csnagyg Posted June 10, 2012 Author Posted June 10, 2012 Hi etavares, good news, thanks. Can you please explain why do I need version 30 (or is it meant to be update 30 instead?) if I have version 6, update 31 now? According to the java.com site I am supposed to update to version 7 update 4, why not use that one? Thanks!
etavares Posted June 11, 2012 Posted June 11, 2012 ^%$!@#^@#$. I updated that speech yesterday to read Version 7 UPdate 4. It apparently didn't save. Sorry...you are 100% correct, you should update to Java 7 Update 4. etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 11, 2012 Author Posted June 11, 2012 Hi, OK no problem, I thought it must have been something like this. I have updated my Java and ran the OTL quick scan, pls see the log below, I hope it shows the desired results. Nevertheless can you please answer a few questions before closing the topic: 1. The Kaspersky scan listed several other vulnerabilities and risks other than malware, what should I do about those? 2. I noticed 3 folders named 'etawaresCFxxx' (where xxx is a mix of characters) under my C:\ drive and, what are they and shall I leave them there? Two are empty but one contains a file called NircmdB.exe, what is it? 3. What do you suggest I do to prevent the recurring of such malware infections? I have installed Spybot S&D but it is not really user friendly and mostly I do not know whether I should allow or deny the change which it reports to me. Thanks in advance! OTL logfile created on: 2012.06.11. 10:55:28 - Run 4 OTL by OldTimer - Version 3.2.46.1 Folder = C:\Documents and Settings\Cse\Asztal Windows XP Professional Edition Szervizcsomag 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040E | Country: Magyarország | Language: HUN | Date Format: yyyy.MM.dd. 2,98 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 39,86% Memory free 4,30 Gb Paging File | 2,57 Gb Available in Paging File | 59,76% Paging File free Paging file location(s): C:\pagefile.sys 1512 3024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228,67 Gb Total Space | 24,92 Gb Free Space | 10,90% Space Free | Partition Type: NTFS Computer Name: JGRUBITS | User Name: Cse | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Cse\Asztal\OTL.scr (OldTimer Tools) PRC - C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc) PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) PRC - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () PRC - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) PRC - C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.) PRC - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) PRC - C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) PRC - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.) PRC - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo ) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech) PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited) PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) PRC - C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) PRC - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION) PRC - C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\WINDOWS\system32\Crypserv.exe (CrypKey (Canada) Ltd.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () PRC - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe () PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation) PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) PRC - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe () PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) PRC - C:\WINDOWS\system32\TpKmpSvc.exe () PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) ========== Modules (No Company Name) ========== MOD - c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\0856245176949b6c5f69ce0db6c6a19e\UIAutomationProvider.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\246c2e1ace46674db95e253d99f0067e\PresentationFramework.Luna.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\e4abab56b79465c688b18faafec4372a\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\7a6f33c72bd7bba0fef9ac1bb22277eb\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll () MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\041b1bcf6ae9ab58925791d8198c37e2\PresentationFramework.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a1de74c8d0dfd15e3246e5dd394013bf\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\4b7adff986a085bb562222d0c5fdf5aa\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\141f0a8fbfb83604fa3dd43dbe8fa0f4\PresentationFramework.Luna.ni.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () MOD - C:\Program Files\Mozilla Thunderbird\mozjs.dll () MOD - C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll () MOD - C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll () MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll () MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll () MOD - C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll () MOD - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () MOD - C:\Documents and Settings\Cse\Application Data\SanDisk\My Vaults\dmBackup.dll () MOD - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRO.DLL () MOD - C:\Program Files\ThinkPad\Utilities\US\PWRMGRRT.DLL () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\IconRes.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\GUIHlprRes.dll () MOD - C:\Program Files\ThinkPad\ConnectUtilities\Res\US\SvcHlprRes.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\bwfiles.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\BWScriptExt.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\6.1.4.68-8876480L\Program\clntutil.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bwscriptext-8876480.dll () MOD - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWfiles-8876480.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_hu_b77a5c561934e089\System.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_hu_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_hu_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\system32\btwicons.dll () MOD - C:\Program Files\ThinkPad\Bluetooth Software\BTKeyInd.dll () MOD - C:\WINDOWS\system32\nview.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtCore4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtSvg4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtGUI4.dll () MOD - C:\Program Files\Nokia\Nokia PC Suite 7\QtXml4.dll () MOD - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () MOD - C:\Program Files\Common Files\Lenovo\Logger\logmon.exe () MOD - C:\Program Files\Lenovo\Rescue and Recovery\CDRecord.dll () MOD - C:\Program Files\Common Files\Lenovo\CDRecord.dll () MOD - C:\Program Files\Symantec Client Security\Symantec Client Firewall\prsettg.dll () MOD - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe () MOD - C:\Program Files\Common Files\Lenovo\xml4cmessages5_5.dll () MOD - C:\WINDOWS\system32\TpKmpSvc.exe () MOD - C:\WINDOWS\system32\LXPRMON.DLL () MOD - C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\pxl_m17n_tool.dll () ========== Win32 Services (SafeList) ========== SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (KSS) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) SRV - (JavaQuickStarterService) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) SRV - (DozeSvc) -- C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE (Lenovo.) SRV - (Power Manager DBC Service) -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe () SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo ) SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo ) SRV - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation) SRV - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) SRV - (btwdins) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.) SRV - (TPHKSVC) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited) SRV - (LENOVO.MICMUTE) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.) SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation) SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation) SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation) SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited) SRV - (TVT Backup Protection Service) -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe () SRV - (SavRoam) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec) SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) SRV - (DefWatch) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation) SRV - (SymSecurePort) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation) SRV - (ISSVC) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation) SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) SRV - (tvtnetwk) -- C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe () SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited) SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation) SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation) SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe () SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.) ========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120608.003\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120608.003\NAVENG.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20120606.001\SymIDSCo.sys (Symantec Corporation) DRV - (htcnprot) -- C:\WINDOWS\system32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider) DRV - (DozeHDD) -- C:\WINDOWS\system32\drivers\DOZEHDD.SYS (Lenovo.) DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS () DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys () DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.) DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.) DRV - (Shockprf) -- C:\WINDOWS\system32\drivers\ApsX86.sys (Lenovo.) DRV - (TPDIGIMN) -- C:\WINDOWS\system32\drivers\ApsHM86.sys (Lenovo.) DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS () DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software) DRV - (IntelIde) -- C:\WINDOWS\system32\drivers\intelide.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (Fastfat) -- C:\WINDOWS\System32\drivers\fastfat.sys (Microsoft Corporation) DRV - (i2omp) -- C:\WINDOWS\system32\drivers\i2omp.sys (Microsoft Corporation) DRV - (ViaIde) -- C:\WINDOWS\system32\drivers\viaide.sys (Microsoft Corporation) DRV - (viaagp) -- C:\WINDOWS\system32\drivers\viaagp.sys (Microsoft Corporation) DRV - (agpCPQ) -- C:\WINDOWS\system32\drivers\agpcpq.