoffeeCup Software\Direct FTP\DirectFTP.exe" = C:\Program Files\CoffeeCup Software\Direct FTP\DirectFTP.exe:*:Enabled:Direct FTP Application -- (CoffeeCup Software, Inc.)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe:*:Enabled:BT Broadband Desktop Help -- (Alcatel-Lucent)

"C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" = C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe:*:Enabled:BT Broadband Desktop Help Notifier -- (Alcatel-Lucent)

"C:\Program Files\BMW Diagnostic Head Emulator\DiagHead.exe" = C:\Program Files\BMW Diagnostic Head Emulator\DiagHead.exe:*:Enabled:DiagHead -- (SoftCom Ltd.)

"C:\EDIABAS\Bin\IFHSrv32.exe" = C:\EDIABAS\Bin\IFHSrv32.exe:*:Enabled:NETMAN Server -- ()

"C:\Program Files\WebSite X5 v8 - Evolution\WebSite.exe" = C:\Program Files\WebSite X5 v8 - Evolution\WebSite.exe:*:Enabled:WebSite X5 -- (Incomedia - www.websitex5.com)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01A2E33A-8ADA-42D1-9173-8F65149E952F}" = Microsoft Money

"{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}" = Microsoft Money System Pack

"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)

"{0345CF70-FA00-4F4E-A218-0FA494F465A4}" = LightScribe Template Designs - Business Pack 1

"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data

"{0C9F8331-C56A-4600-A563-99CDBCE43694}" = WinPCSIGN Letter 2005

"{0DA9CEC1-67FB-473C-A5BF-7FECA017B725}" = PocketFMS EUR 1.5.0

"{0F6D55D8-89AA-4C1D-BC4C-ACBBDE8BE57A}" = Serif PhotoPlus 8.0

"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message

"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail

"{1A8C5BB4-91EB-4AB4-B667-74EC501341B9}" = LightScribe Template Designs - 9 to 5 Pack 1

"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15

"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition

"{284A25AA-96B4-449D-BBA0-D0C97A5E213E}" = PCB Artist Version 1.4

"{2b02f824-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Premier Edition 2004

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3724743C-C279-4ACA-A451-56479745208A}" = Memory-Map European Edition

"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{44E9D4C2-946C-4378-9354-558803C47A68}" = Client Security - Password Manager

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows

"{513148E7-B7A1-48B2-B518-668701E546F5}" = LightScribe System Software 1.14.19.1

"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57729BE1-DE2C-45DB-9FFA-5C1949679B3E}" = Watchtower Library 2010 - English

"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32

"{5FA08EAD-6532-4609-9E78-DBBEBE9AE6D2}" = Visual Site Designer

"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement

"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{669179DB-431A-4759-954E-822D254112C0}" = PocketFMS EUR 1.6.0

"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7

"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution

"{7075FDA1-1542-4659-8FC6-4C127B32F907}" = PocketFMS

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77486339-D60A-494D-9492-55385419ED50}" = PocketFMS EUR 1.4.4

"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite

"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections

"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8FE552F4-52D5-4ED8-B77B-672D5F88B427}" = DVR

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD

"{9570A579-88E2-4B73-A28F-3ED8FCB8C0D8}_is1" = Incomedia WebSite X5 v9 - Free

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{979B748C-6095-4A5A-BC7B-C15E720529D6}" = PCMSCAN

"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}" = Brother MFL-Pro Suite

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{9CE06167-6F6F-40E4-B723-3702FE2831DD}" = BMW Diagnostic Head Emulator

"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver

"{A182077A-8D6B-4194-B48A-B4DC37C69907}" = RealSpeak Solo for UK English Emily

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio

"{ABE02A4F-E00D-4E06-ADB8-CF5AB5B0239A}" = PocketFMS EUR 1.5.1

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy

"{B1C2398C-6FAB-46D1-806C-5942F0829994}" = ParetoLogic Data Recovery

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B293806D-4407-4287-A00C-E9064174EF89}" = Network Magic

"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype

"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center

"{BDC83FD3-1A0F-46FB-8852-5E9A94294143}" = Serif PagePlus 8.0 PDF Edition

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes

"{C82185E8-C27B-4EF4-2007-3333BC2C2B6D}" = Microsoft AutoRoute 2007

"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care

"{D08E34CE-0106-4C47-83B0-8A31D7098BB6}" = PocketFMS EUR Datapack 1.0.1.0

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{D7D50D63-55C0-11D5-A6A2-00C0DF05DE71}" = TurboCAD Professional v8

"{D9B5AE52-FEF9-4E5C-A63E-06A6638B2935}" = Nero Kwik Media

"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Broadband Support Tools

"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate

"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers

"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn

"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (NEBULA2K)

"{E4B024F9-2074-4FEB-9885-EDF9EC39026F}" = PocketFMS

"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center

"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore

"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software

"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F8650CB3-89F1-4AE0-81AC-917423C58DB8}" = Serif PhotoPlus Association File Formats

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"ABC Amber NBU Converter" = ABC Amber NBU Converter

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"ASIO4ALL" = ASIO4ALL

"AU65_is1" = Advanced Uninstaller PRO 2004 - version 6

"Audacity_is1" = Audacity 1.2.6

"Avantext TechPubs Manager" = Avantext TechPubs Manager

"AwayTask" = Maintenance Manager

"AXIS Media Control Embedded" = AXIS Media Control Embedded

"BT Broadband Desktop Help" = BT Broadband Desktop Help

"BTHomeHub" = BTHomeHub

"CCleaner" = CCleaner

"CloneCD" = CloneCD

"CoffeeCup Direct FTP 6.7.17" = CoffeeCup Direct FTP

"CoffeeCup GIF Animator" = CoffeeCup GIF Animator

"CoffeeCup HTML Editor" = CoffeeCup HTML Editor

"CoffeeCup LockBox" = CoffeeCup LockBox

"CoffeeCup Photo Gallery - Registered" = CoffeeCup Photo Gallery - Registered

"CoffeeCup PixConverter" = CoffeeCup PixConverter

"CoffeeCup Web Form Builder - Registered" = CoffeeCup Web Form Builder - Registered

"CoffeeCup Web JukeBox - Registered" = CoffeeCup Web JukeBox - Registered

"CutePDF Writer Installation" = CutePDF Writer 2.8

"DAEMON Tools Lite" = DAEMON Tools Lite

"DAEMON Tools Toolbar" = DAEMON Tools Toolbar

"Defraggler" = Defraggler

"Digital Media LE" = Roxio Digital Media LE

"DTE" = DTE

"EditiX-Free-XML Editor2010 Free-2010" = EditiX-Free-XML Editor2010 Free-2010

"ESBUnitConv4_is1" = ESBUnitConv v5.2

"File Recover_is1" = File Recover 7.5

"Garden Encyclopedia" = Garden Encyclopedia version 3.0

"Google Chrome" = Google Chrome

"Guitar Pro 5_is1" = Guitar Pro 5.0

"HDMI" = Intel® Graphics Media Accelerator Driver

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"IncrediMail" = IncrediMail 2.0

"Inkscape" = Inkscape 0.46

"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver

"InstallShield_{DA8E52C7-8638-4AD6-B94E-53ED24EE5202}" = DesignPro 5 Lite Edition

"KitchenDraw 5.0" = KitchenDraw 5.0

"KitchenDraw_is1" = KitchenDraw 5.5

"Lenovo Registration" = Lenovo Registration

"MainApp.exe_is1" = CloneDVD 4.1.0.23

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Media Player - Codec Pack" = Media Player Codec Pack 4.0.0

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MP3 Workshop_is1" = MP3 Workshop 1.92

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero 6

"Nero BurnRights!UninstallKey" = Nero BurnRights

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OnScreenDisplay" = On Screen Display

"PC-Doctor for Windows" = Lenovo System Toolbox

"PCMCIAPW" = ThinkPad PC Card Power Policy

"PhotoMail" = PhotoMail Maker

"Picasa2" = Picasa 2

"ProInst" = Intel® PROSet/Wireless Software

"Rapport_msi" = Rapport

"Recuva" = Recuva (remove only)

"sm-un1.u32" = SoftMaker Office 2008 (C:\Program Files\SoftMaker Office 2008)

"Spotify" = Spotify

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TotalRecorder" = Total Recorder 7.1

"USB Audio_is1" = Ver 1.2.0

"VCDS-Lite 1.1" = VCDS-Lite 1.1

"Vectorian Giotto_is1" = Vectorian Giotto 3.0.0

"WaveLab Lite" = WaveLab Lite

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR archiver

"WinUndelete" = WinUndelete

"WinZip" = WinZip

"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.9.4

"WMCSetup" = Windows Media Connect

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7

"ZC DVD Audio Ripper_is1" = ZC DVD Audio Ripper 2.8.6.296

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"NATS AFPEx Terminal" = NATS AFPEx Terminal

"Notam Map" = Notam Map

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 05/11/2011 11:44:43 | Computer Name = LENOVO | Source = Application Error | ID = 1000

Description = Faulting application garden.exe, version 1.0.0.1, faulting module

garden.exe, version 1.0.0.1, fault address 0x00015012.

 

Error - 09/11/2011 18:52:02 | Computer Name = LENOVO | Source = Application Error | ID = 1000

Description = Faulting application rer160.tmp, version 0.0.0.0, faulting module

rer160.tmp, version 0.0.0.0, fault address 0x00004104.

 

Error - 09/11/2011 18:52:08 | Computer Name = LENOVO | Source = Application Error | ID = 1001

Description = Fault bucket -1606711140.

 

Error - 09/11/2011 18:52:10 | Computer Name = LENOVO | Source = Application Error | ID = 1000

Description = Faulting application rer162.tmp, version 0.0.0.0, faulting module

rer162.tmp, version 0.0.0.0, fault address 0x00004104.

 

Error - 09/11/2011 18:52:16 | Computer Name = LENOVO | Source = Application Error | ID = 1000

Description = Faulting application rer164.tmp, version 0.0.0.0, faulting module

rer164.tmp, version 0.0.0.0, fault address 0x00004104.

 

Error - 09/11/2011 18:52:18 | Computer Name = LENOVO | Source = Application Error | ID = 1001

Description = Fault bucket -1606625605.

 

Error - 09/11/2011 18:52:19 | Computer Name = LENOVO | Source = Application Error | ID = 1001

Description = Fault bucket -1606625590.

