Annoying pop-ups incl. PC performer

[csnagyg]

Hi, I am having a similar problem: since a month or so I get annoying pop-ups incl. PC performer and several others when I click on the results of a Google search, i.e. these websites pop up instead of the ones that Google found for my search request. I need to click back up to 4 times before I can display the website I wanted to. I have not intentionally installed anything and do not know how it got to my machine. I have read the posted threads and tried several things incl. SpyBot, Revo uninstaller and TFC but none of them has found any files of Installbrain or PCPerformer on my computer. I am stuck and would appreciate your help, thanks... Gabor

 

PS: I use Windows XP Professional and Mozilla browser

[etavares]

Hi csnagyg:

 

My name is etavares and I will help you with this issue. Please follow the instructions here Before posting for Malware Removal help. and post the resulting logs for me to review. NOw that we are working together, please make sure you only follow my instructions or we may end up working against each other and never know it. Please reply in 3 days or less, or let me know if you have a trip or are unable to reply for a while so I don't close the thread.

 

Thanks,

-etavares

[csnagyg]

Hi Etavares, thanks for the prompt response. I have been away for 5 days and could not check the status but will do what you ask me latest tomorrow so please keep the thread active, thanks!

[csnagyg]

Hi etavares, I have run the programs and followed the instructions, here are the txt files from the two scans (they were too large to only paste their contents here), pls advise what they mean and how to proceed. Thanks... Gabor

mbam-log-2012-05-23 (17-38-22).txt

OTL.Txt

Extras.Txt

[etavares]

Hello, csnagyg.

 

 

You are definitely still infected. We'll start to remove it. Since MBAM found trojan.agent, I need to provide you this warning:

 

 

Backdoor Warning

One or more of the identified infections is a backdoor trojan.

 

 

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

 

 

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

 

 

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

 

 

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

 

 

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

 

 

 

 

Step 1

 

 

1. Download TDSSKiller.exe and save it to your desktop.
   
2. Double-click TDSSKiller.exe to run it.
   
3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
   
4. Click Start scan and allow it to scan for Malicious objects.
   
5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
   
6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
   
7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
   
8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
   for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
   
9. If no reboot is required, click on Report. A log file should appear.
   
10. Please post the contents of the logfile in your next reply
    

 

 

 

 

 

 

Step 2

 

 

 

 

 

 

Next, please download ComboFix from one of these locations:

• 
   
  
• Bleepingcomputer
   
  
• InfoSpyware
  

* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe

• 
   
  
• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
   
  
• Double click on etavaresCF.exe & follow the prompts.
   
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

 

 

 

http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

 

Click on Yes, to continue scanning for malware.

 

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

 

 

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

 

 

etavares

[csnagyg]

Hi etavares, thanks for your help. I have done what you asked me to, pls find below the two logs. However, the original problem which I came up here to this forum for still exists. To give you more insight, let me describe what happens exactly:

 

1. I enter a search term in Google search and press enter. The term I used when noticing the issue was 'munchen hostels' (but the same also happened later with other search terms)

2. From the results that came up, I randomly selected one and clicked on them, e.g. on hxxp://www.aohostels.com/de/?Seed=A&O-Hostel-Muenchen&gclid=CJ_Zpp2Im7ACFYrP3wod2Ed7XQ[/url]. Then, instead of coming to the site shown on the Google search result list I am redirected to some other English or German language sites, e.g. to hxxp://www.appround.com/pcperformer/rh/rh/st2/free/pcperformer-rh-rh-st2-free-de.php?clickid=0009065740884006923. This happens via a site called hxxp://www.rocketnews.com which first pops up in my Firefox browser before I am redirected to the final sites like PC Performer.

3. If I click on 'Back' and I get back to the Google search result list, then click again on the same link the same redirection happens but I get to another site, e.g. to hxxp://www.zoolagames.com/index-rh.php?clickid=0009065740883909476. This may happen up to 5 times, always with different sites and then finally I get to the desired site i.e. hxxp://www.aohostels.com/de/?Seed=A&O-Hostel-Muenchen&gclid=CJ_Zpp2Im7ACFYrP3wod2Ed7XQ. These others are e.g. hxxp://intermanews.com/pages/home/?ppcid=10216&all_3_6&keyword=munchen+hostels or hxxp://www.fresh-weather.com/at/results.php?PHPSESSID=tv5ag17ohul35jgu2sem6bgtv1&q=munchen+hostels&imageField.x=15&imageField.y=3

4. If I do this again in the same browser window, the redirections do not happen again. However, in a new window they would randomly reoccur or not - I could not find any logic to when they do and when not.

5. As I said, the site I see for a few sec is hxxp://www.rocketnews.com. I believe that a few weeks ago this used to be installbrain.com, I also saw a message in the bottom left corner of my screen saying 'transferring data from hxxp://www.installbrain.com'

 

Please advise what all this can be and what can I do to get rid of this annoying issue. Also, after the infections identified by MBAM I am not sure now what to think - I did some search and found e.g. this opinion: hxxp://www.2-spyware.com/remove-trojan-agent.html and honestly do not know what to believe any more.

 

I can read your answer till this evening or from Wednesday onwards. I appreciate your help on this, regards, Gabor

ComboFix.txt

TDSSKiller.2.7.37.0_25.05.2012_08.46.40_log.txt

Edited May 26, 2012 by etavares

[etavares]

Hello, csnagyg.

 

 

In regards to trojan.agent, MBAM is a legitimate antivirus. Trojan.agent is a legitimate detection. There are rogue 'antivirus' programs who look like antivirus programs nad report false positive to trick you into paying money and giving up your credit card details, but MBAM is not one of those. Regardless, you had a Bamital infection in the combofix log that was fixed...that is a definite backdoor trojan anyway so the warning still applies.

 

 

 

 

 

 

 

 

 

 

Step 1

 

 

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

 

 

1. Close any open browsers.

 

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

 

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

 

 

Driver::
vjgkp
File::
C:\WINDOWS\system32\drivers\sdrb.sys
C:\WINDOWS\System32\slbrccspk.dll
c:\documents and settings\Cse\Start Menu\Programs\Indítópult\Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\XPAZALL.job
AtJob::
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
RegNull::
[HKEY_USERS\S-1-5-21-2601519475-432958476-330210462-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{99BB75B0-441D-8BCF-A589-44DABFE54989}*]

 

 

Save this as CFScript.txt, in the same location as ComboFix.exe

 

 

 

 

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

 

 

Refering to the picture above, drag CFScript into ComboFix.exe

 

 

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

 

 

 

 

 

 

Step 2

 

 

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

 

 

How to see hidden files in Windows

 

 

Please click this link-->Jotti

 

 

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

 

 

c:\program files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe

 

 

Please post back the results of the scan in your next post.

 

 

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

 

 

etavares

[csnagyg]

Hi etavares,

 

thanks for the detailed response. I do not quite understand tw of your points, can you pls explain a bit more on the following

 

1. AVG as it is not installed on my machine - why do you refer to it? I have Symantec and I disabled it while running CF.

 

2. What is Bamital and from which log file do you see that I had it on my machine?

 

Sorry but I also want to learn about this and would like to understand why we do what we do... thanks in advance. As i said I will only be at my infected PC on Wednesday but hope we can clarify this before that.

 

Regards, Gabor

[csnagyg]

Hi etavares, I am back to the PC in question. In addition to the above I now noticed that the Stand-by and the Hibernate functions do not work at all on it since I ran the programs you asked me to, can you pls advise why and how can they be re-activated? Please also answer my two questions above (especially #1) so I can continue with providing what you need from me, thanks. Gabor

[etavares]

HI csnagyg,

 

SOrry, I missed your initial post. The AVG is a part I meant to delete, but didn't. I have it there for folks that have AVG installed. Please ignore that.

Bamital is a backdoor trojan that replaces some critical windows files with a patched version. Userinit.exe was infected and replaced with a good version in one of our scans. That patch is a typical signature of the Bamital family.

 

I've made a note re: standby and hibernate. Once we fix what is broken, we can try to repair it. Exactly how are they broken? E.g. You click it and nothing happens? Or you click it and get an error message? Or something else?

 

Thanks,

-etavares

[csnagyg]

Hi etavares, OK, understood, thanks. I skipped the AVG part and have now done Step 2 with Jotti, the result was 'Found nothing' in all 20 scans made, pls see below:

 

[h=3]Jotti's malware scan[/h] [TABLE=class: top left]

[TR]

[TD=width: 100] Filename:

[/TD]

[TD=width: *] HPCustPartic.exe [/TD]

[/TR]

[TR]

[TD] Status: [/TD]

[TD] Scan finished. 0 out of 20 scanners reported malware.