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\system32\drivers\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\drivers\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (alim1541) -- C:\WINDOWS\system32\drivers\alim1541.sys (Microsoft Corporation) DRV - (agp440) -- C:\WINDOWS\system32\drivers\agp440.sys (Microsoft Corporation) DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation) DRV - (NetworkX) -- C:\WINDOWS\system32\Ckldrv.sys () DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (LenovoRd) -- C:\WINDOWS\system32\drivers\LenovoRd.sys (Lenovo) DRV - (TVTI2C) -- C:\WINDOWS\system32\drivers\tvti2c.sys (Lenovo (United States) Inc.) DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (smihlp) SMI Helper Driver (smihlp) -- C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys (UPEK Inc.) DRV - (SYMTDI) -- C:\WINDOWS\system32\drivers\symtdi.sys (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\system32\drivers\symredrv.sys (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\system32\drivers\symids.sys (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\system32\drivers\symndis.sys (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\system32\drivers\symfw.sys (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\system32\drivers\symdns.sys (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited) DRV - (SAVRT) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys (Symantec Corporation) DRV - (SAVRTPEL) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions) DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions) DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions) DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions) DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions) DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC) DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation) DRV - (G400) -- C:\WINDOWS\system32\drivers\G400m.sys (Matrox Graphics Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (TosIde) -- C:\WINDOWS\system32\drivers\toside.sys (Microsoft Corporation) DRV - (hpn) -- C:\WINDOWS\system32\drivers\hpn.sys (Microsoft Corporation) DRV - (dpti2o) -- C:\WINDOWS\system32\drivers\dpti2o.sys (Microsoft Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\drivers\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\drivers\sym_u3.sys (LSI Logic) DRV - (perc2hib) -- C:\WINDOWS\system32\drivers\perc2hib.sys (Microsoft Corporation) DRV - (sym_hi) -- C:\WINDOWS\system32\drivers\sym_hi.sys (LSI Logic) DRV - (perc2) -- C:\WINDOWS\system32\drivers\perc2.sys (Microsoft Corporation) DRV - (aic78xx) -- C:\WINDOWS\system32\drivers\aic78xx.sys (Microsoft Corporation) DRV - (aic78u2) -- C:\WINDOWS\system32\drivers\aic78u2.sys (Microsoft Corporation) DRV - (symc8xx) -- C:\WINDOWS\system32\drivers\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\drivers\symc810.sys (Symbios Logic Inc.) DRV - (adpu160m) -- C:\WINDOWS\system32\drivers\adpu160m.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\system32\drivers\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\drivers\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\drivers\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\drivers\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\drivers\dac2w2k.sys (Mylex Corporation) DRV - (ql1240) -- C:\WINDOWS\system32\drivers\ql1240.sys (Microsoft Corporation) DRV - (Ql10wnt) -- C:\WINDOWS\system32\drivers\ql10wnt.sys (Microsoft Corporation) DRV - (dac960nt) -- C:\WINDOWS\system32\drivers\dac960nt.sys (Microsoft Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\drivers\mraid35x.sys (American Megatrends Inc.) DRV - (ini910u) -- C:\WINDOWS\system32\drivers\ini910u.sys (Microsoft Corporation) DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation) DRV - (cbidf) -- C:\WINDOWS\system32\drivers\cbidf2k.sys (Microsoft Corporation) DRV - (Cpqarray) -- C:\WINDOWS\system32\drivers\cpqarray.sys (Microsoft Corporation) DRV - (cd20xrnt) -- C:\WINDOWS\system32\drivers\cd20xrnt.sys (Microsoft Corporation) DRV - (asc3350p) -- C:\WINDOWS\system32\drivers\asc3350p.sys (Microsoft Corporation) DRV - (amsint) -- C:\WINDOWS\system32\drivers\amsint.sys (Microsoft Corporation) DRV - (Aha154x) -- C:\WINDOWS\system32\drivers\aha154x.sys (Microsoft Corporation) DRV - (asc) -- C:\WINDOWS\system32\drivers\asc.sys (Advanced System Products, Inc.) DRV - (abp480n5) -- C:\WINDOWS\system32\drivers\ABP480N5.SYS (Microsoft Corporation) DRV - (asc3550) -- C:\WINDOWS\system32\drivers\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.sys (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=WLEM&ocid=bb7hp IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_deAT347 IE - HKCU\..\SearchScopes\{7ABE1B73-0763-423E-B91D-814AB935EF1C}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{FC9CF8B4-59E2-442E-8A8E-B988ADAC399E}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;localhost ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.index.hu/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.05.30 23:26:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.29 23:34:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011.01.26 15:27:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 11:00:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.11 09:32:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.29 23:34:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions [2010.08.19 21:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.05.03 09:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions [2011.05.30 23:21:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.01.20 14:14:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.05.03 09:34:30 | 000,000,000 | ---D | M] (Yontoo) -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\extensions\plugin@yontoo.com [2012.01.14 23:59:28 | 000,000,570 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Mozilla\Firefox\Profiles\cvxm42tv.default\searchplugins\bing.xml [2012.02.18 18:04:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.03.25 19:39:20 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.05.02 11:00:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.11 22:28:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.01.19 20:50:37 | 000,002,032 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012.02.11 22:28:08 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Skype Click to Call = C:\Documents and Settings\Cse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ O1 HOSTS File: ([2012.06.04 14:48:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo ) O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited) O4 - HKLM..\Run: C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL () O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation) O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited) O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.) O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.) O4 - HKLM..\Run: [LPMailChecker] C:\Program Files\ThinkVantage\PrdCtr\LPMLCHK.EXE (Lenovo Group Limited) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PWRMGRTR] C:\Program Files\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited) O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo) O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movies_on_DVD_7_TerraTec_Edition\Trayserver.exe (MAGIX AG) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKCU..\Run: [KSS] C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe (Logitech) O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.) O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [sanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [lxbyUninstallerRan] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Bluetooth.lnk = C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Camera Monitor HD.lnk = C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe (PIXELA CORPORATION) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Indítópult\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited) O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254155909672 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254156007953 (MUWebControl Class) O16 - DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} http://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab (MachineInfoActiveX.MachineInfoActiveX) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553541500} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{077AE974-B150-457B-8948-189158AA3A90}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (tvt_gina.dll) - C:\WINDOWS\System32\tvt_gina.dll (Lenovo) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O20 - Winlogon\Notify\psfus: DllName - (C:\WINDOWS\system32\psqlpwd.dll) - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\tpfnf2: DllName - (C:\Program Files\Lenovo\HOTKEY\notifyf2.dll) - C:\Program Files\Lenovo\HOTKEY\notifyf2.dll () O24 - Desktop Components:0 (Jelenlegi saját honlap) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.13 10:50:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.11 09:35:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2012.06.11 09:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.06.11 09:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.06.11 09:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\Oracle [2012.06.11 09:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.11 09:02:24 | 000,892,400 | ---- | C] (Oracle Corporation) -- C:\Program Files\jxpiinstall-7u4-fcs-bin-b73-windows-i586-31_may_2012.exe [2012.06.06 09:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\Kaspersky Security Scan [2012.06.06 09:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2012.06.06 09:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab [2012.06.06 09:21:28 | 000,179,968 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Cse\Asztal\kss12.0.1.117mlg_en_ru_fr_de.exe [2012.06.05 09:34:32 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr [2012.06.04 22:02:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012.06.04 