 

Error - 09/11/2011 18:52:20 | Computer Name = LENOVO | Source = Application Error | ID = 1000

Description = Faulting application rer167.tmp, version 0.0.0.0, faulting module

rer167.tmp, version 0.0.0.0, fault address 0x00004104.

 

Error - 09/11/2011 18:52:25 | Computer Name = LENOVO | Source = Application Error | ID = 1001

Description = Fault bucket -1606625492.

 

Error - 09/11/2011 19:53:26 | Computer Name = LENOVO | Source = MPSampleSubmission | ID = 5000

Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),

P2 1.1.7801.0, P3 1.115.1571.0, P4 1.115.1571.0, P5 backdoor_win32_cycbot!cfg,

P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

 

[ Lenovo-Message Center Plus/Admin Events ]

Error - 03/08/2009 05:30:39 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = The remote server returned an error: (503) Server Unavailable. ->

Exception message: The remote server returned an error: (503) Server Unavailable.

 

Error - 18/10/2009 03:55:45 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

 

Error - 13/05/2010 14:32:39 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

 

Error - 23/12/2010 20:48:01 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

 

Error - 24/12/2010 00:49:59 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

 

Error - 24/12/2010 04:51:59 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = Object reference not set to an instance of an object. -> Exception

message: Object reference not set to an instance of an object.

 

Error - 27/01/2011 08:23:46 | Computer Name = LENOVO-EF57E96C | Source = Lenovo-Message Center Plus/Admin | ID = 2

Description = The remote server returned an error: (503) Server Unavailable. ->

Exception message: The remote server returned an error: (503) Server Unavailable.

 

[ System Events ]

Error - 09/11/2011 19:15:37 | Computer Name = LENOVO | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 14 minutes. NtpClient has no source of accurate

time.

 

Error - 09/11/2011 19:47:43 | Computer Name = LENOVO | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

 

Error - 10/11/2011 16:43:17 | Computer Name = LENOVO | Source = sr | ID = 1

Description = The System Restore filter encountered the unexpected error '0xC000007F'

while processing the file 'desktop.ini' on the volume 'HarddiskVolume3'. It has

stopped monitoring the volume.

 

Error - 10/11/2011 16:44:24 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

 

Error - 10/11/2011 16:44:57 | Computer Name = LENOVO | Source = WMPNetworkSvc | ID = 866312

Description = A new media server was not initialized because WMCreateDeviceRegistration()

encountered error '0xc00d2711'. The Windows Media DRM components on your computer

might be corrupted. Verify that protected files play correctly in Windows Media

Player, and then restart the WMPNetworkSvc service.

 

Error - 10/11/2011 16:44:57 | Computer Name = LENOVO | Source = WMPNetworkSvc | ID = 866312

Description = A new media server was not initialized because WMCreateDeviceRegistration()

encountered error '0xc00d2711'. The Windows Media DRM components on your computer

might be corrupted. Verify that protected files play correctly in Windows Media

Player, and then restart the WMPNetworkSvc service.

 

Error - 10/11/2011 16:47:39 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

 

Error - 10/11/2011 16:47:58 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7016

Description = The Fingerprint Server service has reported an invalid current state

0.

 

Error - 10/11/2011 16:50:11 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7031

Description = The Windows Media Player Network Sharing Service service terminated

unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 30000 milliseconds: Restart the service.

 

Error - 10/11/2011 17:04:15 | Computer Name = LENOVO | Source = Service Control Manager | ID = 7016

Description = The Fingerprint Server service has reported an invalid current state

0.

 

 

< End of report >

[Starbuck]

Hi pilotbob

 

I discovered that all my favourites had their properties changed to "Hidden" as had all the icons, I changed these back and all is ok with these now

Yes, that's what the malware does.

Running Combofix would have changed this for you and saved you the time. :)

 

Sorry but you inadvertently posted the Combofix.txt twice.

You didn't post the OTL main report.

Can you please post it for me.

 

Thanks

[pilotbob]

Sorry about that, senior moment again, report follows;

 

OTL logfile created on: 10/11/2011 21:15:49 - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Bob\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.90% Memory free

3.33 Gb Paging File | 2.57 Gb Available in Paging File | 77.28% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 459.74 Gb Total Space | 282.37 Gb Free Space | 61.42% Space Free | Partition Type: NTFS

Drive E: | 382.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 182.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 976.13 Mb Total Space | 505.78 Mb Free Space | 51.82% Space Free | Partition Type: FAT

Drive J: | 15.69 Mb Total Space | 3.45 Mb Free Space | 21.96% Space Free | Partition Type: NTFS

 

Computer Name: LENOVO | User Name: Bob | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Bob\Desktop\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)

PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)

PRC - C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)

PRC - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

PRC - C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

PRC - C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)

PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)

PRC - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)

PRC - C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo)

PRC - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()

PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\WINDOWS\vsnp2uvc.exe (Sonix)

PRC - C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\WINDOWS\system32\PSIService.exe ()

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()

MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\WINDOWS\system32\devenum.dll ()

MOD - C:\Program Files\VMware\VMware Workstation\zlib1.dll ()

MOD - C:\Program Files\VMware\VMware Workstation\libxml2.dll ()

MOD - C:\WINDOWS\system32\cpwmon2k.dll ()

MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()

MOD - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\libeay32.dll ()

MOD - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\ssleay32.dll ()

MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

MOD - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()

MOD - C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll ()

MOD - C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll ()

MOD - C:\Program Files\Intel\Wireless\Bin\IntStngs.dll ()

MOD - C:\WINDOWS\system32\PSIService.exe ()

MOD - C:\WINDOWS\system32\BrMuSNMP.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- File not found

SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)

SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)

SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

SRV - (FNF5SVC) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe (Lenovo.)

SRV - (VMnetDHCP) -- C:\WINDOWS\system32\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMware NAT Service) -- C:\WINDOWS\system32\vmnat.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (FingerprintServer) -- C:\WINDOWS\system32\FpLogonServ.exe (AuthenTec,Inc)

SRV - (vmount2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)

SRV - (PMSveH) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe (Lenovo)

SRV - (nmservice) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe (Pure Networks, Inc.)

SRV - (nmraapache) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)

SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (catchme) -- File not found

DRV - (MpKslc198cbb5) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{659B2E40-74A5-456B-B197-FE482B2A39F5}\MpKslc198cbb5.sys (Microsoft Corporation)

DRV - (RapportCerberus_32301) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys ()

DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)

DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)

DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()

DRV - (RapportIaso) -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys (Trusteer Ltd.)

DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)

DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (TotRec7) -- C:\WINDOWS\system32\drivers\TotRec7.sys (High Criteria inc.)

DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (eusk2par) -- C:\WINDOWS\system32\drivers\eusk2par.sys (Aladdin Knowledge Systems Ltd.)

DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)

DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (hcmon) -- C:\WINDOWS\system32\drivers\hcmon.sys (VMware, Inc.)

DRV - (vmx86) -- C:\WINDOWS\system32\drivers\vmx86.sys (VMware, Inc.)

DRV - (VMnetuserif) -- C:\WINDOWS\system32\drivers\vmnetuserif.sys (VMware, Inc.)

DRV - (vmkbd) -- C:\WINDOWS\system32\drivers\VMkbd.sys (VMware, Inc.)

DRV - (VMnetBridge) -- C:\WINDOWS\system32\drivers\vmnetbridge.sys (VMware, Inc.)

DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)

DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

DRV - (Ser2pl) -- C:\WINDOWS\system32\drivers\ser2pl.sys (Prolific Technology Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\WINDOWS\system32\drivers\atswpdrv.sys (AuthenTec, Inc.)

DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)

DRV - (vstor2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()

DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)

DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

DRV - (PMHler) -- C:\WINDOWS\system32\drivers\PMHler.sys (Lenovo )

DRV - (MTDVC2) -- C:\WINDOWS\system32\drivers\mtdv2ku2.sys (Matsu****a Electric Industrial Co., Ltd.)

DRV - (MTDVC2_ENUM) -- C:\WINDOWS\system32\drivers\mtdv2ks2.sys (Matsu****a Electric Industrial Co., Ltd.)

DRV - (FINEPIX_PCC) -- C:\WINDOWS\system32\drivers\V4CB0127.SYS (FUJI PHOTO FILM CO.,LTD.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/3000notebook [binary data]

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/3000notebook [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://freeola.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

[2011/09/21 18:37:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/08/27 20:25:26 | 000,308,096 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GGLL_en-GB

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U15 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Click to call with Skype = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

 

O1 HOSTS File: ([2011/11/10 20:56:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)

O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Workstation\hqtray.exe (VMware, Inc.)

O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://84.92.80.192:8081/activex/AMC.cab (AxisMediaControlEmb Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2221548-3CF3-4A5C-96F8-327872E6716A}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\ATFUS: DllName - (C:\WINDOWS\system32\FpWinLogonNp.dll) - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)

O20 - Winlogon\Notify\tphotkey: DllName - (C:\Program Files\Lenovo\HOTKEY\tphklock.dll) - C:\Program Files\Lenovo\HOTKEY\tphklock.dll (Lenovo Group Limited)

O24 - Desktop WallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bob\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/04/30 07:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2002/10/16 08:16:14 | 000,000,057 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2002/10/18 13:02:47 | 000,126,976 | R--- | M] (Serif SPC) - E:\autorun.exe -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe - (Adobe Systems Incorporated)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit, Inc.)