[/TD]

[/TR]

[TR]

[TD]Scan taken on:

[/TD]

[TD]Wed 30 May 2012 17:08:58 (CET) Permalink[/TD]

[/TR]

[/TABLE]

 

Please advise what's next. BTW I have searched for 'Rocketnews redirect' and found a case where the issue of the user was fixed after doing similar steps with several malware programs (I found it here: http://www.bleepingcomputer.com/forums/topic453793.html) so I am hopeful we find a solution to mine also - I will wait for your advice on how to proceed and will not do anything that I find elsewhere.

 

Also, I spent some hours last night searching for resolution of the standby problem and after I made some slight changes e.g. in my power manager options it now seems to be working fine again. I will be monitoring it nevertheless and come back to you if the issue should re-occur.

 

regards

 

Gabor

[csnagyg]

Hi etavares, OK, understood, thanks. I skipped the AVG part and have now done Step 2 with Jotti, the result was 'Found nothing' in all 20 scans made, pls see below:

Jotti's malware scan

[TABLE=width: 0]

[TR]

[TD]Filename:

[/TD]

[TD]HPCustPartic.exe

[/TD]

[/TR]

[TR]

[TD]Status:

[/TD]

[TD]Scan finished. 0 out of 20 scanners reported malware.

[/TD]

[/TR]

[TR]

[TD]Scan taken on:

[/TD]

[TD]Wed 30 May 2012 17:08:58 (CET) Permalink

[/TD]

[/TR]

[/TABLE]

 

Please advise what's next. BTW I have searched for 'Rocketnews redirect' and found a case where the issue of the user was fixed after doing similar steps with several malware programs (I found it here: http://www.bleepingcomputer.com/forums/topic453793.html) so I am hopeful we find a solution to mine also - I will wait for your advice on how to proceed and will not do anything that I find elsewhere.

 

Also, I spent some hours last night searching for resolution of the standby problem and after I made some slight changes e.g. in my power manager options it now seems to be working fine again. I will be monitoring it nevertheless and come back to you if the issue should re-occur.

 

regards

 

Gabor

[csnagyg]

Hi etavares, I posted a reply 2 or 3 days ago and got the message that it would be displayed after it is reviewed by a moderator. I had not received this message before, and more importantly my reply is still not displayed - I will try to post this now and see if it goes through like the other ones had done before.

[csnagyg]

OK, now that it apparently is OK I am re-attaching my real reply:

 

Hi etavares, OK, understood, thanks. I skipped the AVG part and have now done Step 2 with Jotti, the result was 'Found nothing' in all 20 scans made, pls see below:

Jotti's malware scan

[TABLE=width: 0]

[TR]

[TD]Filename:

[/TD]

[TD]HPCustPartic.exe

[/TD]

[/TR]

[TR]

[TD]Status:

[/TD]

[TD]Scan finished. 0 out of 20 scanners reported malware.

[/TD]

[/TR]

[TR]

[TD]Scan taken on:

[/TD]

[TD]Wed 30 May 2012 17:08:58 (CET) Permalink

[/TD]

[/TR]

[/TABLE]

 

Please advise what's next. BTW I have searched for 'Rocketnews redirect' and found a case where the issue of the user was fixed after doing similar steps with several malware programs (I found it here: http://www.bleepingcomputer.com/forums/topic453793.html) so I am hopeful we find a solution to mine also - I will wait for your advice on how to proceed and will not do anything that I find elsewhere.

 

Also, I spent some hours last night searching for resolution of the standby problem and after I made some slight changes e.g. in my power manager options it now seems to be working fine again. I will be monitoring it nevertheless and come back to you if the issue should re-occur.

 

regards

 

Gabor

[csnagyg]

Well, the same thing happened, I hope a moderator will review and allow it to be posted soon.

[csnagyg]

Hi etavares, OK, understood, thanks. I skipped the AVG part and have now done Step 2 with Jotti, the result was 'Found nothing' in all 20 scans made, pls see below:

Jotti's malware scan

[TABLE=width: 0]

[TR]

[TD]Filename:

[/TD]

[TD]HPCustPartic.exe

[/TD]

[/TR]

[TR]

[TD]Status:

[/TD]

[TD]Scan finished. 0 out of 20 scanners reported malware.

[/TD]

[/TR]

[TR]

[TD]Scan taken on:

[/TD]

[TD]Wed 30 May 2012 17:08:58 (CET) Permalink

[/TD]

[/TR]

[/TABLE]

 

Please advise what's next. BTW I have searched for 'Rocketnews redirect' and found a case where the issue of the user was fixed after doing similar steps with several malware programs (I found it here: http://www.bleepingcomputer.com/forums/topic453793.html) so I am hopeful we find a solution to mine also - I will wait for your advice on how to proceed and will not do anything that I find elsewhere.

 

Also, I spent some hours last night searching for resolution of the standby problem and after I made some slight changes e.g. in my power manager options it now seems to be working fine again. I will be monitoring it nevertheless and come back to you if the issue should re-occur.

 

regards

 

Gabor

[etavares]

Hi csnagyg-

 

Please do run Step 1 in this post. It is very important to run that as you are infected and this will start to clear it. It does not appear that you have ran that yet.

 

-etavares

[csnagyg]

Hi etavares,

 

I thought when you said skip step 1 you meant all, not only the AVG piece of it, sorry for misunderstanding you. I have now run it, here is the log file below. In addition, I wanted to let you know that my Symantec Antivirus discovered a certain Backdoor.Graybird in a total of 13 counts in the last 3 days on my PC, last time (today) it found it under C:/System Volume Information/_restore... and it was in file A004581.scr. It was found and deleted by Symantec before I ran Combofix so I am not sure if it will show up in the Combofix results.

 

Regards, Gabor

 

ComboFix 12-06-03.05 - Cse 012.06.04. 14:28:14.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3054.1746 [GMT 2:00]

Running from: c:\documents and settings\Cse\Asztal\etavaresCF.exe

Command switches used :: c:\documents and settings\Cse\Asztal\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

.

FILE ::

"c:\documents and settings\Cse\Start Menu\Programs\Indítópult\Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk"

"c:\windows\system32\drivers\sdrb.sys"

"c:\windows\System32\slbrccspk.dll"

"c:\windows\Tasks\At1.job"

"c:\windows\Tasks\At2.job"

"c:\windows\Tasks\At3.job"

"c:\windows\Tasks\At4.job"

"c:\windows\Tasks\XPAZALL.job"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Cse\LOCALS~1\Temp\IadHide4.dll

c:\documents and settings\Cse\Local Settings\Temp\IadHide4.dll

c:\windows\System32\slbrccspk.dll

c:\windows\Tasks\At1.job

c:\windows\Tasks\At2.job

c:\windows\Tasks\At3.job

c:\windows\Tasks\At4.job

c:\windows\Tasks\XPAZALL.job

.

.

((((((((((((((((((((((((( Files Created from 2012-05-04 to 2012-06-04 )))))))))))))))))))))))))))))))

.

.

2012-06-01 17:33 . 2012-06-01 17:33 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe

2012-05-25 07:41 . 2012-05-25 08:26 -------- d-----w- C:\etavaresCF

2012-05-23 15:35 . 2012-05-23 15:35 -------- d-----w- c:\documents and settings\Cse\Application Data\Malwarebytes

2012-05-23 15:35 . 2012-05-23 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-23 15:35 . 2012-05-23 15:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-23 15:35 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-15 14:18 . 2012-05-15 14:35 -------- d-----w- c:\documents and settings\Cse\Application Data\FreeFixer

2012-05-15 14:18 . 2012-05-15 14:18 -------- d-----w- c:\documents and settings\Cse\Local Settings\Application Data\FreeFixer

2012-05-15 14:18 . 2012-05-15 14:18 -------- d-----w- c:\program files\FreeFixer

2012-05-15 14:17 . 2012-05-15 14:17 2130622 ----a-w- c:\program files\freefixersetup.exe

2012-05-14 18:45 . 2012-05-14 18:49 3895848 ----a-w- c:\program files\HPPSdr.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 08:03 . 2012-04-03 09:48 419488 ------w- c:\windows\system32\FlashPlayerApp.exe

2012-05-06 08:03 . 2011-07-25 23:02 70304 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-06 08:03 . 2012-04-14 06:03 4140192 ------w- c:\windows\system32\FlashPlayerInstaller.exe

2012-05-04 07:40 . 2012-05-04 07:38 16409960 ------w- c:\program files\spybotsd162.exe

2012-05-03 21:53 . 2012-05-03 21:53 446464 ------w- c:\program files\TFC.exe

2012-04-18 21:30 . 2012-04-18 21:30 739856 ------w- c:\program files\ChromeSetup.exe

2012-04-17 09:22 . 2009-10-11 20:14 89680 ------w- c:\documents and settings\Cse\MSSSerif120.fon

2012-04-17 09:22 . 2009-10-11 20:14 64544 ------w- c:\documents and settings\Cse\MSSSerif96.fon