14:25:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012.06.04 14:25:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012.06.04 14:25:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012.06.04 14:25:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012.06.04 14:25:14 | 000,000,000 | ---D | C] -- C:\etavaresCF19709e [2012.06.04 11:20:19 | 000,000,000 | ---D | C] -- C:\etavaresCF15047e [2012.06.01 19:33:53 | 000,318,904 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmpfirefoxplugin.exe [2012.05.25 09:48:15 | 000,000,000 | RHSD | C] -- C:\cmdcons [2012.05.25 09:41:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2012.05.25 09:41:46 | 000,000,000 | ---D | C] -- C:\etavaresCF [2012.05.25 09:41:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.05.23 17:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\Malwarebytes [2012.05.23 17:35:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012.05.15 16:47:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\Revo Uninstaller [2012.05.15 16:18:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Application Data\FreeFixer [2012.05.15 16:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Local Settings\Application Data\FreeFixer [2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\FreeFixer [2012.05.15 16:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cse\Start Menu\Programs\FreeFixer [2012.05.15 16:17:25 | 002,130,622 | ---- | C] (Kephyr) -- C:\Program Files\freefixersetup.exe [2012.05.13 20:12:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HTC Sync [2012.05.04 09:38:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd162.exe [2012.05.03 23:53:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Program Files\TFC.exe [2012.04.18 23:30:36 | 000,739,856 | ---- | C] (Google Inc.) -- C:\Program Files\ChromeSetup.exe [1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.11 11:03:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.06.11 11:01:00 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HP Photo Creations Messager.job [2012.06.11 10:57:00 | 000,001,016 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.11 09:26:27 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\Cse\Start Menu\Programs\Indítópult\Tintaszint-figyelmeztetések - HP Photosmart 5510 series (hálózat).lnk [2012.06.11 09:24:17 | 000,052,301 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2012.06.11 09:24:11 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job [2012.06.11 09:24:01 | 000,182,428 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.06.11 09:23:11 | 000,025,456 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI [2012.06.11 09:23:09 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2601519475-432958476-330210462-1006.job [2012.06.11 09:23:01 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.11 09:22:59 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.11 09:21:46 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI [2012.06.11 09:21:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.11 09:21:03 | 3202,658,304 | -HS- | M] () -- C:\hiberfil.sys [2012.06.11 09:19:05 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat [2012.06.11 09:03:07 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2601519475-432958476-330210462-1006.job [2012.06.11 08:48:07 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.06.11 08:34:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.06.10 19:56:26 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk [2012.06.10 12:00:09 | 000,000,466 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job [2012.06.09 23:27:04 | 000,002,433 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Skype.lnk [2012.06.06 09:27:03 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Cse\Asztal\Kaspersky Security Scan.lnk [2012.06.06 09:21:29 | 000,179,968 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Cse\Asztal\kss12.0.1.117mlg_en_ru_fr_de.exe [2012.06.05 21:18:51 | 000,000,207 | ---- | M] () -- C:\WINDOWS\GIB30_32.INI [2012.06.05 21:18:50 | 000,002,330 | ---- | M] () -- C:\WINDOWS\gib00001.hst [2012.06.05 16:16:10 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk [2012.06.05 09:34:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Cse\Asztal\OTL.scr [2012.06.04 14:48:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012.06.04 08:02:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job [2012.05.31 14:37:45 | 000,000,152 | ---- | M] () -- C:\WINDOWS\gib00002.hst [2012.05.30 20:50:28 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk [2012.05.25 09:48:21 | 000,000,364 | RHS- | M] () -- C:\boot.ini [2012.05.25 08:59:33 | 000,001,820 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\Google Chrome.lnk [2012.05.22 09:11:06 | 000,000,248 | ---- | M] () -- C:\Boot.bak [2012.05.15 16:47:17 | 000,000,936 | ---- | M] () -- C:\Documents and Settings\Cse\Asztal\Revo Uninstaller.lnk [2012.05.15 16:47:17 | 000,000,924 | ---- | M] () -- C:\Program Files\Revo Uninstaller.lnk [2012.05.15 16:17:46 | 002,130,622 | ---- | M] (Kephyr) -- C:\Program Files\freefixersetup.exe [2012.05.14 20:49:45 | 003,895,848 | ---- | M] () -- C:\Program Files\HPPSdr.exe [2012.05.13 20:12:59 | 000,000,832 | ---- | M] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk [2012.05.13 20:12:59 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk [2012.05.13 10:13:01 | 000,181,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [1 C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\Cse\Local Settings\Application Data\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.11 09:04:42 | 000,000,936 | ---- | C] () -- C:\Documents and Settings\Cse\Asztal\Revo Uninstaller.lnk [2012.06.06 09:27:15 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Cse\Asztal\Kaspersky Security Scan.lnk [2012.06.04 14:25:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012.06.04 14:25:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012.06.04 14:25:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012.06.04 14:25:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012.06.04 14:25:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012.05.25 09:48:21 | 000,000,248 | ---- | C] () -- C:\Boot.bak [2012.05.25 09:48:17 | 000,260,272 | RHS- | C] () -- C:\cmldr [2012.05.22 09:01:06 | 3202,658,304 | -HS- | C] () -- C:\hiberfil.sys [2012.05.14 20:45:46 | 003,895,848 | ---- | C] () -- C:\Program Files\HPPSdr.exe [2012.05.13 20:12:59 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\Microsoft\Internet Explorer\Quick Launch\HTC Sync.lnk [2012.05.13 20:12:59 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Asztal\HTC Sync.lnk [2012.05.13 10:11:08 | 000,540,160 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2012.05.04 09:45:04 | 000,000,940 | ---- | C] () -- C:\Program Files\Spybot - Search & Destroy.lnk [2012.05.03 09:34:46 | 000,000,924 | ---- | C] () -- C:\Program Files\Revo Uninstaller.lnk [2012.04.17 11:11:12 | 002,915,520 | ---- | C] () -- C:\Program Files\HPHNDU.exe [2012.03.30 13:23:09 | 022,259,528 | ---- | C] () -- C:\Program Files\vlc-2.0.1-win32.exe [2012.03.29 18:20:58 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini [2012.01.11 15:37:58 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Cse\Application Data\.backup.dm [2011.12.08 10:04:31 | 005,313,141 | ---- | C] () -- C:\Program Files\install.exe [2011.12.05 08:17:09 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2601519475-432958476-330210462-1006-0.dat [2011.11.29 00:31:19 | 001,107,022 | ---- | C] () -- C:\Program Files\SubtitleWorkshop251.exe [2011.11.13 21:35:20 | 000,176,586 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2011.05.17 21:58:54 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini ========== LOP Check ========== [2012.05.22 08:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC [2012.01.11 15:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk [2011.10.16 10:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite [2011.11.06 12:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin [2011.07.12 21:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations [2011.05.30 23:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lenovo [2009.09.28 18:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\m2backup [2010.03.08 16:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX [2009.09.28 18:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mquadr.at [2010.03.05 22:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia [2009.10.18 21:58:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2009.09.28 16:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor [2011.07.18 17:51:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr [2010.03.29 22:07:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA [2011.12.08 10:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RavensburgerTipToi [2012.05.03 09:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2009.09.28 17:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB [2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4C64F87B-DDC8-4FB0-BC32-596BDEB52000} [2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{91E14A42-CE18-4B53-9D80-4B6B72AB7C12} [2011.05.30 23:22:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C3358ED5-0ADD-4BA0-8F60-B5A7CD34BD14} [2009.10.13 08:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Avaya [2012.03.29 13:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Canon [2011.10.16 10:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\DAEMON Tools Lite [2012.05.03 09:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\ElevatedDiagnostics [2009.10.17 23:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\FotoWire [2012.05.15 16:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\FreeFixer [2011.11.06 11:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\GARMIN [2011.05.30 23:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\GHISLER [2012.02.02 09:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\HTC [2011.05.31 01:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2009.10.11 23:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\InterVideo [2009.09.29 00:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Leadertech [2009.12.02 16:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Lenovo [2010.03.08 16:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\MAGIX [2010.03.01 22:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Nokia [2012.06.11 09:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Oracle [2010.03.01 22:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\PC Suite [2011.05.29 09:25:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\PCDr [2010.01.28 03:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\RadLight Company [2011.12.08 10:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\RavensburgerTipToi [2012.01.11 15:39:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\SanDisk [2011.05.30 23:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Thunderbird [2009.09.29 03:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Thunderbird Sept 29 start backup [2011.05.29 09:17:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Update [2011.05.30 23:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Windows Desktop Search [2009.10.18 16:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cse\Application Data\Windows Search [2009.09.28 17:19:53 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\1. regisztrálási emlékeztető.job [2009.10.08 23:50:05 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\2. regisztrálási emlékeztető.job [2009.10.13 23:50:13 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\3. regisztrálási emlékeztető.job [2012.06.04 08:02:03 | 000,000,528 | ---- | M] () -- C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job [2012.06.11 09:24:11 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job [2012.06.10 12:00:09 | 000,000,466 | ---- | M] () -- C:\WINDOWS\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report >
etavares Posted June 12, 2012 Posted June 12, 2012 Looks good. We'll clean up once you're satisfied with the question about the vulnerabilities: Vulnerabilities (2) C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Lenovo\Rescue and Recovery\rnr_gui.exe It appears that Daemon Tools is outdated. You should update it to the latest and greatest version. I have no idea why Lenovo is highlighted. It's a legit file. It is possible that Lenovo has a newer version. [Other issues (12) "Autorun from hard drives is allowed" "Autorun from network drives is enabled "CD/DVD autorun is enabled" "Removable media autorun is enabled" Autorun means that a file (e.g. malware) could be setup as the 'autorun'. You know how programs launch when you put in a CD or plug in a flash drive? Some malware spreads this way, generally from flash drives. While not required, we can set it up such that you have to run programs manually by going to My Computer and running it intentionally. "Microsoft Internet Explorer: clear history of typed URLs" "Microsoft Internet Explorer - disable caching data received via protected channel" "Microsoft Internet Explorer: disable sending error reports" "Microsoft Internet Explorer: delete cookies" "Microsoft Internet Explorer: clear the list of trusted domains" "Microsoft Internet Explorer: clear list of pop-up blocker exceptions" "Microsoft Internet Explorer: enable cache autocleanup on browser closing" "Microsoft Internet Explorer: start page reset" These are more privacy than anything. I do recommend you clear trusted zones...those can be bad as you give the zone higher access rights to your computer. Even if you trust the other website, if they get hacked, the hackers have increased access to your machine. The rest are more just to hide your browsing history from folks on your computer, although there are tracking cookies that track what sites you visit...they help with targeting the ads you see on websites be tailored to you. We can clean up any of this if you want as well. etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 12, 2012 Author Posted June 12, 2012 Great news! I will check and try to update those two under vulnerabilities as well as my trusted zones. As to Autorun, yes I know what you mean and I think I will not change the current settings. As to the issues under MS IE: I stopped using IE a while ago so they should not cause a problem but nevertheless I will go and clean these things up. I had two other questions (copied them below for easier reference), would you mind answering those also and then we can close the thread, thanks very much for your support! 2. I noticed 3 folders named 'etawaresCFxxx' (where xxx is a mix of characters) under my C:\ drive and, what are they and shall I leave them there? Two are empty but one contains a file called NircmdB.exe, what is it? 3. What do you suggest I do to prevent the recurring of such malware infections? I have installed Spybot S&D but it is not really user friendly and mostly I do not know whether I should allow or deny the change which it reports to me.
etavares Posted June 12, 2012 Posted June 12, 2012 Hello, csnagyg. To remove trusted zones, you can do this in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there. I didn't see any in your earlier logs or I would have warned you earlier. If you want to temporarily disable autorun when you put in a CD or flash drive (e.g. you get one from a friend or coworker), just hold down SHIFT before, during, and after (for about 30 seconds or until windows says your hardware is recognized) you plug in the CD or flash drive. Holding down shift keeps it from autorunning. The folders should disappear after running Step 1 below...if not, feel free to delete. In regards to not getting infections, the best solution is browsing behavior. Don't use torrents or cracks or use Peer-to-Peer software with unknown people. Much of what is on there is infected with viruses. Dont' click unknown links in email. Kepp all your programs up to date...not just antivirus and Windows, but Adobe Flash Player, Adobe Reader, Java, etc. Those all have security holes that malware uses to get on your system. Having one antivirus, one antispyware (e.g. Spybot) and one firewall (e.g. Windows) will keep you reasonably protected if something gets through. However, it's not 100% and that is why behavior is the most critical. Having more than one in any category will not increase your protection, but it will make your system slower and unstable as they fight to scan files. Even with all that, you will get infected at some point. New viruses come out all the time and have zero day attacks...that's when they find a vulnerability to exploit that isn't published or patched in a program. So, keep your backup up to date. :) Step 1 Uninstall ComboFix and Clean Up Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below: http://i517.photobucket.com/albums/u338/Eextremeboy/CF_Uninstall-1.jpg Please advise if this step is missed for any reason as it performs some important actions. Download and Run OTC We will now remove the tools we used during this fix using OTC. Download OTC by OldTimer and save it to your desktop. If that link doesn't work, try this one. Double click http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpgicon to start the program. If you are using Vista, please right-click and choose run as administrator Then Click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button. You will get a prompt saying "Begin Cleanup Process". Please select Yes. Restart your computer when prompted. If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so. Optional Items Please take the time to read below to secure your machine and take the necessary steps to keep it that way. System Still Slow? You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work. If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware Protect yourself from malicious sites The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background. Keep Windows Up to Date It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Update your AntiVirus Software It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions. Make sure your applications have all of their updates It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. Update all these programs regularly Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually. It will alert you when an update is available for a variety of software. It is very useful. Follow this list and your potential for being infected again will reduce dramatically. Good luck! etavares etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 15, 2012 Author Posted June 15, 2012 Hi etavares, I have done what you suggested, also installed Secunia and like it very much, I brought my PC from 89 to 98% and will try to keep it this way or even better. I am OK now to close this thread, thanks very much for your help and patience, it has been a pleasure to work with you! :-)
etavares Posted June 17, 2012 Posted June 17, 2012 You're welcome. Safe surfing! etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 19, 2012 Author Posted June 19, 2012 Hi etavares, I am back as I noticed something. As you told me on May 30th, one of the programs you asked me to run found an infected userinit.exe on my machine and we replaced it with a good version. After that, I saw that my Windows login process changed - e.g. the screen where I had to give in my Windows pw was blue and next to the pw field I could also see the photo of the user whose userID was displayed and whose pw was being requested. In addition, when I pressed Ctrl+Alt+Del it showed me the running processes in Task Manager view immediately. After a few days this change disappeared and everything is back to as it was - different Windows login screen w/o a picture, Ctrl+Alt+Del showing a window with 6 choices (lock PC, log off, shut down, change pw, task mgr, cancel). This is eactly as it used to be before I raised my problem on this platform. Can it be that my userinit.exe file is corrupted again? What to do? In addition, my AV found a risk called Packed.generic.371 today in one of the RP folders under System Volume Information. The file name was A0004820.dll and the RP folder in which it was found was created on June 4th. I googled this risk and found that Symantec (I am using their AV) discovered it only on June 9th as a new risk i.e. 5 days after the RP folder's creation date. It has quarantined it but due to the fact that it was on my machine earlier than discovered by Symantec, is it a reason for concern? Thanks!