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe - (Microsoft Corporation)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AwaySch - hkey= - key= - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

MsConfig - StartUpReg: btbb_McciTrayApp - hkey= - key= - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)

MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)

MsConfig - StartUpReg: cssauth - hkey= - key= - C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)

MsConfig - StartUpReg: DiskeeperSystray - hkey= - key= - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

MsConfig - StartUpReg: FingerPrintSoftware - hkey= - key= - C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)

MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found

MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found

MsConfig - StartUpReg: LPManager - hkey= - key= - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)

MsConfig - StartUpReg: Message Center Plus - hkey= - key= - C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()

MsConfig - StartUpReg: NBAgent - hkey= - key= - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)

MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found

MsConfig - StartUpReg: PMHandler - hkey= - key= - C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig - StartUpReg: TPFNF7 - hkey= - key= - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

MsConfig - StartUpReg: TPWAUDAP - hkey= - key= - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe (Lenovo Group Limited)

MsConfig - StartUpReg: TVT Scheduler Proxy - hkey= - key= - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

MsConfig - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/10 21:13:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.scr

[2011/11/10 20:45:46 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2011/11/10 20:43:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2011/11/10 20:43:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2011/11/10 20:43:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2011/11/10 20:43:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2011/11/10 20:43:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2011/11/10 20:37:41 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/11/10 20:31:07 | 004,289,249 | R--- | C] (Swearware) -- C:\Documents and Settings\Bob\Desktop\Combo.exe

[2011/11/10 19:38:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bob\Recent

[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2011/10/29 17:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\PolderbitS

[2011/10/29 14:36:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\Guitar Stuff

[2011/10/18 21:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bob\My Documents\WM_Bob My Documents

[2011/10/16 19:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2011/10/12 16:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2008/08/01 20:36:08 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL

[2008/07/30 17:34:43 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Bob\Application Data\pcouffin.sys

[2008/04/23 02:13:13 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll

[2008/04/23 02:13:13 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/10 21:13:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bob\Desktop\OTL.scr

[2011/11/10 21:01:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/11/10 20:59:13 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/11/10 20:56:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/11/10 20:56:35 | 000,025,314 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2011/11/10 20:56:26 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/11/10 20:56:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/11/10 20:56:13 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/10 20:45:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2011/11/10 20:31:16 | 004,289,249 | R--- | M] (Swearware) -- C:\Documents and Settings\Bob\Desktop\Combo.exe

[2011/11/10 20:26:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/11/10 20:15:59 | 000,019,967 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\bookmarks_11_10_11.html

[2011/11/10 20:13:24 | 000,000,116 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\SkyDrive.url

[2011/11/10 20:08:13 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Flyer Forum.url

[2011/11/10 20:03:52 | 000,305,176 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\census.cache

[2011/11/10 20:03:36 | 000,253,041 | ---- | M] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\ars.cache

[2011/11/10 19:50:02 | 000,000,233 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\PAFRA Forum.url

[2011/11/10 19:33:38 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\CSA.url

[2011/11/10 19:31:21 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/11/10 19:27:21 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

[2011/11/10 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8033D9A4-F450-416F-9B7C-AB9C030B3C45}.job

[2011/11/09 23:33:22 | 000,000,203 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\XC Weather.url

[2011/11/09 23:20:10 | 000,504,416 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/11/09 23:20:10 | 000,090,150 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/11/09 23:05:36 | 000,000,296 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5k

[2011/11/09 23:00:04 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5kr

[2011/11/09 22:59:59 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iqKl7AdbnVvY5k

[2011/11/09 18:28:34 | 000,000,247 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Booking Calendar.url

[2011/11/09 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job

[2011/11/09 16:59:05 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\ebay.url

[2011/11/08 17:12:39 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat

[2011/11/08 17:12:39 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat

[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys

[2011/11/05 15:48:33 | 000,000,275 | ---- | M] () -- C:\WINDOWS\BTW.INI

[2011/11/04 22:08:23 | 000,000,209 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Jango Music.url

[2011/11/03 17:07:37 | 000,000,155 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011/11/02 17:16:52 | 000,000,246 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\PC Help PBEK.url

[2011/10/29 18:05:03 | 000,010,915 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

[2011/10/29 17:53:45 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\Drv64_32.dat

[2011/10/28 20:27:06 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2011/10/27 18:43:44 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\spider.sav

[2011/10/27 17:59:11 | 000,473,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/10/23 13:15:50 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Acroread.ini

[2011/10/22 10:05:31 | 000,005,054 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\HD2 Forum.url

[2011/10/18 21:45:32 | 000,000,076 | ---- | M] () -- C:\WINDOWS\pwkforms.ini

[2011/10/18 16:30:07 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\PROTOCOL.INI

[2011/10/16 19:38:15 | 000,017,888 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\cc_20111016_203811.reg

[2011/10/16 19:03:44 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif

[2011/10/16 08:07:14 | 000,000,265 | ---- | M] () -- C:\Documents and Settings\Bob\Desktop\Met Office.url

[2011/10/13 19:15:49 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2011/10/13 16:47:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2011/10/12 17:11:42 | 000,006,278 | ---- | M] () -- C:\Documents and Settings\Bob\My Documents\cc_20111012_181137.reg

[2011/10/11 22:17:24 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DiagHead.lnk

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/10 20:45:54 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2011/11/10 20:45:50 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2011/11/10 20:43:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/11/10 20:43:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/11/10 20:43:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/11/10 20:43:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/11/10 20:43:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/11/10 20:15:59 | 000,019,967 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\bookmarks_11_10_11.html

[2011/11/10 20:13:12 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Bob\Desktop\SkyDrive.url

[2011/11/10 20:03:52 | 000,305,176 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\census.cache

[2011/11/10 20:03:36 | 000,253,041 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\ars.cache

[2011/11/10 19:31:21 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

[2011/11/09 23:14:52 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys

[2011/11/09 23:00:04 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5k

[2011/11/09 23:00:04 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5kr

[2011/11/09 22:59:59 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iqKl7AdbnVvY5k

[2011/10/29 17:53:21 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\Drv64_32.dat

[2011/10/16 19:38:13 | 000,017,888 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\cc_20111016_203811.reg

[2011/10/16 19:03:44 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif

[2011/10/16 19:03:41 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2011/10/16 19:02:41 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/10/12 17:11:40 | 000,006,278 | ---- | C] () -- C:\Documents and Settings\Bob\My Documents\cc_20111012_181137.reg

[2011/10/01 18:37:01 | 000,037,192 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\Microsoft Excel.ADR

[2011/09/28 16:06:44 | 000,037,203 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\Comma Separated Values (Windows).ADR

[2011/08/16 16:57:59 | 000,000,052 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\mm-device-08.ini

[2011/05/18 16:12:36 | 000,007,620 | -HS- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2

[2011/05/18 16:12:36 | 000,007,620 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2

[2011/05/08 09:11:14 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat

[2011/05/08 09:11:14 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat

[2011/05/02 22:30:50 | 001,144,147 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll

[2011/05/02 22:27:54 | 003,935,545 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll

[2011/05/02 20:23:46 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll

[2011/05/02 20:19:34 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2011/05/02 20:19:20 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll

[2011/05/02 09:26:21 | 000,789,346 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1680706785-1795540141-2034184868-1008-0.dat

[2011/04/23 18:51:11 | 000,394,810 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011/03/30 21:22:16 | 000,000,998 | ---- | C] () -- C:\WINDOWS\OBD.INI

[2011/03/18 21:32:44 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll

[2011/03/18 21:29:56 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll

[2011/03/18 21:28:30 | 001,557,504 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll

[2011/03/18 21:27:08 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll

[2011/03/18 21:26:44 | 000,484,864 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll

[2011/03/18 21:25:38 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll

[2011/03/18 21:25:24 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll

[2011/03/03 11:40:08 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll

[2011/03/03 11:39:56 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll

[2011/03/03 11:39:46 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll

[2011/03/03 11:39:34 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll

[2011/03/03 11:39:02 | 000,113,152 | ---- | C] () -- C:\WINDOWS\System32\dsmux.exe

[2011/03/03 11:38:54 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll

[2011/03/03 11:38:40 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll

[2011/03/03 11:38:10 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll

[2011/03/03 11:38:04 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\mkv2vfr.exe

[2011/03/03 11:37:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll

[2011/03/03 11:37:40 | 000,358,400 | ---- | C] () -- C:\WINDOWS\System32\gdsmux.exe

[2011/03/03 11:35:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll

[2011/03/03 11:35:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll

[2011/02/22 19:39:04 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2011/02/22 19:37:30 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2011/02/09 17:34:24 | 000,459,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/02/01 17:06:09 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\vmcoinst_vc0305.dll

[2010/12/24 23:41:33 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\housecall.guid.cache

[2010/08/27 11:52:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/08/18 19:56:38 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini

[2010/05/25 17:04:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\NReq.dat

[2010/05/25 17:04:18 | 000,000,052 | ---- | C] () -- C:\WINDOWS\System32\CNFrs.drv

[2010/01/22 07:50:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\prvlcl.dat

[2009/11/23 17:58:56 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll

[2009/11/01 22:17:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll

[2009/10/31 14:59:44 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll

[2009/10/29 20:36:00 | 000,000,208 | ---- | C] () -- C:\WINDOWS\System32\xpysys.dll

[2009/09/17 19:01:27 | 000,225,280 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\SharedSettings.ccs

[2009/09/16 13:19:20 | 001,015,808 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2009/09/16 13:19:20 | 000,220,160 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll

[2009/09/16 13:19:17 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2009/09/16 13:19:17 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\libfaac.dll

[2009/09/16 13:19:16 | 001,163,264 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2009/09/16 13:19:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2009/09/16 13:19:16 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll

[2009/08/11 21:21:26 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\ac3config.exe

[2009/08/11 21:21:20 | 001,021,440 | ---- | C] () -- C:\WINDOWS\System32\ac3filter_intl.dll

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2009/04/30 17:53:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2009/02/01 15:24:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI

[2009/01/30 12:12:07 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2008/11/06 15:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/10/06 20:25:19 | 000,010,915 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008/10/04 14:23:57 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc

[2008/08/28 21:40:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI

[2008/08/08 19:25:39 | 000,030,048 | ---- | C] () -- C:\WINDOWS\unsetup.exe

[2008/08/08 19:25:33 | 000,000,275 | ---- | C] () -- C:\WINDOWS\BTW.INI

[2008/08/01 20:46:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Acroread.ini

[2008/07/31 22:28:28 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008/07/31 22:08:22 | 000,000,099 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\ftpfile.dat

[2008/07/30 20:57:08 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib

[2008/07/30 19:21:27 | 000,002,528 | -H-- | C] () -- C:\Documents and Settings\Bob\Application Data\$_hpcst$.hpc

[2008/07/30 17:34:56 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll

[2008/07/30 17:34:43 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\ezpinst.exe

[2008/07/30 17:34:43 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\pcouffin.cat

[2008/07/30 17:34:43 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Bob\Application Data\pcouffin.inf

[2008/07/30 15:42:05 | 000,000,424 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS

[2008/07/30 15:30:31 | 000,000,076 | ---- | C] () -- C:\WINDOWS\pwkforms.ini

[2008/07/30 14:23:56 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/07/30 08:08:55 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll

[2008/07/30 08:08:55 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

[2008/07/29 21:32:15 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/07/29 21:32:15 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008/07/29 21:31:49 | 000,000,226 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2008/07/29 21:31:49 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2008/07/29 21:31:49 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat

[2008/07/29 21:31:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat

[2008/07/29 21:31:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2008/07/29 21:29:26 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2008/07/29 21:04:50 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI

[2008/07/29 17:21:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/07/29 16:06:44 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\A98658C768.sys

[2008/07/29 16:06:43 | 000,005,954 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2008/04/23 02:50:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2008/04/23 02:32:18 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys

[2008/04/23 02:30:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe

[2008/04/23 02:22:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2008/04/23 02:22:17 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2008/04/23 02:22:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2008/04/23 02:22:17 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2008/04/23 02:22:17 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2008/04/23 02:22:17 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2008/04/23 02:16:37 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll

[2008/04/23 02:16:37 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll

[2008/04/23 02:16:30 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe

[2008/04/23 02:15:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe

[2008/04/23 02:15:15 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat

[2008/04/23 02:13:58 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll

[2008/04/23 02:13:14 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini

[2008/04/23 02:13:13 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys

[2008/04/23 02:07:27 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config

[2007/08/16 10:28:38 | 000,025,314 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI

[2007/02/09 19:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2006/11/12 04:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll

[2006/11/03 03:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe

[2006/04/30 07:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2006/04/30 07:22:10 | 000,000,045 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2006/04/30 07:19:56 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006/04/30 07:10:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2006/04/30 06:55:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006/04/30 06:55:55 | 000,504,416 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2006/04/30 06:55:55 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2006/04/30 06:55:55 | 000,090,150 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2006/04/30 06:55:55 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2006/04/30 06:55:54 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2006/04/30 06:55:52 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2006/04/30 06:55:50 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2006/04/30 06:55:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2006/04/30 06:55:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2006/04/30 06:55:37 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2006/04/30 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2006/04/30 00:04:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/04/30 00:03:29 | 000,473,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2006/03/04 04:52:00 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\OptimFROG.dll

[2003/03/27 13:18:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\akrip.dll

[2002/03/18 11:37:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\ezmp3enc.dll

[2002/03/04 09:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

[2001/11/14 19:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

[2000/09/13 17:15:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll

[1999/01/22 18:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

 

========== LOP Check ==========

 

[2009/09/16 23:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica

[2008/10/08 19:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo

[2008/12/14 10:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery

[2011/10/16 19:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012

[2010/12/05 11:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2008/09/14 12:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BDEnetfile

[2010/12/24 23:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bOgHm05310

[2008/11/05 19:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland

[2009/10/07 16:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations

[2011/03/04 15:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CoffeeCup Software

[2010/12/05 11:52:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files

[2011/11/08 17:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2008/07/30 17:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVDXStudio

[2009/08/14 21:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM

[2009/08/14 21:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail

[2010/03/19 18:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions

[2010/04/09 22:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2011/02/27 19:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jEkOcKn06308

[2009/08/30 15:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2009/08/31 13:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe

[2011/05/03 21:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\M-Audio

[2011/11/09 21:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Memory-Map-License

[2011/10/16 19:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData

[2009/08/21 13:16:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2010/01/17 09:59:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks

[2009/09/22 11:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic

[2008/10/06 18:10:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters

[2009/05/29 17:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2011/07/25 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCB Artist

[2010/01/14 17:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2010/03/02 17:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail

[2011/02/19 23:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT

[2008/07/29 21:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2008/08/10 10:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft

[2008/07/29 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaskMgr

[2009/12/22 22:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer

[2011/03/09 17:32:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0

[2011/09/14 16:54:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~1

[2009/09/16 23:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Acoustica

[2011/06/19 15:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Arduino

[2008/10/08 19:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Ashampoo

[2011/02/15 17:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Business Suite

[2011/06/22 18:23:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\CoffeeCup Software

[2008/07/31 08:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\DAEMON Tools

[2011/11/05 16:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\DAEMON Tools Lite

[2011/10/08 11:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\DevFind

[2009/06/23 16:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Downloaded Installations

[2008/08/06 19:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\ESBUnitConv

[2008/10/20 21:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Inkscape

[2009/12/07 20:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\KEDDS

[2008/07/29 16:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Leadertech

[2009/08/30 15:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Lenovo

[2009/07/01 19:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Nokia

[2008/08/20 18:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Nvu

[2009/04/13 13:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\OpenOffice.org

[2009/12/28 21:27:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\PC Suite

[2011/02/15 18:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\PO Management

[2011/01/10 18:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\ScanSoft

[2009/01/30 12:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Serif

[2009/12/07 20:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Skinux

[2008/09/19 14:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\SlySoft

[2011/06/18 15:35:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\SoftMaker

[2011/11/06 14:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Spotify

[2009/05/01 21:05:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Thunderbird

[2009/08/15 12:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\TotalRecorder

[2009/12/22 22:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Trusteer

[2009/08/31 15:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Vso

[2011/01/18 17:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bob\Application Data\Watchtower

[2011/11/10 21:01:25 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

[2011/11/09 18:00:00 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

[2011/10/13 19:15:49 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2011/11/10 18:44:29 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8033D9A4-F450-416F-9B7C-AB9C030B3C45}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2011/03/30 19:09:35 | 000,001,024 | ---- | M] () -- C:\.rnd

[2011/09/07 18:28:05 | 000,021,276 | ---- | M] () -- C:\aaw7boot.log

[2010/05/07 17:35:26 | 000,034,228 | ---- | M] () -- C:\ASLog.txt

[2006/04/30 07:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2008/07/30 05:18:43 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2011/11/10 20:45:54 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2011/11/10 21:05:54 | 000,026,032 | ---- | M] () -- C:\ComboFix.txt

[2006/04/30 07:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2008/04/23 02:23:26 | 000,001,496 | ---- | M] () -- C:\drivez.log

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2009/12/22 14:10:57 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log

[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2011/11/10 20:56:13 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys

[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2006/04/30 07:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2006/04/30 07:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/07/29 22:36:35 | 000,250,048 | RHS- | M] () -- C:\NTLDR

[2004/02/29 15:44:34 | 000,052,576 | ---- | M] () -- C:\orange.bmp

[2011/11/10 20:56:11 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

[2008/04/23 02:15:26 | 000,000,542 | ---- | M] () -- C:\RHDSetup.log

[2008/04/23 02:02:13 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl

[2008/09/28 16:36:04 | 000,000,336 | ---- | M] () -- C:\TPHKLOCK.TXT

[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

[2001/11/20 13:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\Spool\prtprocs\w32x86\ppbiPr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011/08/11 17:08:01 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

 

< %systemroot%\system32\*.exe /lockedfiles >

[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 

< %systemroot%\System32\config\*.sav >

[2006/04/30 00:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2006/04/30 00:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2006/04/30 00:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 

< %PROGRAMFILES%\* >

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/11/08 03:02:58 | 001,036,344 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 11:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >

[Starbuck]

Hi pilotbob

 

Sorry about that, senior moment again

Don't worry, i've had a few of those in my time. :o

 

 

Step 1

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:otl
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1409_0\plugins/avgnpss.dll
O2 - BHO: (Reg Error: Value error.) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
[2011/10/12 16:44:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/11/09 23:00:04 | 000,000,296 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5k
[2011/11/09 23:00:04 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5kr
[2011/11/09 22:59:59 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iqKl7AdbnVvY5k
[2011/05/18 16:12:36 | 000,007,620 | -HS- | C] () -- C:\Documents and Settings\Bob\Local Settings\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2
[2011/05/18 16:12:36 | 000,007,620 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2
[2011/10/16 19:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/12/05 11:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/02/27 19:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jEkOcKn06308

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

Step 2

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) 7 Update 1 and save it to your desktop.
  
• Scroll down to where it says "Java SE 7 Update 1".
  
• Click the "Download JRE" button to the right.
  
• Accept the license agreement.
  
• select 'Windows x86'offline from the list.
  
• Save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  .
  J2SE Runtime Environment 5.0 Update 6
  Java™ 6 Update 7
  Java™ 6 Update 15
  .
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u1-windows-i586-p.exe to install the newest version.

 

 

Step 3

I'd like you to do an ESET OnlineScan

 

You may find it beneficial to close your resident AV program before running the scan.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
   
  
• Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
   
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer.
    Save it to your desktop.
    
  • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
    

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

  [*]Accept any security warnings from your browser.

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

  [*]Click the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

  [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.

  Include the contents of this report in your next reply.

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

  [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

 

Note:

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )

To prevent this happening:

When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

 

Enable Anti-Stealth technology

 

http://img.photobucket.com/albums/v708/starbuck50/eset.png

 

 

 

In your next reply, please submit:

OTL fix report

Eset scan report

 

 

Thanks.

[pilotbob]

OK, OTL scan run again, report below. Java removed and re-installed up to date.

Prior to running ESET online scan, msse found and removed the following too,

 

Adware:Win32/ClickPotato

Adware:Win32/OpenCandy

Exploit:Java/Blacole.AR

Exploit:Java/CVE-2010-4452.E

Exploit:Java/Blacole.AN

Exploit:Java/Blacole.AQ

Exploit:Java/Blacole.AP

Exploit:Java/Blacole.AO

Exploit:Java/Blacole.AR

Exploit:Java/CVE-2010-0840.HH

Exploit:Java/CVE-2010-0840.DR

TrojanDownloader:Java/OpenConnection.OU

 

During the ESET scan the following was found and removed by msse.

Trojan:Win32/FakeSysdef

 

 

Scan Reports below;

 

All processes killed

========== OTL ==========

File C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\10.0.0.1409_0\plugins/avgnpss.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\ deleted successfully.

C:\Program Files\Microsoft Money\System\mnyside.dll moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.

C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG2012 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5k moved successfully.

C:\Documents and Settings\All Users\Application Data\~iqKl7AdbnVvY5kr moved successfully.

C:\Documents and Settings\All Users\Application Data\iqKl7AdbnVvY5k moved successfully.

C:\Documents and Settings\Bob\Local Settings\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2 moved successfully.