2012-04-17 09:11 . 2012-04-17 09:11 2915520 ------w- c:\program files\HPHNDU.exe

2012-04-11 13:55 . 2009-09-28 15:27 2028032 ------w- c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:55 . 2009-09-28 15:27 1862272 ------w- c:\windows\system32\win32k.sys

2012-04-11 13:55 . 2009-09-28 15:27 2149888 ------w- c:\windows\system32\ntoskrnl.exe

2012-03-30 11:24 . 2012-03-30 11:23 22259528 ------w- c:\program files\vlc-2.0.1-win32.exe

2012-03-22 19:12 . 2012-03-22 19:12 4435968 ------w- c:\windows\system32\GPhotos.scr

2011-12-08 08:04 . 2011-12-08 08:04 5313141 ------w- c:\program files\install.exe

2011-11-28 22:31 . 2011-11-28 22:31 1107022 ------w- c:\program files\SubtitleWorkshop251.exe

2012-05-02 09:00 . 2012-01-24 16:48 97208 ------w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-25_08.15.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-04 12:47 . 2012-06-04 12:47 16384 c:\windows\Temp\Perflib_Perfdata_a40.dat

+ 2012-05-29 23:14 . 2012-05-29 23:14 16384 c:\windows\Temp\Perflib_Perfdata_9b8.dat

+ 2012-06-04 12:46 . 2012-06-04 12:46 16384 c:\windows\Temp\Perflib_Perfdata_824.dat

+ 2012-06-04 12:46 . 2012-06-04 12:46 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat

+ 2012-06-01 17:34 . 2012-06-01 17:34 836096 c:\windows\Installer\e3d7f82.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-10-17 20480]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-10-08 196608]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-28 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Akamai NetSession Interface"="c:\documents and settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]

"SanDiskSecureAccess_Manager.exe"="c:\documents and settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-10 204288]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]

"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2010-04-22 128296]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-22 1725736]

"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2009-12-16 513384]

"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2009-12-16 208896]

"TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-08-03 62240]

"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]

"TpShocks"="TpShocks.exe" [2009-12-11 337256]

"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2008-10-08 256576]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]

"nwiz"="nwiz.exe" [2009-01-14 1630208]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688]

"AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]

"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288]

"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]

"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]

"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752]

"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088]

"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]

"TrayServer"="c:\program files\MAGIX\Movies_on_DVD_7_TerraTec_Edition\TrayServer.exe" [2008-04-09 90112]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-29 273528]

"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]

"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]

"lxbymon.exe"="c:\program files\Lexmark P910 Series\lxbymon.exe" [2005-01-18 196608]

"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 299008]

"EzPrint"="c:\program files\Lexmark P910 Series\ezprint.exe" [2004-09-17 61440]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\Cse\Start Menu\Programs\Indítópult\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk - c:\windows\system32\RunDll32.exe [2009-9-28 33280]

.

c:\documents and settings\All Users\Start Menu\Programs\Indítópult\

Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-8-14 607584]

Camera Monitor HD.lnk - c:\program files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-3-29 541976]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-10-12 50688]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-10-17 450560]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-03-14 20:17 89600 ------w- c:\windows\system32\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]

2006-09-06 07:37 34344 ------w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli psqlpwd

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\aon\\aonInstaller\\Installer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\aon\\aonController\\aonController.exe"=

"c:\\Documents and Settings\\Cse\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Rendszerfelügyeleti webszolgáltatások

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010.03.08. 18:06 24304]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009.10.09. 13:10 20520]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011.10.16. 10:06 232512]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2009.09.28. 17:27 14336]

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011.10.21. 16:23 196176]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011.10.13. 18:21 249648]

R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010.03.08. 18:06 132456]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012.05.23. 17:35 654408]

R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011.09.15. 13:06 88576]

R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009.10.12. 23:19 53248]

R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007.03.14. 22:10 11152]

R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2007.03.30. 10:39 62320]

R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007.07.12. 2:38 569344]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012.06.01. 20:04 106656]

R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007.06.08. 7:36 81280]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012.05.23. 17:35 22344]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006.09.13. 12:42 30336]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010.03.18. 13:16 753504]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010.03.18. 13:16 130384]

S2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010.01.31. 10:41 135664]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2009.07.03. 18:47 45424]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012.02.29. 8:50 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012.04.03. 11:48 257696]

S3 EraserUtilDrv11210;EraserUtilDrv11210;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2010.03.08. 16:41 1527900]

S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010.01.31. 10:41 135664]

S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011.05.31. 1:03 24576]

S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010.06.22. 18:01 21248]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012.05.02. 11:00 129976]

S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2010.03.02. 23:51 18816]

S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2007.03.14. 19:48 116416]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2009.09.28. 17:27 14336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2009-09-28 c:\windows\Tasks\1. regisztrálási emlékeztetõ.job

- c:\windows\system32\OOBE\oobebaln.exe [2009-09-28 16:02]

.

2009-10-08 c:\windows\Tasks\2. regisztrálási emlékeztetõ.job

- c:\windows\system32\OOBE\oobebaln.exe [2009-09-28 16:02]

.

2009-10-13 c:\windows\Tasks\3. regisztrálási emlékeztetõ.job

- c:\windows\system32\OOBE\oobebaln.exe [2009-09-28 16:02]

.

2012-06-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 08:04]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:41]

.

2012-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:41]

.

2012-06-04 c:\windows\Tasks\HP Photo Creations Messager.job

- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]

.

2012-06-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

2012-06-04 c:\windows\Tasks\PMTask.job

- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-28 00:12]

.

2012-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2601519475-432958476-330210462-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]

.

2012-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2601519475-432958476-330210462-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 11:40]

.

2012-06-04 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

uInternet Settings,ProxyOverride = localhost;127.0.0.1:9421;<local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 10.0.0.138

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB

DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab

FF - ProfilePath - c:\documents and settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.index.hu/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

FF - user.js: extentions.y2layers.installId - 1f043563-823e-49f3-916d-3c3f2a322d44

FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-04 14:49

Windows 5.1.2600 Szervizcsomag 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1756)

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infra.dll

c:\program files\ThinkVantage Fingerprint Software\homepass.dll

c:\program files\ThinkVantage Fingerprint Software\bio.dll

c:\program files\ThinkVantage Fingerprint Software\ps2css.dll

c:\program files\ThinkVantage Fingerprint Software\remote.dll

c:\program files\ThinkVantage Fingerprint Software\pscssint.dll

c:\program files\ThinkVantage Fingerprint Software\basegui.dll

c:\program files\ThinkVantage Fingerprint Software\crypto.dll

c:\program files\ThinkVantage Fingerprint Software\biokmd.dll

c:\program files\ThinkVantage Fingerprint Software\tpmkey.dll

c:\program files\ThinkVantage Fingerprint Software\ibmcore.dll

.

- - - - - - - > 'lsass.exe'(1816)

c:\windows\system32\psqlpwd.dll

c:\program files\ThinkVantage Fingerprint Software\homefus2.dll

c:\program files\ThinkVantage Fingerprint Software\infra.dll

.

- - - - - - - > 'explorer.exe'(6768)

c:\windows\system32\WININET.dll

c:\docume~1\Cse\LOCALS~1\Temp\IadHide4.dll

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSHU.DLL

c:\windows\system32\btmmhook.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ibmpmsvc.exe

c:\program files\Intel\WiFi\bin\S24EvMon.exe

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\ccProxy.exe

c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe

c:\program files\Common Files\Symantec Shared\SNDSrvc.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\IPSSVC.EXE

c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

c:\windows\system32\crypserv.exe

c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe

c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe

c:\program files\Intel\WiFi\bin\EvtEng.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe

c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe

c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

c:\windows\system32\TpKmpSVC.exe

c:\program files\Lenovo\Client Security Solution\tvttcsd.exe

c:\program files\Lenovo\Rescue and Recovery\rrservice.exe

c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe

c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Common Files\Lenovo\Logger\logmon.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\program files\lenovo\system update\suservice.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe

c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\TpShocks.exe

c:\program files\Lenovo\HOTKEY\TPONSCR.exe

c:\program files\Lenovo\Zoom\TpScrex.exe

c:\program files\Logitech\Video\FxSvr2.exe

c:\windows\system32\lxbycoms.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe

c:\windows\system32\SearchProtocolHost.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe

c:\windows\system32\SearchFilterHost.exe

.

**************************************************************************

.

Completion time: 2012-06-04 14:59:17 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-04 12:59

ComboFix2.txt 2012-05-25 08:26

.

Pre-Run: 14 922 244 096 bájt szabad

Post-Run: 14 959 042 560 bájt szabad

.

- - End Of File - - 8B2A7BDE66544A1FA28B075DFFAE799D

[etavares]

OK, at this point, please do two things.