etavares Posted June 20, 2012 Posted June 20, 2012 OK, a system restore point means the malware isn't active...there's a copy of it in a restore point. If you restore to that particular restore point, you'd get the virus, or at least some elements back. Interestingly enough, the June 4 point should have been cleared out by some things we did. A packed.generic isn't necessarily a big deal...lots of legit files, including some of our tools, are packed. In regards to the logon screen change...that does pique my interest. It could be a virus, or it could be an update from MIcrosoft as I restored an older version. Let's take a look to be sure. We need to create an OTL report, Please download OTL from this link. (If that link doesn't work, try this alternate link Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop. Click the "Scan All Users" checkbox. Select "Use Safelist" under "Extra Registry" Under the Custom Scan box paste this in: netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.sys /90 %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* %USERPROFILE%\..|smtmp;true;true;true /FP HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs /md5start userinit.exe explorer.exe winlogon.exe /md5stop CREATERESTOREPOINT Click the Run Scan button. The scan should take a few minutes. Please copy and paste both logs in your reply. If they are too big to paste in one reply, please split them into separate posts. etavares etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 20, 2012 Author Posted June 20, 2012 OK thanks. I will remove this threat from my machine even if it is inactive. I ran OTL, please find the log files attached below (OTL.txt has two parts as it exceeded your limit of 200 kB) and let me know what they mean, thanks!Extras 200612.TxtOTL 200612_2.TxtOTL 200612_1.Txt
etavares Posted June 21, 2012 Posted June 21, 2012 userinit.exe seems to be OK. If you have your Windows CD handy, we could replace it with that one. It's possible that Combofix changed a setting when we ran it and reverted back to the previous state when you uninstalled it. Is it running OK? etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 21, 2012 Author Posted June 21, 2012 I am not sure really. Yesterday, in order to improve performance and startup speed, I was trying to reduce the number of programs which are automatically starting at startup and now once again there is the problem of the laptop not willing to go in stand-by mode when pressing Fn-F4. I do not know if these two things are connected at all... Earlier, it also did not wake up properly from standby, when I pressed the Fn key it opened up only to show the "Preparing to stand-by mode' message and went back to standby without me doing anything. Last night, as I could not put it into standby I shut it down, this morning I started the machine and left it alone for a few min, when I came back it was completely shut down again and I had to start it once again. So, strange things are happening with system startup and shutdown and I do not know why. Any idea from your side?
etavares Posted June 22, 2012 Posted June 22, 2012 Hello, csnagyg. Please delete your copy of Combofix and download a fresh one from the links below. It does sound weird...but it could be related to your changes. Let's take a deeper look. Next, please download ComboFix from one of these locations: Bleepingcomputer InfoSpyware * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.) Double click on etavaresCF.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs. Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear. etavares etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 22, 2012 Author Posted June 22, 2012 Hi, OK I ran it, pls find the log below. However I must add that my computer is behaving really odd... This morning it loaded a completely different Windows view to what I had had before, it looked like it used a restore point from a long time ago (e.g MS Word opened up with a draft of a letter I did not finish in 2008!, also the background picture of the Windows desktop was a world map with the time zones, something I never ever used, the letter and icon sizes were different in all applications, all my previously existing quick start icons in the bottom tray were gone as well as all the cache of the Firefo browser etc.). Strange enough, it did go to standby mode when I pressed Fn-F4... Nevertheless I decided to restart once again and then it loaded normally, as if nothing had happened... however it would again not go into standby mode. As I tried standby mode several times it also happened that after it did not obey this command I wanted to shut it down, it started to log off from Windows and seemed to shut down shortly but in the last second it finally went into standby. Finally, i noticed a Digital line detect folder in my programs which is dated June 14 2012, I do not think I ever saw it before, based on what I found on the net I removed this folder completely. Can you make any sense out of this please, what is happening? Combofix log: ComboFix 12-06-21.03 - Cse 012.06.22. 13:50:55.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.36.1038.18.3054.1435 [GMT 2:00] Running from: c:\documents and settings\TEMP\Asztal\etavaresCF.exe AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\TEMP\LOCALS~1\Temp\NeroSearchTrayHook_{B6F4D594-3F76-4228-899C-202A3B31D882}.dll c:\documents and settings\TEMP\Local Settings\Temp\NeroSearchTrayHook_{B6F4D594-3F76-4228-899C-202A3B31D882}.dll c:\program files\Combined-Community-Codec-Pack-2011-11-11.exe c:\program files\DTLite4454-0315.exe c:\program files\jxpiinstall-7u4-fcs-bin-b73-windows-i586-31_may_2012.exe c:\windows\msmqinst.log c:\windows\updspapi.log . . ((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 ))))))))))))))))))))))))))))))) . . 2012-06-22 12:05 . 2012-06-22 12:05 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS 2012-06-22 12:05 . 2012-06-22 12:05 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS 2012-06-22 12:05 . 2012-06-22 12:05 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS 2012-06-22 12:05 . 2012-06-22 12:05 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS 2012-06-22 12:05 . 2012-06-22 12:05 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS 2012-06-22 12:05 . 2012-06-22 12:05 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS 2012-06-22 12:05 . 2012-06-22 12:05 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS 2012-06-22 12:05 . 2012-06-22 12:05 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS 2012-06-22 12:05 . 2012-06-22 12:05 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS 2012-06-22 12:05 . 2012-06-22 12:05 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS 2012-06-22 12:05 . 2012-06-22 12:05 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS 2012-06-22 12:05 . 2012-06-22 12:05 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS 2012-06-22 12:04 . 2012-06-22 12:04 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS 2012-06-22 12:04 . 2012-06-22 12:04 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS 2012-06-22 12:04 . 2012-06-22 12:04 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS 2012-06-22 12:04 . 2012-06-22 12:04 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS 2012-06-22 12:04 . 2012-06-22 12:04 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS 2012-06-22 11:47 . 2012-06-22 11:47 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2012-06-15 08:14 . 2012-06-15 08:14 -------- d-----w- c:\program files\HandBrake 2012-06-14 09:33 . 2010-09-22 12:51 91304 ----a-w- c:\windows\system32\drivers\btserial.sys 2012-06-14 09:24 . 2011-12-23 11:32 122128 ----a-w- c:\windows\system32\SynTPCo9.dll 2012-06-14 09:24 . 