C:\Documents and Settings\All Users\Application Data\d8nrjf2804qr7jcivv287xs38p6vv5w5vh64t1lc2 moved successfully.

Folder C:\Documents and Settings\All Users\Application Data\AVG2012\ not found.

C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.

Folder C:\Documents and Settings\All Users\Application Data\jEkOcKn06308\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Bob\Desktop\System Tools\cmd.bat deleted successfully.

C:\Documents and Settings\Bob\Desktop\System Tools\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: All Users

 

User: Bob

->Temp folder emptied: 14773888 bytes

->Temporary Internet Files folder emptied: 27673155 bytes

->Java cache emptied: 27976417 bytes

->Google Chrome cache emptied: 6235663 bytes

->Flash cache emptied: 1433 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 56466 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 49286 bytes

 

User: NetworkService

->Temp folder emptied: 15102 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19593 bytes

%systemroot%\System32 .tmp files removed: 5540749 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 101223 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 689 bytes

 

Total Files Cleaned = 79.00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 11112011_073915

Files\Folders moved on Reboot...

C:\Documents and Settings\Bob\Local Settings\Temp\WCESLog.log moved successfully.

C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\WOM906MR\ads[5].htm moved successfully.

C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\W1NLWHOJ\12620-Icons-quot-Greyed-quot-after-infection-Why[2].htm moved successfully.

C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\W1NLWHOJ\KIS2012_728x90_uk_mexad[1].html moved successfully.

C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\CL0LRL37\ads[8].htm moved successfully.

C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\4PXQ81JO\sed[1].htm moved successfully.

C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\WINDOWS\temp\Perflib_Perfdata_14c.dat moved successfully.

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_dd4.dat not found!

Registry entries deleted on Reboot...

 

 

C:\Documents and Settings\Bob\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined

C:\System Volume Information\_restore{A8393674-085C-4723-B63E-39928C5F4C89}\RP581\A0138881.exe a variant of Win32/Kryptik.UOE trojan cleaned by deleting - quarantined

[Starbuck]

Hi pilotbob

 

 

Download aswMBR and save it to your desktop.

• Double click the aswMBR.exe to run it.
  
• The latest version gives you the option of adding the latest Avast definitions:
   
  http://img.photobucket.com/albums/v708/starbuck50/new/03-07-201116-24-19.png
   
  
• It is recommended at this time to click NO. ( as there is a possibility of crashing the system)
  
• Click the Scan button to start scan.
  

http://img.photobucket.com/albums/v708/starbuck50/new/asw1.gif

 

On completion of the scan click Save log and save it to your desktop.

 

http://img.photobucket.com/albums/v708/starbuck50/new/asw2.gif

 

Please post this in your reply.

 

NOTE:

aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

[pilotbob]

Many thanks again for your continued support, latest scan results below;

 

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-11 17:09:13

-----------------------------

17:09:13.609 OS Version: Windows 5.1.2600 Service Pack 3

17:09:13.609 Number of processors: 2 586 0xF0D

17:09:13.609 ComputerName: LENOVO UserName: Bob

17:09:15.484 Initialize success

17:09:42.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

17:09:42.812 Disk 0 Vendor: FUJITSU_ 0000 Size: 476940MB BusType: 3

17:09:42.812 Disk 1 \Device\Harddisk1\DR4 -> \Device\000000a0

17:09:42.812 Disk 1 Vendor: RICOH 01 Size: 976MB BusType: 0

17:09:44.890 Disk 0 MBR read successfully

17:09:44.890 Disk 0 MBR scan

17:09:44.890 Disk 0 unknown MBR code

17:09:44.890 Disk 0 scanning sectors +976768065

17:09:44.968 Disk 0 scanning C:\WINDOWS\system32\drivers

17:09:58.718 Service scanning

17:09:59.328 Service MpKsl4fb75db6 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3A00AE24-F257-461D-8528-98D6FBBF8C15}\MpKsl4fb75db6.sys **LOCKED** 32

17:09:59.453 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

17:10:00.046 Modules scanning

17:10:25.453 Disk 0 trace - called modules:

17:10:25.562 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys sptd.sys

17:10:25.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a7446c8]

17:10:25.578 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000090[0x8a761b58]

17:10:25.578 5 ACPI.sys[f7498620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a75c030]

17:10:25.578 Scan finished successfully

17:10:47.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bob\Desktop\MBR.dat"

17:10:47.515 The log file has been saved successfully to "C:\Documents and Settings\Bob\Desktop\aswMBR.txt"

[Starbuck]

Hi pilotbob

 

• Download TDSSKiller and save it to your Desktop.
   
  
• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• Vista/Win7 users should right-click and select Run As Administrator.
   
  http://img.photobucket.com/albums/v708/starbuck50/new/tdss1.png
   
  
• If an infected file is detected, the default action will be Cure, click on Continue.
   
  http://img.photobucket.com/albums/v708/starbuck50/new/tdss2.png
   
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
   
  http://img.photobucket.com/albums/v708/starbuck50/new/tdss3.png
   
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   
  http://img.photobucket.com/albums/v708/starbuck50/new/tdss4.png
   
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply.
   
  

 

Thanks

[pilotbob]

Scan completed results below;

 

11:44:58.0750 3560 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15

11:44:59.0015 3560 ============================================================

11:44:59.0015 3560 Current date / time: 2011/11/12 11:44:59.0015

11:44:59.0015 3560 SystemInfo:

11:44:59.0015 3560

11:44:59.0015 3560 OS Version: 5.1.2600 ServicePack: 3.0

11:44:59.0015 3560 Product type: Workstation

11:44:59.0015 3560 ComputerName: LENOVO

11:44:59.0015 3560 UserName: Bob

11:44:59.0015 3560 Windows directory: C:\WINDOWS

11:44:59.0015 3560 System windows directory: C:\WINDOWS

11:44:59.0015 3560 Processor architecture: Intel x86

11:44:59.0015 3560 Number of processors: 2

11:44:59.0015 3560 Page size: 0x1000

11:44:59.0015 3560 Boot type: Normal boot

11:44:59.0015 3560 ============================================================

11:44:59.0859 3560 Initialize success

11:45:23.0656 5560 ============================================================

11:45:23.0656 5560 Scan started

11:45:23.0656 5560 Mode: Manual;

11:45:23.0656 5560 ============================================================

11:45:24.0046 5560 Abiosdsk - ok

11:45:24.0093 5560 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

11:45:24.0093 5560 abp480n5 - ok

11:45:24.0218 5560 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

11:45:24.0218 5560 ac97intc - ok

11:45:24.0281 5560 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:45:24.0296 5560 ACPI - ok

11:45:24.0406 5560 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

11:45:24.0406 5560 ACPIEC - ok

11:45:24.0453 5560 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

11:45:24.0453 5560 adpu160m - ok

11:45:24.0593 5560 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:45:24.0609 5560 aec - ok

11:45:24.0765 5560 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys

11:45:24.0781 5560 AegisP - ok

11:45:24.0890 5560 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

11:45:24.0890 5560 AFD - ok

11:45:25.0031 5560 AgereSoftModem (4e6294a06be883c9bd685a8dfd9fcd4e) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

11:45:25.0062 5560 AgereSoftModem - ok

11:45:25.0156 5560 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

11:45:25.0156 5560 agp440 - ok

11:45:25.0281 5560 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

11:45:25.0281 5560 agpCPQ - ok

11:45:25.0343 5560 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

11:45:25.0343 5560 Aha154x - ok

11:45:25.0453 5560 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

11:45:25.0453 5560 aic78u2 - ok

11:45:25.0468 5560 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

11:45:25.0468 5560 aic78xx - ok

11:45:25.0484 5560 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

11:45:25.0484 5560 AliIde - ok

11:45:25.0515 5560 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

11:45:25.0515 5560 alim1541 - ok

11:45:25.0546 5560 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

11:45:25.0546 5560 amdagp - ok

11:45:25.0656 5560 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

11:45:25.0671 5560 amsint - ok

11:45:25.0734 5560 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS

11:45:25.0750 5560 ANC - ok

11:45:25.0859 5560 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

11:45:25.0859 5560 Arp1394 - ok

11:45:25.0968 5560 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

11:45:25.0984 5560 asc - ok

11:45:26.0031 5560 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

11:45:26.0031 5560 asc3350p - ok

11:45:26.0109 5560 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

11:45:26.0109 5560 asc3550 - ok

11:45:26.0250 5560 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:45:26.0250 5560 AsyncMac - ok

11:45:26.0328 5560 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:45:26.0328 5560 atapi - ok

11:45:26.0437 5560 Atdisk - ok

11:45:26.0562 5560 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:45:26.0562 5560 Atmarpc - ok

11:45:26.0718 5560 ATSWPDRV (f70d2392158cb68e775f8c4cd3d12fbb) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys

11:45:26.0718 5560 ATSWPDRV - ok

11:45:26.0781 5560 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:45:26.0781 5560 audstub - ok

11:45:26.0937 5560 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

11:45:26.0937 5560 b57w2k - ok

11:45:27.0000 5560 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:45:27.0000 5560 Beep - ok

11:45:27.0171 5560 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys

11:45:27.0171 5560 btaudio - ok

11:45:27.0281 5560 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys

11:45:27.0281 5560 BTDriver - ok

11:45:27.0453 5560 BTKRNL (d84166d41a05f66d9084039427e5025b) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

11:45:27.0468 5560 BTKRNL - ok

11:45:27.0671 5560 BTWDNDIS (b1d350f3f13cf340fce93912d2ba1ebf) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

11:45:27.0671 5560 BTWDNDIS - ok

11:45:27.0718 5560 btwmodem (e206ec370646e42dc862fd995869d31d) C:\WINDOWS\system32\DRIVERS\btwmodem.sys

11:45:27.0718 5560 btwmodem - ok

11:45:27.0906 5560 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys

11:45:27.0906 5560 BTWUSB - ok

11:45:27.0921 5560 catchme - ok

11:45:28.0093 5560 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

11:45:28.0093 5560 cbidf - ok

11:45:28.0234 5560 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:45:28.0250 5560 cbidf2k - ok

11:45:28.0312 5560 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

11:45:28.0312 5560 CCDECODE - ok

11:45:28.0484 5560 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

11:45:28.0484 5560 cd20xrnt - ok

11:45:28.0656 5560 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:45:28.0656 5560 Cdaudio - ok