 

1. Are you still redirected/have pop ups?

2. Please run OTL again and click Quick Scan and post the resulting log.

[csnagyg]

Hi,

 

1. I tested some 15 different links and apparently the redirection stopped.

2. The OTL report is below.

 

Please advise if there is anything else left to do, thanks.

 

OTL logfile created on: 2012.06.05. 9:35:30 - Run 2

OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Cse\Asztal

Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

 

2,98 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 26,91% Memory free

4,30 Gb Paging File | 2,25 Gb Available in Paging File | 52,22% Paging File free

Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228,67 Gb Total Space | 14,37 Gb Free Space | 6,29% Space Free | Partition Type: NTFS

 

Computer Name: JGRUBITS | User Name: Cse | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Cse\Asztal\OTL.scr (OldTimer Tools)

PRC - C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)

PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

PRC - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()

PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)

PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)

PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)

PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)

PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

PRC - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)

PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)

PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()

PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)

PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\Program Files\Lexmark P910 Series\lxbymon.exE (Lexmark International, Inc.)

PRC - C:\WINDOWS\system32\lxbycoms.exe (Lexmark International, Inc.)

PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)

PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

PRC - C:\Program Files\Lexmark P910 Series\ezprint.exe ()

PRC - C:\Program Files\Scriptum\GIB31\GIB30_32.exe (Scriptum Kiadó Rt.)

 

 

========== Modules (No Company Name) ==========

 

MOD - c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\6c7f57211a988e2f261dff251805e90e\System.WorkflowServices.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dc86fe1c7a6e3a7ce9e9c1f13d9b1e8e\System.ServiceModel.Routing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ec057796972ce41b751eaa3a8306fbcb\System.ServiceModel.Discovery.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\d09c237ee72af3935f1a01388ef8e315\System.ServiceModel.Channels.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\5055b60e339143bbace5871f5fe4b114\System.ServiceModel.Activities.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\bd28f26b18b8ffeee1a0fbaa98f5810e\System.IdentityModel.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\cfece6f67593b4d8bb58d23b7fdcc470\System.ServiceModel.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f42c2acdb000001066c78acfc6cd8655\System.ServiceModel.Web.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\79ac99fe5274fb82ffcff2c15f71854c\System.Runtime.DurableInstancing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\8a9fac9cb825b5d2db0bdb867fff940e\System.Runtime.Serialization.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb97517e4ca64e02282fca24612ce8ad\SMDiagnostics.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\0856245176949b6c5f69ce0db6c6a19e\UIAutomationProvider.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\246c2e1ace46674db95e253d99f0067e\PresentationFramework.Luna.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e4abab56b79465c688b18faafec4372a\PresentationCore.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\7a6f33c72bd7bba0fef9ac1bb22277eb\WindowsBase.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\141f0a8fbfb83604fa3dd43dbe8fa0f4\PresentationFramework.Luna.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

MOD - C:\Program Files\Mozilla Thunderbird\mozjs.dll ()

MOD - C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll ()

MOD - C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll ()

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll ()

MOD - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()

MOD - C:\Documents and Settings\Cse\Application Data\SanDisk\My Vaults\dmBackup.dll ()

MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL ()

MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_hu_b77a5c561934e089\System.resources.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_hu_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_hu_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\WINDOWS\system32\btwicons.dll ()

MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\WINDOWS\system32\nview.dll ()

MOD - C:\WINDOWS\system32\nvshell.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()

MOD - C:\WINDOWS\system32\msdmo.dll ()

MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

MOD - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()

MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()

MOD - C:\Program Files\Common Files\Lenovo\CDRecord.dll ()

MOD - C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll ()

MOD - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()

MOD - C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll ()

MOD - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()

MOD - C:\WINDOWS\system32\LXPRMON.DLL ()

MOD - C:\Program Files\Lexmark P910 Series\ezprint.exe ()

MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbyPP5C.DLL ()

MOD - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll ()

MOD - C:\Program Files\Scriptum\GIB31\SDBENW32.DLL ()

MOD - C:\Program Files\Scriptum\GIB31\jpeglib.dll ()

MOD - C:\Program Files\Scriptum\GIB31\GLMHUN32.DLL ()

MOD - C:\Program Files\Scriptum\GIB31\GLMDEU32.DLL ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()

SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)

SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)

SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)

SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)

SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

SRV - (SavRoam) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (SymSecurePort) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)

SRV - (ISSVC) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()

SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)

SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (lxby_device) -- C:\WINDOWS\system32\lxbycoms.exe (Lexmark International, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (WDICA) -- File not found

DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found

DRV - (PDRFRAME) -- File not found

DRV - (PDRELI) -- File not found

DRV - (PDFRAME) -- File not found

DRV - (PDCOMP) -- File not found

DRV - (PCIDump) -- File not found

DRV - (mbr) -- C:\DOCUME~1\Cse\LOCALS~1\Temp\mbr.sys File not found

DRV - (lbrtfdc) -- File not found

DRV - (EraserUtilDrv11210) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys File not found

DRV - (Changer) -- File not found

DRV - (catchme) -- C:\etavaresCF19709e\catchme.sys File not found

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120601.005\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120601.005\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20120531.001\SymIDSCo.sys (Symantec Corporation)

DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)

DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)

DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()

DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()

DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)

DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)

DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)

DRV - (IntelIde) -- C:\WINDOWS\system32\drivers\intelide.sys (Microsoft Corporation)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (i2omp) -- C:\WINDOWS\system32\drivers\i2omp.sys (Microsoft Corporation)

DRV - (ViaIde) -- C:\WINDOWS\system32\drivers\viaide.sys (Microsoft Corporation)

DRV - (viaagp) -- C:\WINDOWS\system32\drivers\viaagp.sys (Microsoft Corporation)

DRV - (agpCPQ) -- C:\WINDOWS\system32\drivers\agpcpq.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (alim1541) -- C:\WINDOWS\system32\drivers\alim1541.sys (Microsoft Corporation)

DRV - (agp440) -- C:\WINDOWS\system32\drivers\agp440.sys (Microsoft Corporation)

DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)

DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys ()

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (LenovoRd) -- C:\WINDOWS\system32\drivers\LenovoRd.sys (Lenovo)

DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)

DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)

DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)

DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\symids.sys (Symantec Corporation)

DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\symndis.sys (Symantec Corporation)

DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\symfw.sys (Symantec Corporation)

DRV - (SYMDNS) -- C:\WINDOWS\system32\drivers\symdns.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)

DRV - (SAVRT) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)

DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)

DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)

DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)

DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation)

DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (TosIde) -- C:\WINDOWS\system32\drivers\toside.sys (Microsoft Corporation)

DRV - (hpn) -- C:\WINDOWS\system32\drivers\hpn.sys (Microsoft Corporation)

DRV - (dpti2o) -- C:\WINDOWS\system32\drivers\dpti2o.sys (Microsoft Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (perc2hib) -- C:\WINDOWS\system32\drivers\perc2hib.sys (Microsoft Corporation)

DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (perc2) -- C:\WINDOWS\system32\drivers\perc2.sys (Microsoft Corporation)

DRV - (aic78xx) -- C:\WINDOWS\system32\drivers\aic78xx.sys (Microsoft Corporation)

DRV - (aic78u2) -- C:\WINDOWS\system32\drivers\aic78u2.sys (Microsoft Corporation)

DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)

DRV - (adpu160m) -- C:\WINDOWS\system32\drivers\adpu160m.sys (Microsoft Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)

DRV - (ql1240) -- C:\WINDOWS\system32\drivers\ql1240.sys (Microsoft Corporation)

DRV - (Ql10wnt) -- C:\WINDOWS\system32\drivers\ql10wnt.sys (Microsoft Corporation)

DRV - (dac960nt) -- C:\WINDOWS\system32\drivers\dac960nt.sys (Microsoft Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)

DRV - (ini910u) -- C:\WINDOWS\system32\drivers\ini910u.sys (Microsoft Corporation)

DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)

DRV - (cbidf) -- C:\WINDOWS\system32\drivers\cbidf2k.sys (Microsoft Corporation)

DRV - (Cpqarray) -- C:\WINDOWS\system32\drivers\cpqarray.sys (Microsoft Corporation)

DRV - (cd20xrnt) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys (Microsoft Corporation)

DRV - (asc3350p) -- C:\WINDOWS\system32\drivers\asc3350p.sys (Microsoft Corporation)

DRV - (amsint) -- C:\WINDOWS\system32\drivers\amsint.sys (Microsoft Corporation)

DRV - (Aha154x) -- C:\WINDOWS\system32\drivers\aha154x.sys (Microsoft Corporation)

DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)

DRV - (abp480n5) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS (Microsoft Corporation)

DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.sys (Adaptec)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=WLEM&ocid=bb7hp

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_deAT347

IE - HKCU\..\SearchScopes\{7ABE1B73-0763-423E-B91D-814AB935EF1C}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\..\SearchScopes\{FC9CF8B4-59E2-442E-8A8E-B988ADAC399E}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1:9421;<local>

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.index.hu/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.05.30 23:26:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.29 23:34:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 11:00:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 19:34:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.29 23:34:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions

[2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.05.03 09:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions

[2011.05.30 23:21:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.20 14:14:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2012.05.03 09:34:30 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\plugin@yontoo.com

[2012.01.14 23:59:28 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\searchplugins\bing.xml

[2012.02.18 18:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.03.25 19:39:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.05.02 11:00:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.02.18 13:57:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.11 22:28:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.01.19 20:50:37 | 000,002,032 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012.02.11 22:28:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

 

O1 HOSTS File: ([2012.06.04 14:48:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.