2011-09-14 17:11 1048576 ----a-w- c:\windows\system32\syndata.bin 2012-06-14 09:22 . 2012-06-14 09:23 -------- d-----w- c:\program files\Digital Line Detect 2012-06-14 09:22 . 2012-06-14 09:22 -------- d-----w- c:\program files\NetWaiting 2012-06-14 09:21 . 2012-06-14 09:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2012-06-14 09:19 . 2010-06-02 12:49 301624 ----a-w- c:\windows\system32\UCI32M57.dll 2012-06-14 08:59 . 2010-09-07 12:09 13680 ----a-w- c:\windows\system32\drivers\smiif32.sys 2012-06-14 08:29 . 2012-06-14 08:29 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-06-14 08:29 . 2012-06-14 08:29 -------- d-----w- c:\program files\DAEMON Tools Lite 2012-06-14 08:25 . 2012-06-14 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis 2012-06-14 08:24 . 2012-06-14 08:24 -------- d-----w- c:\documents and settings\Cse\Corel 2012-06-14 08:24 . 2012-06-14 08:24 -------- d-----w- c:\program files\Common Files\Protexis 2012-06-14 08:24 . 2012-06-14 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2012-06-14 08:23 . 2010-11-16 14:24 13880 ----a-w- c:\windows\system32\drivers\regi.sys 2012-06-14 08:23 . 2012-06-14 08:23 -------- d-----w- c:\program files\Corel 2012-06-14 08:17 . 2012-06-14 08:17 346160 ----a-w- c:\program files\SoftonicDownloader_for_windvd.exe 2012-06-14 08:06 . 2012-06-14 08:06 -------- d-----w- c:\program files\Combined Community Codec Pack 2012-06-14 08:06 . 2012-06-14 08:06 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll 2012-06-14 08:05 . 2012-06-14 08:05 -------- d-----w- c:\program files\Common Files\xing shared 2012-06-14 08:05 . 2012-06-14 08:05 150696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll 2012-06-14 08:05 . 2012-06-14 08:05 129144 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpplugin.dll 2012-06-14 06:42 . 2008-07-09 09:05 421888 ----a-w- c:\windows\system32\ac3filter.acm 2012-06-14 06:41 . 2012-06-14 06:42 -------- d-----w- c:\program files\XP Codec Pack 2012-06-14 06:36 . 2012-06-14 06:38 11460600 ----a-w- c:\program files\XP-Codec-Pack-2.5.2-beta2.exe 2012-06-14 03:26 . 2012-05-11 14:44 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll 2012-06-13 23:28 . 2012-06-13 23:28 -------- d-----w- c:\program files\Secunia 2012-06-13 23:26 . 2012-06-13 23:26 1754456 ----a-w- c:\program files\PSISetup.exe 2012-06-13 23:18 . 2012-06-13 23:18 204496 ----a-w- c:\program files\StartUpLite.exe 2012-06-13 22:48 . 2012-06-13 22:48 -------- d-----w- c:\program files\Oracle 2012-06-13 22:44 . 2012-06-01 15:39 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-13 22:44 . 2012-06-01 15:39 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-13 21:02 . 2012-06-13 21:02 -------- d-----w- c:\program files\Common Files\Apple 2012-06-13 21:01 . 2012-06-13 21:01 -------- d-----w- c:\program files\Apple Software Update 2012-06-13 21:01 . 2012-06-13 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2012-06-13 13:55 . 2012-06-13 13:55 6529156 ----a-w- c:\program files\HandBrake-0.9.3-Win_GUI.exe 2012-06-12 20:26 . 2012-06-12 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan 2012-06-12 20:26 . 2012-06-12 20:26 -------- d-----w- c:\program files\McAfee Security Scan 2012-06-12 12:59 . 2012-06-15 08:14 6902122 ----a-w- c:\program files\HandBrake-0.9.6-i686-Win_GUI.exe 2012-06-11 07:33 . 2012-06-11 07:33 -------- d-----w- c:\program files\Common Files\Java 2012-06-11 07:32 . 2012-05-04 17:29 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-11 07:32 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-11 07:31 . 2012-06-13 22:46 -------- d-----w- c:\program files\Java 2012-06-06 07:26 . 2012-06-06 07:26 -------- d-----w- c:\program files\Kaspersky Lab 2012-06-06 07:26 . 2012-06-06 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2012-06-01 17:33 . 2012-06-01 17:33 318904 ----a-w- c:\program files\wmpfirefoxplugin.exe 2012-05-30 11:59 . 2012-05-30 11:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-05-23 15:35 . 2012-05-23 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-14 10:15 . 2009-10-11 20:14 89680 ----a-w- c:\documents and settings\Cse\MSSSerif120.fon 2012-06-14 10:15 . 2009-10-11 20:14 64544 ----a-w- c:\documents and settings\Cse\MSSSerif96.fon 2012-06-14 09:44 . 2009-09-28 15:04 33536 ----a-w- c:\windows\system32\drivers\tvtfilter.sys 2012-06-14 09:41 . 2009-09-28 14:54 30144 ----a-w- c:\windows\system32\drivers\psadd.sys 2012-06-12 20:31 . 2012-04-03 09:48 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-12 20:31 . 2011-07-25 23:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-02 13:19 . 2009-09-28 16:38 23576 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 13:19 . 2009-09-28 16:38 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 13:19 . 2009-09-28 16:38 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 13:19 . 2009-09-28 15:27 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 13:19 . 2009-09-28 15:27 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 13:19 . 2009-09-28 15:26 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 13:19 . 2009-09-28 16:38 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 13:19 . 2009-09-28 15:27 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 13:19 . 2009-09-28 15:27 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 13:19 . 2009-09-28 15:26 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 13:19 . 2009-09-28 16:38 15896 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 13:19 . 2009-09-28 15:27 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 13:19 . 2009-09-28 15:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 13:18 . 2009-09-28 20:57 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 13:18 . 2009-09-28 20:57 17648 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 13:18 . 2008-10-16 12:07 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2009-09-28 15:26 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:09 . 2009-09-28 15:27 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 14:17 . 2012-05-15 14:17 2130622 ----a-w- c:\program files\freefixersetup.exe 2012-05-15 13:55 . 2009-09-28 15:27 1863168 ------w- c:\windows\system32\win32k.sys 2012-05-14 18:49 . 2012-05-14 18:45 3895848 ----a-w- c:\program files\HPPSdr.exe 2012-05-11 14:44 . 2009-09-28 15:26 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:44 . 2009-09-28 15:26 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2009-09-28 15:26 385024 ------w- c:\windows\system32\html.iec 2012-05-06 08:03 . 2012-04-14 06:03 4140192 ------w- c:\windows\system32\FlashPlayerInstaller.exe 2012-05-05 03:14 . 2009-09-28 15:27 2149888 ------w- c:\windows\system32\ntoskrnl.exe 2012-05-05 03:14 . 2009-09-28 15:27 2028032 ------w- c:\windows\system32\ntkrnlpa.exe 2012-05-04 17:29 . 2010-05-09 07:28 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-05-04 07:40 . 2012-05-04 07:38 16409960 ------w- c:\program files\spybotsd162.exe 2012-05-03 21:53 . 2012-05-03 21:53 446464 ------w- c:\program files\TFC.exe 2012-05-02 13:47 . 2009-09-28 15:27 139656 ------w- c:\windows\system32\drivers\rdpwd.sys 2012-04-18 21:30 . 2012-04-18 21:30 739856 ------w- c:\program files\ChromeSetup.exe 2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-04-17 09:11 . 2012-04-17 09:11 2915520 ------w- c:\program files\HPHNDU.exe 2012-04-06 16:32 . 2012-04-06 16:32 1288192 ----a-w- c:\windows\system32\VSFilter.dll 2012-04-06 16:32 . 2012-04-06 16:32 472576 ----a-w- c:\windows\system32\AviSplitter.ax 2012-04-06 16:32 . 2012-04-06 16:32 659456 ----a-w- c:\windows\system32\RealMediaSplitter.ax 2012-04-06 16:32 . 2012-04-06 16:32 548352 ----a-w- c:\windows\system32\MatroskaSplitter.ax 2012-03-30 11:24 . 2012-03-30 11:23 22259528 ------w- c:\program files\vlc-2.0.1-win32.exe 2011-12-08 08:04 . 