11:45:28.0781 5560 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:45:28.0781 5560 Cdfs - ok

11:45:28.0890 5560 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:45:28.0890 5560 Cdrom - ok

11:45:28.0953 5560 Changer - ok

11:45:29.0031 5560 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

11:45:29.0031 5560 CmBatt - ok

11:45:29.0156 5560 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

11:45:29.0156 5560 CmdIde - ok

11:45:29.0375 5560 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

11:45:29.0375 5560 Compbatt - ok

11:45:29.0546 5560 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

11:45:29.0546 5560 Cpqarray - ok

11:45:29.0734 5560 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

11:45:29.0734 5560 dac2w2k - ok

11:45:29.0890 5560 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

11:45:29.0890 5560 dac960nt - ok

11:45:29.0968 5560 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:45:29.0968 5560 Disk - ok

11:45:30.0203 5560 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:45:30.0218 5560 dmboot - ok

11:45:30.0437 5560 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:45:30.0437 5560 dmio - ok

11:45:30.0593 5560 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:45:30.0593 5560 dmload - ok

11:45:30.0796 5560 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:45:30.0812 5560 DMusic - ok

11:45:30.0968 5560 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

11:45:30.0968 5560 dpti2o - ok

11:45:31.0171 5560 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:45:31.0171 5560 drmkaud - ok

11:45:31.0343 5560 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

11:45:31.0343 5560 E100B - ok

11:45:31.0562 5560 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

11:45:31.0562 5560 ElbyCDFL - ok

11:45:31.0765 5560 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

11:45:31.0765 5560 ElbyCDIO - ok

11:45:31.0984 5560 eusk2par (0c79689b4840ef8ec522598343f26849) C:\WINDOWS\system32\Drivers\eusk2par.sys

11:45:32.0000 5560 eusk2par - ok

11:45:32.0203 5560 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:45:32.0218 5560 Fastfat - ok

11:45:32.0421 5560 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

11:45:32.0421 5560 Fdc - ok

11:45:32.0609 5560 FINEPIX_PCC (c05d16c1ef3f5519764fefdf281ca4d2) C:\WINDOWS\system32\Drivers\V4CB0127.SYS

11:45:32.0609 5560 FINEPIX_PCC - ok

11:45:32.0687 5560 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:45:32.0703 5560 Fips - ok

11:45:32.0906 5560 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

11:45:32.0906 5560 Flpydisk - ok

11:45:33.0109 5560 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:45:33.0109 5560 FltMgr - ok

11:45:33.0281 5560 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:45:33.0281 5560 Fs_Rec - ok

11:45:33.0390 5560 FTDIBUS (8142d5d886829b9876cb93af59475c09) C:\WINDOWS\system32\drivers\ftdibus.sys

11:45:33.0390 5560 FTDIBUS - ok

11:45:33.0437 5560 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:45:33.0437 5560 Ftdisk - ok

11:45:33.0546 5560 FTSER2K (63d72a4cf9f163b59db0ceed940a7d76) C:\WINDOWS\system32\drivers\ftser2k.sys

11:45:33.0546 5560 FTSER2K - ok

11:45:33.0640 5560 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:45:33.0640 5560 Gpc - ok

11:45:33.0765 5560 hcmon (d0a5716e6095ec080f5a1a5892e9fdc6) C:\WINDOWS\system32\Drivers\hcmon.sys

11:45:33.0765 5560 hcmon - ok

11:45:33.0875 5560 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

11:45:33.0875 5560 HDAudBus - ok

11:45:34.0031 5560 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:45:34.0031 5560 HidUsb - ok

11:45:34.0203 5560 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

11:45:34.0203 5560 hpn - ok

11:45:34.0421 5560 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

11:45:34.0421 5560 HTTP - ok

11:45:34.0625 5560 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

11:45:34.0625 5560 i2omgmt - ok

11:45:34.0812 5560 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

11:45:34.0812 5560 i2omp - ok

11:45:35.0156 5560 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:45:35.0156 5560 i8042prt - ok

11:45:35.0406 5560 ialm (c1c2d6940d6ec2f247b0f3c11e0a18e0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

11:45:35.0531 5560 ialm - ok

11:45:35.0703 5560 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\DRIVERS\iaStor.sys

11:45:35.0703 5560 iaStor - ok

11:45:35.0765 5560 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys

11:45:35.0781 5560 IBMTPCHK - ok

11:45:36.0000 5560 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:45:36.0000 5560 Imapi - ok

11:45:36.0046 5560 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

11:45:36.0046 5560 ini910u - ok

11:45:36.0328 5560 IntcAzAudAddService (8f924588c272fdaa28cf31a9bbc21a72) C:\WINDOWS\system32\drivers\RtkHDAud.sys

11:45:36.0437 5560 IntcAzAudAddService - ok

11:45:36.0640 5560 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

11:45:36.0640 5560 IntelIde - ok

11:45:36.0828 5560 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:45:36.0828 5560 intelppm - ok

11:45:37.0031 5560 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:45:37.0031 5560 Ip6Fw - ok

11:45:37.0187 5560 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:45:37.0203 5560 IpFilterDriver - ok

11:45:37.0265 5560 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:45:37.0265 5560 IpInIp - ok

11:45:37.0468 5560 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:45:37.0468 5560 IpNat - ok

11:45:37.0671 5560 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:45:37.0671 5560 IPSec - ok

11:45:37.0812 5560 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:45:37.0812 5560 IRENUM - ok

11:45:37.0890 5560 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:45:37.0906 5560 isapnp - ok

11:45:37.0968 5560 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys

11:45:38.0000 5560 Iviaspi - ok

11:45:38.0171 5560 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:45:38.0171 5560 Kbdclass - ok

11:45:38.0203 5560 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:45:38.0203 5560 kmixer - ok

11:45:38.0281 5560 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:45:38.0281 5560 KSecDD - ok

11:45:38.0375 5560 Lavasoft Kernexplorer - ok

11:45:38.0437 5560 lbrtfdc - ok

11:45:38.0468 5560 MAUSBML - ok

11:45:38.0531 5560 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:45:38.0531 5560 mnmdd - ok

11:45:38.0640 5560 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:45:38.0640 5560 Modem - ok

11:45:38.0687 5560 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:45:38.0687 5560 Mouclass - ok

11:45:38.0796 5560 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:45:38.0796 5560 MountMgr - ok

11:45:38.0859 5560 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

11:45:38.0859 5560 MpFilter - ok

11:45:38.0937 5560 MpKsl0a72a4ed - ok

11:45:38.0953 5560 MpKsl1132a2a8 - ok

11:45:39.0015 5560 MpKsl771f9dee (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E3D1B4D-6DCA-4E7A-B176-9BEDCBDE55E7}\MpKsl771f9dee.sys

11:45:39.0015 5560 MpKsl771f9dee - ok

11:45:39.0125 5560 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

11:45:39.0140 5560 mraid35x - ok

11:45:39.0203 5560 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

11:45:39.0203 5560 MREMP50 - ok

11:45:39.0312 5560 MREMPR5 - ok

11:45:39.0328 5560 MRENDIS5 - ok

11:45:39.0406 5560 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

11:45:39.0421 5560 MRESP50 - ok

11:45:39.0546 5560 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:45:39.0546 5560 MRxDAV - ok

11:45:39.0718 5560 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:45:39.0718 5560 MRxSmb - ok

11:45:39.0875 5560 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:45:39.0875 5560 Msfs - ok

11:45:39.0937 5560 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:45:39.0937 5560 MSKSSRV - ok

11:45:40.0062 5560 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:45:40.0062 5560 MSPCLOCK - ok

11:45:40.0140 5560 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:45:40.0140 5560 MSPQM - ok

11:45:40.0296 5560 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:45:40.0296 5560 mssmbios - ok

11:45:40.0359 5560 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

11:45:40.0359 5560 MSTEE - ok

11:45:40.0484 5560 MTDVC2 (cd3c06f56104bac9268587bf1c25a84c) C:\WINDOWS\system32\DRIVERS\mtdv2ku2.sys

11:45:40.0484 5560 MTDVC2 - ok

11:45:40.0546 5560 MTDVC2_ENUM (a25b4cec85388f2e88567b4d629aa6e4) C:\WINDOWS\system32\DRIVERS\mtdv2ks2.sys

11:45:40.0546 5560 MTDVC2_ENUM - ok

11:45:40.0656 5560 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

11:45:40.0656 5560 Mup - ok

11:45:40.0718 5560 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

11:45:40.0718 5560 NABTSFEC - ok

11:45:40.0843 5560 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:45:40.0843 5560 NDIS - ok

11:45:40.0906 5560 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

11:45:40.0906 5560 NdisIP - ok

11:45:41.0046 5560 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:45:41.0046 5560 NdisTapi - ok

11:45:41.0109 5560 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:45:41.0125 5560 Ndisuio - ok

11:45:41.0234 5560 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:45:41.0250 5560 NdisWan - ok

11:45:41.0312 5560 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

11:45:41.0312 5560 NDProxy - ok

11:45:41.0468 5560 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:45:41.0468 5560 NetBIOS - ok

11:45:41.0500 5560 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:45:41.0515 5560 NetBT - ok

11:45:41.0671 5560 NETw3x32 (f43da6b7e26fff9ac4d3210f2f9b5d8c) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys

11:45:41.0718 5560 NETw3x32 - ok

11:45:42.0015 5560 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

11:45:42.0015 5560 NIC1394 - ok

11:45:42.0062 5560 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:45:42.0062 5560 Npfs - ok

11:45:42.0187 5560 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:45:42.0203 5560 Ntfs - ok

11:45:42.0359 5560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:45:42.0359 5560 Null - ok

11:45:42.0437 5560 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

11:45:42.0468 5560 nv - ok

11:45:42.0609 5560 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:45:42.0609 5560 NwlnkFlt - ok

11:45:42.0671 5560 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:45:42.0671 5560 NwlnkFwd - ok

11:45:42.0812 5560 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

11:45:42.0812 5560 ohci1394 - ok

11:45:42.0875 5560 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:45:42.0875 5560 Parport - ok

11:45:43.0015 5560 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:45:43.0015 5560 PartMgr - ok

11:45:43.0078 5560 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:45:43.0078 5560 ParVdm - ok