O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark P910 Series\ezprint.exe ()

O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()

O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [lxbymon.exe] C:\Program Files\Lexmark P910 Series\lxbymon.exe (Lexmark International, Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movies_on_DVD_7_TerraTec_Edition\Trayserver.exe (MAGIX AG)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)

O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)

O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - HKCU..\Run: [sanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Camera Monitor HD.lnk = C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254155909672 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254156007953 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553541500} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{077AE974-B150-457B-8948-189158AA3A90}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.03.13 10:50:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.05 09:34:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr

[2012.06.04 22:02:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012.06.04 15:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2012.06.04 14:25:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.06.04 14:25:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.06.04 14:25:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.06.04 14:25:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.06.04 14:25:14 | 000,000,000 | ---D | C] -- C:\etavaresCF19709e

[2012.06.04 14:23:24 | 004,536,354 | R--- | C] (Swearware) -- C:\Documents and Settings\Cse\Asztal\etavaresCF.exe

[2012.06.04 11:20:19 | 000,000,000 | ---D | C] -- C:\etavaresCF15047e

[2012.06.01 19:33:53 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe

[2012.05.25 09:48:15 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012.05.25 09:41:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012.05.25 09:41:46 | 000,000,000 | ---D | C] -- C:\etavaresCF

[2012.05.25 09:41:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.05.25 08:46:27 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cse\Asztal\tdsskiller.exe

[2012.05.23 17:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\Malwarebytes

[2012.05.23 17:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.23 17:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012.05.23 17:35:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.05.23 17:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.23 17:33:42 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cse\Asztal\mbam-setup-1.61.0.1400.exe

[2012.05.15 16:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\Revo Uninstaller

[2012.05.15 16:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\FreeFixer

[2012.05.15 16:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Local Settings\Application Data\FreeFixer

[2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer

[2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\FreeFixer

[2012.05.15 16:17:25 | 002,130,622 | ---- | C] (Kephyr) -- C:\Program Files\freefixersetup.exe

[2012.05.13 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HTC Sync

[2012.05.04 09:38:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe

[2012.05.03 23:53:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe

[2012.04.18 23:30:36 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012.06.05 09:34:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr

[2012.06.05 09:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.06.05 09:01:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job

[2012.06.05 08:57:02 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.05 08:48:04 | 000,052,301 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2012.06.05 08:47:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.06.04 22:55:58 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2012.06.04 21:26:42 | 000,000,207 | ---- | M] () -- C:\WINDOWS\GIB30_32.INI

[2012.06.04 20:35:20 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2601519475-432958476-330210462-1006.job

[2012.06.04 20:35:19 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2601519475-432958476-330210462-1006.job

[2012.06.04 15:57:00 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.04 14:53:02 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\Cse\Start Menu\Programs\Indítópult\Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk

[2012.06.04 14:49:46 | 000,182,428 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.06.04 14:48:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.06.04 14:48:08 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.06.04 14:47:37 | 000,025,456 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2012.06.04 14:46:41 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2012.06.04 14:46:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.06.04 14:46:04 | 3202,658,304 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.04 14:42:59 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat

[2012.06.04 14:42:11 | 000,002,324 | ---- | M] () -- C:\WINDOWS\gib00001.hst

[2012.06.04 14:23:40 | 004,536,354 | R--- | M] (Swearware) -- C:\Documents and Settings\Cse\Asztal\etavaresCF.exe

[2012.06.04 12:00:12 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2012.06.04 08:02:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2012.06.02 14:41:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.05.31 14:37:45 | 000,000,152 | ---- | M] () -- C:\WINDOWS\gib00002.hst

[2012.05.30 20:50:28 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[2012.05.30 17:44:41 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk

[2012.05.25 09:48:21 | 000,000,364 | RHS- | M] () -- C:\boot.ini

[2012.05.25 08:59:33 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Google Chrome.lnk

[2012.05.25 08:46:27 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Cse\Asztal\tdsskiller.exe

[2012.05.23 17:35:04 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes Anti-Malware.lnk

[2012.05.23 17:33:52 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Cse\Asztal\mbam-setup-1.61.0.1400.exe

[2012.05.22 09:11:06 | 000,000,248 | ---- | M] () -- C:\Boot.bak

[2012.05.21 10:39:15 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

[2012.05.15 16:47:17 | 000,000,924 | ---- | M] () -- C:\Documents and Settings\Cse\Asztal\Revo Uninstaller.lnk

[2012.05.15 16:17:46 | 002,130,622 | ---- | M] (Kephyr) -- C:\Program Files\freefixersetup.exe

[2012.05.14 20:49:45 | 003,895,848 | ---- | M] () -- C:\Program Files\HPPSdr.exe

[2012.05.13 20:12:59 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk

[2012.05.13 20:12:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk

[2012.05.13 10:13:01 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.05.11 22:24:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.05.11 22:20:22 | 000,533,726 | ---- | M] () -- C:\WINDOWS\System32\perfh00E.dat

[2012.05.11 22:20:22 | 000,503,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.05.11 22:20:22 | 000,134,398 | ---- | M] () -- C:\WINDOWS\System32\perfc00E.dat

[2012.05.11 22:20:22 | 000,088,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.05.08 17:18:02 | 000,190,464 | ---- | M] () -- C:\Documents and Settings\Cse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012.06.04 14:25:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.06.04 14:25:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.06.04 14:25:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.06.04 14:25:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.06.04 14:25:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.05.25 09:48:21 | 000,000,248 | ---- | C] () -- C:\Boot.bak

[2012.05.25 09:48:17 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012.05.23 17:35:04 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes Anti-Malware.lnk

[2012.05.22 09:01:06 | 3202,658,304 | -HS- | C] () -- C:\hiberfil.sys

[2012.05.14 20:45:46 | 003,895,848 | ---- | C] () -- C:\Program Files\HPPSdr.exe

[2012.05.13 20:12:59 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk

[2012.05.13 20:12:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk

[2012.05.13 10:11:08 | 000,540,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012.04.17 11:11:12 | 002,915,520 | ---- | C] () -- C:\Program Files\HPHNDU.exe

[2012.03.30 13:23:09 | 022,259,528 | ---- | C] () -- C:\Program Files\vlc-2.0.1-win32.exe

[2012.03.29 18:20:58 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini

[2012.01.11 15:37:58 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\.backup.dm

[2011.12.08 10:04:31 | 005,313,141 | ---- | C] () -- C:\Program Files\install.exe

[2011.12.05 08:17:09 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2601519475-432958476-330210462-1006-0.dat

[2011.11.29 00:31:19 | 001,107,022 | ---- | C] () -- C:\Program Files\SubtitleWorkshop251.exe

[2011.11.13 21:35:20 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011.05.17 21:58:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

 

========== LOP Check ==========

 

[2012.05.22 08:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC

[2012.01.11 15:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk

[2011.10.16 10:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2011.11.06 12:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin

[2011.07.12 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations

[2011.05.30 23:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo

[2009.09.28 18:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\m2backup

[2010.03.08 16:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX

[2009.09.28 18:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mquadr.at

[2010.03.05 22:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia

[2009.10.18 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009.09.28 16:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor

[2011.07.18 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr

[2010.03.29 22:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA

[2011.12.08 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RavensburgerTipToi

[2012.05.03 09:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer

[2009.09.28 17:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB

[2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4C64F87B-DDC8-4FB0-BC32-596BDEB52000}

[2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{91E14A42-CE18-4B53-9D80-4B6B72AB7C12}

[2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14}

[2009.10.13 08:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Avaya

[2012.03.29 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Canon

[2011.10.16 10:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\DAEMON Tools Lite

[2012.05.03 09:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\ElevatedDiagnostics

[2009.10.17 23:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\FotoWire

[2012.05.15 16:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\FreeFixer

[2011.11.06 11:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\GARMIN

[2011.05.30 23:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\GHISLER

[2012.02.02 09:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\HTC

[2011.05.31 01:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2009.10.11 23:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\InterVideo

[2009.09.29 00:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Leadertech

[2009.12.02 16:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Lenovo

[2010.03.08 16:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\MAGIX

[2010.03.01 22:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Nokia

[2010.03.01 22:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\PC Suite

[2011.05.29 09:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\PCDr

[2010.01.28 03:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\RadLight Company

[2011.12.08 10:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\RavensburgerTipToi

[2012.01.11 15:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\SanDisk

[2011.05.30 23:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Thunderbird

[2009.09.29 03:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Thunderbird Sept 29 start backup

[2011.05.29 09:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Update

[2011.05.30 23:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Windows Desktop Search

[2009.10.18 16:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Windows Search

[2009.09.28 17:19:53 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\1. regisztrálási emlékeztető.job

[2009.10.08 23:50:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\2. regisztrálási emlékeztető.job

[2009.10.13 23:50:13 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\3. regisztrálási emlékeztető.job

[2012.06.04 08:02:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job

[2012.06.04 22:55:58 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

[2012.06.04 12:00:12 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job

 

========== Purity Check ==========

 

 

 

< End of report >

[etavares]

Hello, csnagyg.