2011-12-08 08:04 5313141 ------w- c:\program files\install.exe 2011-11-28 22:31 . 2011-11-28 22:31 1107022 ------w- c:\program files\SubtitleWorkshop251.exe 2012-06-18 07:37 . 2012-01-24 16:48 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "Akamai NetSession Interface"="c:\documents and settings\Cse\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744] "HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2011-09-16 1804648] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-04-25 202296] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-28 68856] "SanDiskSecureAccess_Manager.exe"="c:\documents and settings\Cse\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-10-17 20480] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2007-01-10 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2011-12-23 134416] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-12-23 2321680] "PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2012-02-27 818240] "BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2012-02-27 208896] "TPFNF7"="c:\progra~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [2010-03-26 62312] "TpShocks"="TpShocks.exe" [2009-12-11 337256] "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2009-12-01 256576] "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-05-14 487424] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940] "AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688] "LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2009-07-23 185688] "AMSG"="c:\progra~1\THINKV~1\AMSG\Amsg.exe" [2009-09-03 436800] "cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840] "vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2007-03-14 125632] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 1036288] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752] "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184] "LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2009-07-23 124248] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208] "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-10-20 191552] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568] "LenovoAutoScrollUtility"="c:\program files\Lenovo\VIRTSCRL\virtscrl.exe" [2011-10-20 101440] "TrayServer"="c:\program files\MAGIX\Movies_on_DVD_7_TerraTec_Edition\TrayServer.exe" [2008-04-09 90112] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-14 296056] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-10-08 217088] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-10-08 458752] "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2011-10-03 1409384] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Indítópult\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-9-22 607584] Camera Monitor HD.lnk - c:\program files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-3-29 541976] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2012-6-14 50688] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-10-17 450560] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2007-03-14 20:17 89600 ------w- c:\windows\system32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\aon\\aonInstaller\\Installer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Documents and Settings\\Cse\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\aon\\aonController\\aonController.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Rendszerfelügyeleti webszolgáltatások . R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010.03.08. 18:06 25968] R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009.10.09. 13:10 20520] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012.06.14. 10:29 242240] R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012.06.14. 10:59 13680] R1 tvtumon;tvtumon;c:\windows\system32\drivers\tvtumon.sys [2008.05.09. 5:50 46144] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2009.09.28. 17:27 14336] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011.10.21. 16:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011.10.13. 18:21 249648] R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2010.03.08. 18:06 292200] R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012.04.25. 19:53 202296] R2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011.09.15. 13:06 88576] R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [2009.10.12. 23:19 69632] R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.exe [2012.06.14. 11:14 244800] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2012.06.14. 10:23 13880] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011.10.14. 8:01 399416] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012.05.30. 13:56 3048136] R2 smihlp;SMI Helper Driver (smihlp);c:\program files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007.03.14. 22:10 11152] R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [2012.06.14. 10:59 131432] R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [2007.03.30. 10:39 142696] R2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2008.05.14. 16:25 520192] R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008.05.09. 5:50 253952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012.06.01. 20:04 106656] R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2007.06.08. 7:36 81280] R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2006.09.13. 12:42 37312] S2 gupdate;Google frissítési szolgáltatás (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010.01.31. 10:41 135664] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [2009.07.03. 18:47 101736] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012.06.05. 15:17 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012.04.03. 11:48 257224] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2010.03.08. 16:41 1527900] S3 gupdatem;Google frissítés Szolgáltatás (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010.01.31. 10:41 135664] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011.05.31. 1:03 24576] S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010.06.22. 18:01 21248] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011.06.17. 19:33 237008] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012.05.02. 11:00 113120] S3 pccsmcfd;PCCS Mode Change Filter Driver;c:\windows\system32\drivers\pccsmcfd.sys [2010.03.02. 23:51 18816] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010.09.01. 10:30 15544] S3 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2007.03.14. 19:48 116416] S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [2011.10.14. 8:01 994360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:31] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:41] . 2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 08:41] . 2012-06-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . 2012-06-22 c:\windows\Tasks\PMTask.job - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-09-28 23:39] . 