11:45:43.0171 5560 PbsAuDrv - ok

11:45:43.0234 5560 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

11:45:43.0234 5560 pccsmcfd - ok

11:45:43.0437 5560 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:45:43.0437 5560 PCI - ok

11:45:43.0593 5560 PCIDump - ok

11:45:43.0656 5560 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:45:43.0656 5560 PCIIde - ok

11:45:43.0843 5560 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

11:45:43.0843 5560 Pcmcia - ok

11:45:43.0953 5560 pcouffin (02aaafb7ba137ce5ddabcdf8090954d9) C:\WINDOWS\system32\Drivers\pcouffin.sys

11:45:43.0953 5560 pcouffin - ok

11:45:44.0078 5560 PDCOMP - ok

11:45:44.0125 5560 PDFRAME - ok

11:45:44.0203 5560 PDRELI - ok

11:45:44.0281 5560 PDRFRAME - ok

11:45:44.0359 5560 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

11:45:44.0359 5560 perc2 - ok

11:45:44.0515 5560 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

11:45:44.0515 5560 perc2hib - ok

11:45:44.0609 5560 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys

11:45:44.0625 5560 pmem - ok

11:45:44.0796 5560 PMHler (c6114ccd63db3925a0450b1089ece503) C:\WINDOWS\system32\drivers\PMHler.sys

11:45:44.0796 5560 PMHler - ok

11:45:44.0890 5560 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:45:44.0906 5560 PptpMiniport - ok

11:45:45.0062 5560 PROCDD (c9ca089787aa4ca892f2173a8e15c1b0) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS

11:45:45.0062 5560 PROCDD - ok

11:45:45.0265 5560 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

11:45:45.0265 5560 Processor - ok

11:45:45.0437 5560 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys

11:45:45.0437 5560 psadd - ok

11:45:45.0500 5560 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:45:45.0500 5560 PSched - ok

11:45:45.0656 5560 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:45:45.0656 5560 Ptilink - ok

11:45:45.0718 5560 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:45:45.0718 5560 PxHelp20 - ok

11:45:45.0890 5560 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

11:45:45.0890 5560 ql1080 - ok

11:45:45.0953 5560 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

11:45:45.0953 5560 Ql10wnt - ok

11:45:46.0125 5560 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

11:45:46.0125 5560 ql12160 - ok

11:45:46.0187 5560 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

11:45:46.0187 5560 ql1240 - ok

11:45:46.0359 5560 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

11:45:46.0359 5560 ql1280 - ok

11:45:46.0687 5560 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys

11:45:46.0703 5560 RapportCerberus_32301 - ok

11:45:46.0796 5560 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys

11:45:46.0796 5560 RapportEI - ok

11:45:46.0953 5560 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys

11:45:46.0953 5560 RapportIaso - ok

11:45:47.0156 5560 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys

11:45:47.0156 5560 RapportKELL - ok

11:45:47.0296 5560 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys

11:45:47.0296 5560 RapportPG - ok

11:45:47.0421 5560 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:45:47.0421 5560 RasAcd - ok

11:45:47.0453 5560 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:45:47.0453 5560 Rasl2tp - ok

11:45:47.0562 5560 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:45:47.0562 5560 RasPppoe - ok

11:45:47.0609 5560 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:45:47.0609 5560 Raspti - ok

11:45:47.0734 5560 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:45:47.0734 5560 Rdbss - ok

11:45:47.0765 5560 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:45:47.0781 5560 RDPCDD - ok

11:45:47.0906 5560 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:45:47.0906 5560 rdpdr - ok

11:45:47.0984 5560 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

11:45:47.0984 5560 RDPWD - ok

11:45:48.0171 5560 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:45:48.0187 5560 redbook - ok

11:45:48.0390 5560 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys

11:45:48.0390 5560 rimmptsk - ok

11:45:48.0593 5560 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys

11:45:48.0593 5560 rimsptsk - ok

11:45:48.0796 5560 rismxdp (c663af77e2f4eabf8eb08b388d2f1f36) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys

11:45:48.0796 5560 rismxdp - ok

11:45:48.0984 5560 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

11:45:48.0984 5560 ROOTMODEM - ok

11:45:49.0062 5560 s24trans (decee0d67d032b57c1f5ef649a67a967) C:\WINDOWS\system32\DRIVERS\s24trans.sys

11:45:49.0109 5560 s24trans - ok

11:45:49.0296 5560 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

11:45:49.0296 5560 sdbus - ok

11:45:49.0406 5560 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:45:49.0421 5560 Secdrv - ok

11:45:49.0500 5560 Ser2pl (de0a165d9f8ea295e62ea702ef2f8125) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

11:45:49.0500 5560 Ser2pl - ok

11:45:49.0593 5560 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

11:45:49.0609 5560 serenum - ok

11:45:49.0703 5560 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

11:45:49.0703 5560 Serial - ok

11:45:49.0968 5560 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys

11:45:49.0968 5560 sffdisk - ok

11:45:50.0015 5560 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys

11:45:50.0015 5560 sffp_sd - ok

11:45:50.0171 5560 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:45:50.0187 5560 Sfloppy - ok

11:45:50.0343 5560 Simbad - ok

11:45:50.0406 5560 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

11:45:50.0406 5560 sisagp - ok

11:45:50.0578 5560 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

11:45:50.0578 5560 SLIP - ok

11:45:51.0015 5560 SNP2UVC (537cd54295cdbcc4dcffe95e234387ae) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys

11:45:51.0250 5560 SNP2UVC - ok

11:45:51.0437 5560 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

11:45:51.0437 5560 Sparrow - ok

11:45:51.0531 5560 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:45:51.0531 5560 splitter - ok

11:45:51.0703 5560 sptd (8ea0fd60a5b047e0c734d51aace531c9) C:\WINDOWS\System32\Drivers\sptd.sys

11:45:51.0703 5560 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 8ea0fd60a5b047e0c734d51aace531c9

11:45:51.0703 5560 sptd ( LockedFile.Multi.Generic ) - warning

11:45:51.0703 5560 sptd - detected LockedFile.Multi.Generic (1)

11:45:51.0796 5560 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:45:51.0796 5560 sr - ok

11:45:51.0953 5560 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

11:45:51.0953 5560 Srv - ok

11:45:52.0078 5560 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

11:45:52.0078 5560 StillCam - ok

11:45:52.0171 5560 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

11:45:52.0171 5560 streamip - ok

11:45:52.0265 5560 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:45:52.0281 5560 swenum - ok

11:45:52.0375 5560 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:45:52.0375 5560 swmidi - ok

11:45:52.0437 5560 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

11:45:52.0437 5560 symc810 - ok

11:45:52.0562 5560 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

11:45:52.0562 5560 symc8xx - ok

11:45:52.0640 5560 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

11:45:52.0640 5560 sym_hi - ok

11:45:52.0765 5560 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

11:45:52.0765 5560 sym_u3 - ok

11:45:52.0875 5560 SynTP (ae4052fc36bd4c390cee45a38ec1199a) C:\WINDOWS\system32\DRIVERS\SynTP.sys

11:45:52.0875 5560 SynTP - ok

11:45:53.0078 5560 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:45:53.0078 5560 sysaudio - ok

11:45:53.0312 5560 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:45:53.0312 5560 Tcpip - ok

11:45:53.0500 5560 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:45:53.0500 5560 TDPIPE - ok

11:45:53.0687 5560 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:45:53.0687 5560 TDTCP - ok

11:45:53.0875 5560 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:45:53.0875 5560 TermDD - ok

11:45:53.0921 5560 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

11:45:53.0921 5560 TosIde - ok

11:45:54.0109 5560 TotRec7 (9f5eeba83c88eb747b831b6eeadc2442) C:\WINDOWS\system32\drivers\TotRec7.sys

11:45:54.0125 5560 TotRec7 - ok

11:45:54.0328 5560 TSMAPIP (f10f36e20448a5500a5f83f67ee4aad4) C:\WINDOWS\system32\drivers\TSMAPIP.SYS

11:45:54.0343 5560 TSMAPIP - ok

11:45:54.0421 5560 tvtfilter (49258a02a1e8d304ed88b0f1c56b1738) C:\WINDOWS\system32\DRIVERS\tvtfilter.sys

11:45:54.0421 5560 tvtfilter - ok

11:45:54.0640 5560 TVTI2C (8ab24d4b7da715c2c80455137910e792) C:\WINDOWS\system32\DRIVERS\Tvti2c.sys

11:45:54.0640 5560 TVTI2C - ok

11:45:54.0843 5560 TVTPktFilter (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys

11:45:54.0843 5560 TVTPktFilter - ok

11:45:54.0906 5560 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:45:54.0906 5560 Udfs - ok

11:45:55.0078 5560 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

11:45:55.0078 5560 ultra - ok

11:45:55.0187 5560 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:45:55.0187 5560 Update - ok

11:45:55.0406 5560 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

11:45:55.0406 5560 usbaudio - ok

11:45:55.0578 5560 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:45:55.0593 5560 usbccgp - ok

11:45:55.0781 5560 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:45:55.0781 5560 usbehci - ok

11:45:55.0875 5560 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:45:55.0875 5560 usbhub - ok

11:45:56.0031 5560 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:45:56.0031 5560 usbscan - ok

11:45:56.0093 5560 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\DRIVERS\usbser.sys

11:45:56.0093 5560 usbser - ok

11:45:56.0265 5560 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:45:56.0265 5560 USBSTOR - ok

11:45:56.0453 5560 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

11:45:56.0453 5560 usbuhci - ok

11:45:56.0656 5560 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

11:45:56.0656 5560 usbvideo - ok

11:45:56.0859 5560 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

11:45:56.0859 5560 usb_rndisx - ok

11:45:56.0968 5560 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:45:56.0968 5560 VgaSave - ok

11:45:57.0078 5560 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

11:45:57.0093 5560 viaagp - ok

11:45:57.0234 5560 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

11:45:57.0234 5560 ViaIde - ok

11:45:57.0390 5560 vmkbd (805fc839929789151a95b3e7655a2012) C:\WINDOWS\system32\drivers\VMkbd.sys

11:45:57.0390 5560 vmkbd - ok

11:45:57.0593 5560 VMnetAdapter (f68c99f41c3cf6e1c3c542fadd2e20cf) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys

11:45:57.0593 5560 VMnetAdapter - ok

11:45:58.0000 5560 VMnetBridge (121fbda3a14f0744a8c213d3e9f14d63) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys

11:45:58.0000 5560 VMnetBridge - ok

11:45:58.0078 5560 VMnetuserif (7c4cb8d53945d7d94514259d4b42483e) C:\WINDOWS\system32\drivers\vmnetuserif.sys

11:45:58.0078 5560 VMnetuserif - ok

11:45:58.0281 5560 vmx86 (3c273f0f027cdff4a5799520bd40b22c) C:\WINDOWS\system32\Drivers\vmx86.sys

11:45:58.0296 5560 vmx86 - ok

11:45:58.0500 5560 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:45:58.0500 5560 VolSnap - ok

11:45:58.0609 5560 vstor2 (9e4ff401725fe6a26d8fe492bf0ea2b1) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys

11:45:58.0609 5560 vstor2 - ok

11:45:58.0656 5560 vstor2-ws60 (256318cdef640ad2062754871bc96bfc) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys

11:45:58.0671 5560 vstor2-ws60 - ok

11:45:58.0781 5560 vvftav - ok

11:45:58.0937 5560 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:45:58.0937 5560 Wanarp - ok

11:45:59.0125 5560 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys

11:45:59.0125 5560 wceusbsh - ok

11:45:59.0281 5560 WDICA - ok

11:45:59.0437 5560 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:45:59.0437 5560 wdmaud - ok

11:45:59.0531 5560 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

11:45:59.0531 5560 WmiAcpi - ok

11:45:59.0593 5560 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

11:45:59.0593 5560 WSTCODEC - ok

11:45:59.0656 5560 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:45:59.0656 5560 WudfPf - ok

11:45:59.0796 5560 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:45:59.0796 5560 WudfRd - ok

11:45:59.0875 5560 ZSMC0305 - ok

11:45:59.0921 5560 MBR (0x1B8) (2ab40fd3bc9212826f45ca4f99d15f4d) \Device\Harddisk0\DR0

11:45:59.0921 5560 \Device\Harddisk0\DR0 - ok

11:45:59.0937 5560 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4

11:45:59.0953 5560 \Device\Harddisk1\DR4 - ok

11:45:59.0953 5560 Boot (0x1200) (cd07d4a45b6ff05dc018c13c35a4050d) \Device\Harddisk0\DR0\Partition0

11:45:59.0953 5560 \Device\Harddisk0\DR0\Partition0 - ok

11:45:59.0984 5560 Boot (0x1200) (5a8916ec16e60710f40bccbfa8f1d9eb) \Device\Harddisk0\DR0\Partition1

11:45:59.0984 5560 \Device\Harddisk0\DR0\Partition1 - ok

11:45:59.0984 5560 Boot (0x1200) (4f3c7dd2250b22bc7f96a9f6ff2c7f2c) \Device\Harddisk1\DR4\Partition0

11:45:59.0984 5560 \Device\Harddisk1\DR4\Partition0 - ok

11:45:59.0984 5560 ============================================================

11:45:59.0984 5560 Scan finished

11:45:59.0984 5560 ============================================================

11:46:00.0000 2880 Detected object count: 1

11:46:00.0000 2880 Actual detected object count: 1

11:46:37.0953 2880 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot

11:46:37.0953 2880 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot

11:46:37.0953 2880 C:\WINDOWS\System32\Drivers\sptd.sys - will be deleted on reboot

11:46:37.0953 2880 sptd ( LockedFile.Multi.Generic ) - User select action: Delete

11:47:37.0265 2744 Deinitialize success

[Starbuck]

Hi pilotbob

 

How's the system running?

Any problems at all?

[pilotbob]

Hi,

 

Everything seems to be fine, I've not noticed any unusual activity. Do you think it's likely to be "clean" now?.

 

Whilst I think about it, although I don't understand the info in all the scan reports produced so far it's evident that there is a lot of "garbage" left over from old uninstalled programs. I can delve into the file system and delete unnecessary foldes and files but is there a reliable registry cleaner you could recommend? I've not had a great deal of success with these in the past.

 

Regards, and thanks again for sticking with me.

 

Bob.

[Starbuck]

Hi Bob,

 

Everything seems to be fine, I've not noticed any unusual activity. Do you think it's likely to be "clean" now?.

Like i said at the beginning...

we can in no way guarantee it to be trustworthy again.

But we've removed everything that we can see.

We may have removed everything and the system may be ok, but with 'rootkits' you can never tell.

Even if there was anything still hiding, the programs we use would have severely crippled it.

 

it's evident that there is a lot of "garbage" left over from old uninstalled programs.

Anything in particular?

 

but is there a reliable registry cleaner you could recommend? I've not had a great deal of success with these in the past.

No, there isn't.

We just don't recommend any of them.

It's just too dangerous to leave the registry at the mercy of a piece of software.

 

The best registry cleaner is a bit of common sense, a bit of knowledge and OTL. :o

 

Let me know what you require removed, i'll check it out and then write a fix for you if you want.

 

thanks again for sticking with me.

It's no problem at all, glad i can help.

 

Once we've removed anything else you want removing, we can finish off the cleaning process.

[pilotbob]

The best registry cleaner is a bit of common sense, a bit of knowledge and OTL. :o

 

Let me know what you require removed, i'll check it out and then write a fix for you if you want.

 

 

Ah, that's what I thought and as I since my understanding of how the registry works is nill I think I'll leave well alone. I recall seeing references to some files from AVG, Nokia PC suite and one or two others which I no longer use so thought it would be good to get rid of them. Not overly concerned though. Probably best to go ahead with whatever the final process is and I'll see how things go for a few weeks before I trust it all.

 

Bob.

[Starbuck]

Hi Bob,

 

Don't worry about AVG, combofix took care of one entry and i removed a few more with the OTL fix:

 

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

Notify-ACNotify - ACNotify.dll

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe

 

C:\Documents and Settings\All Users\Application Data\AVG2012\Dumps folder moved successfully.

C:\Documents and Settings\All Users\Application Data\AVG2012 folder moved successfully.

Folder C:\Documents and Settings\All Users\Application Data\AVG2012\ not found.

C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.

C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.

moved, means removed.

The rest really aren't that important and won't cause any problems.

 

Step 1

Restart MBAM.

Click on the Quarantine tab

If there are items in quarantine.....

Make sure everything is selected and then click Delete All.

Close MBAM.

 

 

Step 2

Please uninstall ComboFix by

Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok

http://img.photobucket.com/albums/v708/starbuck50/new/cfu.png

 

This action will uninstall Combofix and also perform a few cleanup measures

 

 

 

Step 3

• Please double-click OTL to run it.
  
• You should see a CleanUp! button, press that button,
   
  http://img.photobucket.com/albums/v708/starbuck50/cleanupbutton.png
   
  
• This will cleanup an assortment of tools used during malware removal, plus itself

 

Note:

MBAM will not be removed

 

 

Step 3

Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

 

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
  
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  
• Then go to Start > Run and type: Cleanmgr
  
• Click "OK".
  
• Select the drive for cleaning then click OK (usually 'C' drive)
  
• Click the "More Options" Tab.
  
• Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

 

 

To find out how you may have been infected....read this topic:

How did i get infected?

 

Not all of the following information will be applicable to you, but it's still best to read it all.

 

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Use an AntiVirus Software
  
  • Avira AntiVir ... see note* ....installation guide Here
    
  • Avast free
    
  • MS Security Essentials ... see note** ...installation guide Here
    

   

  Note*:

  Avira now includes the Ask.com Toolbar unless you choose not to install it. This means it is pre-checked by default and it is recommended that you uncheck that option during installation.

   

  Note**:

  Upon installation MS Security Essentials will check that your OS is a legal copy.

   

  Only install one AntiVirus program

   

  [*]Update your AntiVirus Software regularly

   

  [*]Use a 3rd party Firewall

  • Online Armor Free
    
  • ZoneAlarm ...Important note below
    

  NOTE: If choosing Zone Alarm be aware that the free version also installs ZoneAlarm Spy Blocker. It is recommended however that you UNcheck this option.

   

  Only install one software Firewall

   

  Some 3rd party Firewalls will turn off the windows firewall when they are installed.

  It's always best to check that the Windows Firewall is turned off:

   

  How to turn off Windows Firewall:

  Start ... Control Panel ...click on 'Classic View'.

  now select Windows Firewall.

  When the Windows Firewall box opens, put a tick against .. Off (not recommended) and then click Ok

   

  [*]Scan regularly with a 'Stand Alone' Anti-Malware scanner:

  Installing another scanner that you can run once or twice a week is always beneficial.

  Something like:

  Malwarebytes Anti-Malware

  SUPERAntiSypware

  Remember to update these programs each time before running.

  You can install more than one of these if you only run them as stand alone programs.

   

  [*] Use an alternative browser:

  Some excellent alternatives to MS Internet Explorer are:

   

  Firefox

  For added security, add the NoScript extension to this browser:

  Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks

  also consider adding:

  WOT - Safe Browsing Tool

   

  Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.

  Btw: you don't have to make a contribution.

   

  Opera

   

  They offer better security, more stability, and better speed.

   

  [*]Keep a backup of your registry

  Keeping a regular backup of your registry will help when something goes wrong.

  Use a program like:

  Erunt

   

  A full tutorial on how to set up and use Erunt can be found here:

  Erunt tutorial

   

  [*]Keep your system clean of temp files etc, using a 'Cleaner':

  Cleaners are programs that will help to clean out your:

  Windows temp files

  Current user temp files

  Cookies

  Temporary Internet flies

  Browser history

  Recycle bin

  Etc.......

  In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.

  Programs like:

  TFC by OldTimer

  ATF Cleaner

   

  [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

   

  [*]Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

   

  A tutorial on installing & using this product can be found here:

  Using and installing SpywareBlaster

   

  [*]Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

 

Glad I was able to help.

 

Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif

[pilotbob]

Thanks again for an excellent service, I appreciate your help enormously and have no hesitation in recommending you. Hope you don't mind the extra workload ;-)

 

All the best,

 

Oh, and should I mark this thread "Solved" or will you?

 

Bob.

[Starbuck]

I appreciate your help enormously and have no hesitation in recommending you.

Thank you Bob, that's appreciated.

 

Hope you don't mind the extra workload

No we don't mind at all. ( gives us something to do while the wives watch tv )

 

Oh, and should I mark this thread "Solved" or will you?

All sorted and marked.