 

 

Great news! Let's continue on.

 

 

 

 

 

 

 

 

 

 

Step 1

 

 

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

 

 

We need run an OTL Script

1. Please download OTL from one of the following mirrors if you do not still have it.
   
   • This is first Mirror
     
   • This is the second mirror
     

[*]Save it to your desktop.

[*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.

[*]Paste the following code under the Custom Scans/Fixes box at the bottom.

:OTL
DRV - (WDICA) -- File not found
DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (mbr) -- C:\DOCUME~1\Cse\LOCALS~1\Temp\mbr.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (EraserUtilDrv11210) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\etavaresCF19709e\catchme.sys File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1:9421;<local>
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
:commands
[EmptyTemp]

[*]Click the Run Fix button at the top.

[*]let the program run unhindered and reboot when it is done.

[*]You will get a log when it is done, please post that in your reply.

[*]Please then create a new OTL report....

[*]Click the "Scan All Users" checkbox.

[*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.

[*]A report will open, copy and paste it in a reply here.

 

 

 

 

 

 

Step 2

 

 

Please go to the Kaspersky website and perform an online antivirus scan.

 

 

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   
5. Click on My Computer under Scan.
   
6. Once the scan is complete, it will display the results. Click on View Scan Report.
   
7. You will see a list of infected items there. Click on Save Report As....
   
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
   
9. Please post this log in your next reply.
   

 

 

Note: Kaspersky online scan may take time to complete, please be patient.

 

 

etavares

[csnagyg]

Hi, OK, I have performed Step 1 as requested and am posting the log files. The link you gave to the Kaspersky website however does not work, so in interest of time I looked up what I think you meant and downloaded Kaspersky Security Scan from http://www.kaspersky.com/virusscanner. I started to run it but it takes very long and I do not have the time now to finish it as I am leaving on a 4 day trip, so I will finish it on Sunday only. Can you please confirm till than if it is the same tool that you wanted or if not, give me the correct link that I could use. Thanks for your support!

 

OTL File 1:

 

All processes killed

========== OTL ==========

Service WDICA stopped successfully!

Service WDICA deleted successfully!

File File not found not found.

Service upperdev stopped successfully!

Service upperdev deleted successfully!

File system32\DRIVERS\usbser_lowerflt.sys File not found not found.

Service UIUSys stopped successfully!

Service UIUSys deleted successfully!

File system32\DRIVERS\UIUSYS.SYS File not found not found.

Service PDRFRAME stopped successfully!

Service PDRFRAME deleted successfully!

File File not found not found.

Service PDRELI stopped successfully!

Service PDRELI deleted successfully!

File File not found not found.

Service PDFRAME stopped successfully!

Service PDFRAME deleted successfully!

File File not found not found.

Service PDCOMP stopped successfully!

Service PDCOMP deleted successfully!

File File not found not found.

Service PCIDump stopped successfully!

Service PCIDump deleted successfully!

File File not found not found.

Error: No service named mbr was found to stop!

Service\Driver key mbr not found.

File C:\DOCUME~1\Cse\LOCALS~1\Temp\mbr.sys File not found not found.

Service lbrtfdc stopped successfully!

Service lbrtfdc deleted successfully!

File File not found not found.

Service EraserUtilDrv11210 stopped successfully!

Service EraserUtilDrv11210 deleted successfully!

File C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys File not found not found.

Service Changer stopped successfully!

Service Changer deleted successfully!

File File not found not found.

Service catchme stopped successfully!

Service catchme deleted successfully!

File C:\etavaresCF19709e\catchme.sys File not found not found.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Cse

->Temp folder emptied: 1587309 bytes

->Temporary Internet Files folder emptied: 3041084 bytes

->Java cache emptied: 91585 bytes

->FireFox cache emptied: 223339470 bytes

->Google Chrome cache emptied: 6630934 bytes

->Flash cache emptied: 18499 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

 

User: Jutka

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 65748 bytes

->Temporary Internet Files folder emptied: 16786 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: Rendszergazda

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Vendég

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 74275 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 224,00 mb

 

 

OTL by OldTimer - Version 3.2.46.1 log created on 06062012_084714

 

Files\Folders moved on Reboot...

C:\Documents and Settings\Cse\Local Settings\Temp\IadHide4.dll moved successfully.

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_504.dat not found!

C:\WINDOWS\temp\Perflib_Perfdata_8c0.dat moved successfully.

 

Registry entries deleted on Reboot...

 

OTL File :

 

OTL logfile created on: 2012.06.06. 9:00:05 - Run 3

OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Cse\Asztal

Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd.

 

2,98 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 40,92% Memory free

4,30 Gb Paging File | 2,81 Gb Available in Paging File | 65,40% Paging File free

Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 228,67 Gb Total Space | 10,34 Gb Free Space | 4,52% Space Free | Partition Type: NTFS

 

Computer Name: JGRUBITS | User Name: Cse | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Cse\Asztal\OTL.scr (OldTimer Tools)

PRC - C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

PRC - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()

PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)

PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)

PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)

PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

PRC - C:\Program Files\ThinkPad\ConnectUtilities\Access Connections.exe (Lenovo)

PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia)

PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)

PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)

PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)

PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

PRC - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)

PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)

PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()

PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()

PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)

PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

PRC - C:\Program Files\Lexmark P910 Series\lxbymon.exE (Lexmark International, Inc.)

PRC - C:\WINDOWS\system32\lxbycoms.exe (Lexmark International, Inc.)

PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)

PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

PRC - C:\Program Files\Lexmark P910 Series\ezprint.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\1a6f69d68edd37a7afe03b7fda209f9b\WindowsFormsIntegration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\0856245176949b6c5f69ce0db6c6a19e\UIAutomationProvider.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\246c2e1ace46674db95e253d99f0067e\PresentationFramework.Luna.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b15f86eef991d5af28833b98398dca3a\PresentationFramework.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e4abab56b79465c688b18faafec4372a\PresentationCore.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\7a6f33c72bd7bba0fef9ac1bb22277eb\WindowsBase.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\141f0a8fbfb83604fa3dd43dbe8fa0f4\PresentationFramework.Luna.ni.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll ()

MOD - C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll ()

MOD - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()

MOD - C:\Documents and Settings\Cse\Application Data\SanDisk\My Vaults\dmBackup.dll ()

MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL ()

MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\AxInterop.P2PControlLib.dll ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\MainGUIRes.dll ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll ()

MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll ()

MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_hu_31bf3856ad364e35\PresentationFramework.resources.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_hu_b77a5c561934e089\System.resources.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_hu_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_hu_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll ()

MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_hu_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\WINDOWS\system32\btwicons.dll ()

MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll ()

MOD - C:\WINDOWS\system32\nview.dll ()

MOD - C:\WINDOWS\system32\nvshell.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll ()

MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll ()

MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

MOD - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe ()

MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll ()

MOD - C:\Program Files\Common Files\Lenovo\CDRecord.dll ()

MOD - C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll ()

MOD - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()

MOD - C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll ()

MOD - C:\WINDOWS\system32\TpKmpSvc.exe ()

MOD - C:\WINDOWS\system32\LXPRMON.DLL ()

MOD - C:\Program Files\Lexmark P910 Series\ezprint.exe ()

MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\lxbyPP5C.DLL ()

MOD - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()

SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.)

SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe ()

SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )

SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )

SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)

SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)

SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)

SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)

SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)

SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)

SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation)

SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation)

SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation)

SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe ()

SRV - (SavRoam) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec)

SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)

SRV - (DefWatch) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)

SRV - (SymSecurePort) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)

SRV - (ISSVC) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)

SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)

SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe ()

SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)

SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)

SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)

SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)

SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)

SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()

SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

SRV - (lxby_device) -- C:\WINDOWS\system32\lxbycoms.exe (Lexmark International, Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120601.005\NAVEX15.SYS (Symantec Corporation)

DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120601.005\NAVENG.SYS (Symantec Corporation)

DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)

DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20120531.001\SymIDSCo.sys (Symantec Corporation)

DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)

DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.)

DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()

DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()

DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.)

DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.)

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)

DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)

DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.)

DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software)

DRV - (IntelIde) -- C:\WINDOWS\system32\drivers\intelide.sys (Microsoft Corporation)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation)

DRV - (i2omp) -- C:\WINDOWS\system32\drivers\i2omp.sys (Microsoft Corporation)

DRV - (ViaIde) -- C:\WINDOWS\system32\drivers\viaide.sys (Microsoft Corporation)

DRV - (viaagp) -- C:\WINDOWS\system32\drivers\viaagp.sys (Microsoft Corporation)

DRV - (agpCPQ) -- C:\WINDOWS\system32\drivers\agpcpq.sys (Microsoft Corporation)

DRV - (amdagp) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.)

DRV - (sisagp) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (alim1541) -- C:\WINDOWS\system32\drivers\alim1541.sys (Microsoft Corporation)

DRV - (agp440) -- C:\WINDOWS\system32\drivers\agp440.sys (Microsoft Corporation)

DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation)

DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys ()

DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)

DRV - (LenovoRd) -- C:\WINDOWS\system32\drivers\LenovoRd.sys (Lenovo)

DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.)

DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)

DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.)

DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation)

DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation)

DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\symids.sys (Symantec Corporation)

DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\symndis.sys (Symantec Corporation)

DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\symfw.sys (Symantec Corporation)

DRV - (SYMDNS) -- C:\WINDOWS\system32\drivers\symdns.sys (Symantec Corporation)

DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)

DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)

DRV - (SAVRT) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys (Symantec Corporation)

DRV - (SAVRTPEL) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)

DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)

DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)

DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)

DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)

DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)

DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)

DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)

DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)

DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)

DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)

DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation)

DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.)

DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (TosIde) -- C:\WINDOWS\system32\drivers\toside.sys (Microsoft Corporation)

DRV - (hpn) -- C:\WINDOWS\system32\drivers\hpn.sys (Microsoft Corporation)

DRV - (dpti2o) -- C:\WINDOWS\system32\drivers\dpti2o.sys (Microsoft Corporation)

DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.)

DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (perc2hib) -- C:\WINDOWS\system32\drivers\perc2hib.sys (Microsoft Corporation)

DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (perc2) -- C:\WINDOWS\system32\drivers\perc2.sys (Microsoft Corporation)

DRV - (aic78xx) -- C:\WINDOWS\system32\drivers\aic78xx.sys (Microsoft Corporation)

DRV - (aic78u2) -- C:\WINDOWS\system32\drivers\aic78u2.sys (Microsoft Corporation)

DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.)

DRV - (adpu160m) -- C:\WINDOWS\system32\drivers\adpu160m.sys (Microsoft Corporation)

DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.)

DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation)

DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation)

DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation)

DRV - (dac2w2k) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation)

DRV - (ql1240) -- C:\WINDOWS\system32\drivers\ql1240.sys (Microsoft Corporation)

DRV - (Ql10wnt) -- C:\WINDOWS\system32\drivers\ql10wnt.sys (Microsoft Corporation)

DRV - (dac960nt) -- C:\WINDOWS\system32\drivers\dac960nt.sys (Microsoft Corporation)

DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.)

DRV - (ini910u) -- C:\WINDOWS\system32\drivers\ini910u.sys (Microsoft Corporation)

DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation)

DRV - (cbidf) -- C:\WINDOWS\system32\drivers\cbidf2k.sys (Microsoft Corporation)

DRV - (Cpqarray) -- C:\WINDOWS\system32\drivers\cpqarray.sys (Microsoft Corporation)

DRV - (cd20xrnt) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys (Microsoft Corporation)

DRV - (asc3350p) -- C:\WINDOWS\system32\drivers\asc3350p.sys (Microsoft Corporation)

DRV - (amsint) -- C:\WINDOWS\system32\drivers\amsint.sys (Microsoft Corporation)

DRV - (Aha154x) -- C:\WINDOWS\system32\drivers\aha154x.sys (Microsoft Corporation)

DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.)

DRV - (abp480n5) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS (Microsoft Corporation)

DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.sys (Adaptec)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkpad [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

 

 

IE - HKU\S-1-5-21-2601519475-432958476-330210462-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=WLEM&ocid=bb7hp

IE - HKU\S-1-5-21-2601519475-432958476-330210462-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2601519475-432958476-330210462-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE

IE - HKU\S-1-5-21-2601519475-432958476-330210462-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_deAT347

IE - HKU\S-1-5-21-2601519475-432958476-330210462-1006\..\SearchScopes\{7ABE1B73-0763-423E-B91D-814AB935EF1C}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKU\S-1-5-21-2601519475-432958476-330210462-1006\..\SearchScopes\{FC9CF8B4-59E2-442E-8A8E-B988ADAC399E}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-2601519475-432958476-330210462-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2601519475-432958476-330210462-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.index.hu/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.05.30 23:26:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.29 23:34:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 11:00:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.01 19:34:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.29 23:34:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions

[2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2012.05.03 09:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions

[2011.05.30 23:21:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.20 14:14:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2012.05.03 09:34:30 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\plugin@yontoo.com

[2012.01.14 23:59:28 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\searchplugins\bing.xml

[2012.02.18 18:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012.03.25 19:39:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.05.02 11:00:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.02.18 13:57:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.11 22:28:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.01.19 20:50:37 | 000,002,032 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

[2012.02.11 22:28:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Skype Click to Call = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

 

O1 HOSTS File: ([2012.06.04 14:48:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )

O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark P910 Series\ezprint.exe ()

O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()

O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)

O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited)

O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)

O4 - HKLM..\Run: [lxbymon.exe] C:\Program Files\Lexmark P910 Series\lxbymon.exe (Lexmark International, Inc.)

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)

O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movies_on_DVD_7_TerraTec_Edition\Trayserver.exe (MAGIX AG)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKU\S-1-5-21-2601519475-432958476-330210462-1006..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-2601519475-432958476-330210462-1006..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)

O4 - HKU\S-1-5-21-2601519475-432958476-330210462-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKU\S-1-5-21-2601519475-432958476-330210462-1006..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)

O4 - HKU\S-1-5-21-2601519475-432958476-330210462-1006..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech)

O4 - HKU\S-1-5-21-2601519475-432958476-330210462-1006..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-2601519475-432958476-330210462-1006..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)

O4 - HKU\S-1-5-21-2601519475-432958476-330210462-1006..\Run: [sanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)

O4 - HKU\S-1-5-21-2601519475-432958476-330210462-1006..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Camera Monitor HD.lnk = C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O7 - HKU\S-1-5-21-2601519475-432958476-330210462-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2601519475-432958476-330210462-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2601519475-432958476-330210462-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2601519475-432958476-330210462-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254155909672 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254156007953 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553541500} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{077AE974-B150-457B-8948-189158AA3A90}: DhcpNameServer = 10.0.0.138

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo)

O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)

O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll ()

O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.03.13 10:50:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.06 08:47:14 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.06.05 09:34:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr

[2012.06.04 22:02:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012.06.04 14:25:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012.06.04 14:25:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012.06.04 14:25:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012.06.04 14:25:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012.06.04 14:25:14 | 000,000,000 | ---D | C] -- C:\etavaresCF19709e

[2012.06.04 11:20:19 | 000,000,000 | ---D | C] -- C:\etavaresCF15047e

[2012.06.01 19:33:53 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe

[2012.05.25 09:48:15 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012.05.25 09:41:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012.05.25 09:41:46 | 000,000,000 | ---D | C] -- C:\etavaresCF

[2012.05.25 09:41:42 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.05.23 17:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\Malwarebytes

[2012.05.23 17:35:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.05.23 17:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2012.05.23 17:35:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012.05.23 17:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.05.15 16:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\Revo Uninstaller

[2012.05.15 16:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\FreeFixer

[2012.05.15 16:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Local Settings\Application Data\FreeFixer

[2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer

[2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\FreeFixer

[2012.05.15 16:17:25 | 002,130,622 | ---- | C] (Kephyr) -- C:\Program Files\freefixersetup.exe

[2012.05.13 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HTC Sync

[2012.05.04 09:38:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe

[2012.05.03 23:53:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe

[2012.04.18 23:30:36 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe

[1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2012.06.06 09:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.06.06 09:01:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job

[2012.06.06 08:57:11 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.06 08:55:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\Cse\Start Menu\Programs\Indítópult\Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk

[2012.06.06 08:53:13 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2012.06.06 08:53:07 | 000,052,301 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2012.06.06 08:53:00 | 000,182,428 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.06.06 08:52:28 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2601519475-432958476-330210462-1006.job

[2012.06.06 08:52:25 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.06.06 08:52:19 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.06 08:52:18 | 000,025,456 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI

[2012.06.06 08:51:25 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI

[2012.06.06 08:51:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.06.06 08:50:48 | 3202,658,304 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.06 08:49:12 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat

[2012.06.06 08:47:24 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2601519475-432958476-330210462-1006.job

[2012.06.05 22:53:04 | 000,089,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cse\MSSSerif120.fon

[2012.06.05 22:53:04 | 000,064,544 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Cse\MSSSerif96.fon

[2012.06.05 21:18:51 | 000,000,207 | ---- | M] () -- C:\WINDOWS\GIB30_32.INI

[2012.06.05 21:18:50 | 000,002,330 | ---- | M] () -- C:\WINDOWS\gib00001.hst

[2012.06.05 16:16:10 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk

[2012.06.05 12:00:18 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job

[2012.06.05 09:34:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr

[2012.06.05 08:47:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.06.04 14:48:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012.06.04 08:02:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job

[2012.06.02 14:41:10 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.06.01 19:33:54 | 000,318,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe

[2012.05.31 15:22:06 | 000,602,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll

[2012.05.31 14:37:45 | 000,000,152 | ---- | M] () -- C:\WINDOWS\gib00002.hst

[2012.05.30 20:50:28 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk

[2012.05.25 09:48:21 | 000,000,364 | RHS- | M] () -- C:\boot.ini

[2012.05.25 08:59:33 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Google Chrome.lnk

[2012.05.23 17:35:04 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes Anti-Malware.lnk

[2012.05.22 09:11:06 | 000,000,248 | ---- | M] () -- C:\Boot.bak

[2012.05.21 10:39:15 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk

[2012.05.15 16:47:17 | 000,000,924 | ---- | M] () -- C:\Program Files\Revo Uninstaller.lnk

[2012.05.15 16:17:46 | 002,130,622 | ---- | M] (Kephyr) -- C:\Program Files\freefixersetup.exe

[2012.05.14 20:49:45 | 003,895,848 | ---- | M] () -- C:\Program Files\HPPSdr.exe

[2012.05.13 20:12:59 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk

[2012.05.13 20:12:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk

[2012.05.13 10:13:01 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.05.11 22:24:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.05.11 22:20:22 | 000,533,726 | ---- | M] () -- C:\WINDOWS\System32\perfh00E.dat

[2012.05.11 22:20:22 | 000,503,116 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.05.11 22:20:22 | 000,134,398 | ---- | M] () -- C:\WINDOWS\System32\perfc00E.dat

[2012.05.11 22:20:22 | 000,088,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.05.08 17:18:02 | 000,190,464 | ---- | M] () -- C:\Documents and Settings\Cse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2012.06.04 14:25:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012.06.04 14:25:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012.06.04 14:25:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012.06.04 14:25:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012.06.04 14:25:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012.05.25 09:48:21 | 000,000,248 | ---- | C] () -- C:\Boot.bak

[2012.05.25 09:48:17 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012.05.23 17:35:04 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\Malwarebytes Anti-Malware.lnk

[2012.05.22 09:01:06 | 3202,658,304 | -HS- | C] () -- C:\hiberfil.sys

[2012.05.14 20:45:46 | 003,895,848 | ---- | C] () -- C:\Program Files\HPPSdr.exe

[2012.05.13 20:12:59 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk

[2012.05.13 20:12:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk

[2012.05.13 10:11:08 | 000,540,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2012.05.04 09:45:04 | 000,000,940 | ---- | C] () -- C:\Program Files\Spybot - Search & Destroy.lnk

[2012.05.03 09:34:46 | 000,000,924 | ---- | C] () -- C:\Program Files\Revo Uninstaller.lnk

[2012.04.17 11:11:12 | 002,915,520 | ---- | C] () -- C:\Program Files\HPHNDU.exe

[2012.03.30 13:23:09 | 022,259,528 | ---- | C] () -- C:\Program Files\vlc-2.0.1-win32.exe

[2012.03.29 18:20:58 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini

[2012.01.11 15:37:58 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\.backup.dm

[2011.12.08 10:04:31 | 005,313,141 | ---- | C] () -- C:\Program Files\install.exe

[2011.12.05 08:17:09 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2601519475-432958476-330210462-1006-0.dat

[2011.11.29 00:31:19 | 001,107,022 | ---- | C] () -- C:\Program Files\SubtitleWorkshop251.exe

[2011.11.13 21:35:20 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2011.05.17 21:58:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

 

< End of report >

[etavares]

Hi, yes that is the correct site...they changed the URL. Thanks for letting me know. It will take some time, but will confirm you are clean. Also, I see you have low free space on this computer. Emptying temp files didn't help that much. A good rule of thumb is that you should have about 10-15% free on your boot drive. You have only 4.5% free. This could degrade system performance.

 

I'll look for the Kapersky log when you are back. Thanks for letting me know you will be gone until Sunday.

[csnagyg]

Hi, here it is... I assume this version of the program is newer than the one that your instructions were written to because there is no option to select Settings and tick anything. What I did was running a full scan, please find the log below. As to your point on the free space: I know this rule of thumb and try to keep it above 10%, currently it dropped below but I will do a cleanup to get back above it - thanks for noticing it anyway.

 

System protection (0)

Malware (11)

 

 

• Exploit.HTML.CodeBaseExec
  notepad.html
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000.VBN//CryptZ//XP trükkök/Notepad-Html
  
• Trojan-Downloader.Win32.VB.rrl
  googledownload.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0001\4FDC352F.VBN//CryptZ//$WINDIR
  
• Trojan-Downloader.Win32.VB.rrl
  googledownload.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0002\4FDC3622.VBN//CryptZ//$WINDIR
  
• Trojan-Downloader.Win32.VB.rrl
  googledownload.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0000\4FDC31ED.VBN//CryptZ//$WINDIR
  
• Trojan-Downloader.Win32.VB.rrl
  googledownload.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EDC0003\4FDC374C.VBN//CryptZ//$WINDIR
  
• Trojan.Win32.Chifrax.d
  downloader.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\103C0001\5BBED470.VBN//CryptZ//$PLUGINSDIR
  
• Trojan.Win32.Chifrax.d
  downloader.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\103C0000\5BBED1F9.VBN//CryptZ//$PLUGINSDIR
  
• Trojan.Win32.Chifrax.d
  downloader.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10740001\5B7E3A74.VBN//CryptZ//$PLUGINSDIR
  
• Trojan.Win32.Chifrax.d
  downloader.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10740000\5B7E23CB.VBN//CryptZ//$PLUGINSDIR
  
• Trojan.Win32.Chifrax.d
  downloader.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10740002\5B7E3BAF.VBN//CryptZ//$PLUGINSDIR
  
• Trojan-Downloader.Win32.VB.rrl
  googledownload.exe
  C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10940000\5B9FF840.VBN//CryptZ//$WINDIR
  

Vulnerabilities (2)

 

 

• C:\Program Files\DAEMON Tools Lite\DTLite.exe
  
• C:\Program Files\Lenovo\Rescue and Recovery\rnr_gui.exe
  

Other issues (12)

 

 

• "Autorun from hard drives is allowed"
  
• "Autorun from network drives is enabled"
  
• "CD/DVD autorun is enabled"
  
• "Removable media autorun is enabled"
  
• "Microsoft Internet Explorer: clear history of typed URLs"
  
• "Microsoft Internet Explorer - disable caching data received via protected channel"
  
• "Microsoft Internet Explorer: disable sending error reports"
  
• "Microsoft Internet Explorer: delete cookies"
  
• "Microsoft Internet Explorer: clear the list of trusted domains"
  
• "Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
  
• "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
  
• "Microsoft Internet Explorer: start page reset"
   
  

[etavares]

Hello, csnagyg.

 

 

Even the log looks quite different. They did some major updating. You ran it correctly. The good news is that everything it found was already quarantined by your antivirus.

 

 

 

 

 

 

Step 1

 

 

Next, we need to update Java.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 30 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version.
  
• Save it to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java version(s) shown below:
  J2SE Runtime Environment 5.0 Update 6
  Java 6 Update 31
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u29-windows-i586-s.exe to install the newest version. If you downloaded the 64-bit version, make sure to install that as well.
  

 

 

 

 

 

 

 

 

Step 2

 

 

 

 

PLease run OTL, click Quick Scan and post the resulting log. I think we are ready to clean up in my next post unless you have any remaining issues.

 

 

etavares