2012-06-22 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.index.hu/ uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch uInternet Settings,ProxyOverride = <local>;localhost IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 10.0.0.138 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB DPF: {C4B977A3-E8A2-37E9-ADCD-2597FAAC61F5} - hxxp://shop.lenovo.com/SEUILibrary/lenovo-portal/cab/autodetect/MachineInfo.cab FF - ProfilePath - c:\documents and settings\TEMP\Application Data\Mozilla\Firefox\Profiles\1cgvkm9s.default\ . - - - - ORPHANS REMOVED - - - - . BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file) Notify-ACNotify - ACNotify.dll MSConfigStartUp-CTFMON - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-22 14:06 Windows 5.1.2600 Szervizcsomag 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1200) c:\windows\system32\tvt_gina.dll c:\program files\ThinkPad\ConnectUtilities\ACGina.dll c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll c:\program files\ThinkPad\ConnectUtilities\AcCryptHlpr.dll c:\program files\ThinkPad\ConnectUtilities\ACON.dll c:\windows\system32\WININET.dll c:\program files\ThinkPad\ConnectUtilities\AcPrfMgr.dll c:\program files\ThinkPad\ConnectUtilities\ACTurinSupport.dll c:\program files\ThinkPad\ConnectUtilities\AcSmBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\ACNewBiosHelper.dll c:\program files\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll c:\program files\ThinkPad\ConnectUtilities\AcWrpc.dll c:\program files\ThinkPad\ConnectUtilities\Res\US\ACGinaRes.dll c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll c:\program files\ThinkVantage Fingerprint Software\homepass.dll c:\program files\ThinkVantage Fingerprint Software\bio.dll c:\program files\ThinkVantage Fingerprint Software\ps2css.dll c:\program files\ThinkVantage Fingerprint Software\remote.dll c:\program files\ThinkVantage Fingerprint Software\basegui.dll c:\program files\ThinkVantage Fingerprint Software\crypto.dll c:\program files\ThinkVantage Fingerprint Software\biokmd.dll c:\program files\ThinkVantage Fingerprint Software\tpmkey.dll c:\program files\ThinkVantage Fingerprint Software\ibmcore.dll c:\program files\Lenovo\Client Security Solution\css_enroll.dll c:\program files\Lenovo\Client Security Solution\css_banner.dll c:\windows\system32\cssuserdatadispatcher.dll c:\windows\system32\tvttsp.dll c:\windows\system32\tcsrpc.dll . - - - - - - - > 'lsass.exe'(1260) c:\windows\system32\psqlpwd.dll c:\program files\ThinkVantage Fingerprint Software\homefus2.dll c:\program files\ThinkVantage Fingerprint Software\infra.dll . - - - - - - - > 'explorer.exe'(7048) c:\windows\system32\WININET.dll c:\docume~1\Cse\LOCALS~1\Temp\IadHide4.dll c:\windows\system32\btmmhook.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ibmpmsvc.exe c:\program files\Intel\WiFi\bin\S24EvMon.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\windows\System32\SCardSvr.exe c:\windows\system32\IPSSVC.EXE c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe c:\windows\system32\crypserv.exe c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe c:\windows\system32\TpKmpSVC.exe c:\program files\Lenovo\Client Security Solution\tvttcsd.exe c:\program files\Lenovo\Rescue and Recovery\rrservice.exe c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe c:\program files\Lenovo\Rescue and Recovery\ADM\IUService.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\SearchIndexer.exe c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\lenovo\system update\suservice.exe c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\LENOVO\HOTKEY\tposdsvc.exe c:\windows\system32\wscntfy.exe c:\program files\Lenovo\HOTKEY\TPONSCR.exe c:\program files\Lenovo\Zoom\TpScrex.exe c:\windows\system32\SearchProtocolHost.exe c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe c:\windows\system32\rundll32.exe c:\windows\system32\TpShocks.exe c:\windows\system32\RUNDLL32.EXE c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe c:\program files\Symantec Client Security\Symantec AntiVirus\DoScan.exe c:\program files\ThinkVantage Fingerprint Software\enrollbtn.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Logitech\Video\FxSvr2.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Microsoft Office\Office12\ONENOTEM.EXE c:\windows\system32\RunDll32.exe c:\progra~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe c:\windows\system32\msiexec.exe c:\program files\Common Files\Lenovo\Logger\logmon.exe c:\windows\system32\SearchFilterHost.exe c:\program files\HP\HP Photosmart 5510 series\bin\HPNetworkCommunicator.exe . ************************************************************************** . Completion time: 2012-06-22 14:14:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-22 12:14 . Pre-Run: 19 659 345 920 bájt szabad Post-Run: 19 505 975 296 bájt szabad . - - End Of File - - F3A213EB37BEB7A7AD1DD4808AAA0A31
etavares Posted June 22, 2012 Posted June 22, 2012 Hello, csnagyg. Nothing in that log appears bad. We'll run a virus can, make a minor registry fix, then in regards to the weird behavior..if it's still acting weird and the scan comes back clean, we'll dig a bit deeper. Step 1 Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your desktop (click file, save as) as "fixit.reg" with the quotes. REGEDIT 4 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=- NOTICE: This file was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Locate fixit.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer "Yes" and wait for a message to appear similar to "Merged Successfully". Please reply back letting me know if it merged correctly. I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png etavares etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 23, 2012 Author Posted June 23, 2012 Hi, OK I have done both. The fixit.reg was successfully merged and ESET successfully ran, pls find the log below. The found items are left in quarantine, pls advise what they are and if I should purge them completely, thanks. In addition, I noticed that since the first time I ran Combofix and it made my PC to start creating restore points I have accumulated a total of 66 of them by now and they use up 14 GB of hard drive space. How should I manage this going forward, can I delete the old ones after a while? ESET log: C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\Documents and Settings\Cse\Dokumentumok\Downloads\cnet2_revosetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined C:\Documents and Settings\Cse\Local Settings\Temp\wO+c2z29.exe.part Win32/Toggle application cleaned by deleting - quarantined C:\Program Files\SoftonicDownloader_for_windvd.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined C:\Program Files\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined C:\System Volume Information\_restore{DC4706B7-450E-46FC-B5A9-EBEDB4B4AF89}\RP66\A0014070.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\System Volume Information\_restore{DC4706B7-450E-46FC-B5A9-EBEDB4B4AF89}\RP66\A0014071.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined C:\System Volume Information\_restore{DC4706B7-450E-46FC-B5A9-EBEDB4B4AF89}\RP66\A0014073.exe a variant of Win32/SoftonicDownloader.D application cleaned by deleting - quarantined C:\System Volume Information\_restore{DC4706B7-450E-46FC-B5A9-EBEDB4B4AF89}\RP66\A0014074.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
etavares Posted June 24, 2012 Posted June 24, 2012 I strongly suggest you keep system restore on! If not, a very simple registry issue or driver update could easily result in a complete reformat. You can limit the space. I would suggest you keep at least 5-10 restore points to be safe. To set the maximum disk space for system restore, click Start, right-click Computer, select Properties, Click System Protection, click Configure, then select the disk space limit and OK your way out. Then, confirm the number of restore points you have on your system. In regards to the ESET log, nothing major, you can delete all of it. How is the computer running? etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 24, 2012 Author Posted June 24, 2012 Thanks. No, I did not mean to completely remove system restore, I will certainly keep it. I have now set a limit that should allow me to keep more than 40 restore points and I can live with the space required for that. My PC has been doing well in the last 2 days. No erratic behaviour and stand/by started to work again. If it could stay like this and stabilize for a long time I would be happy with it as it is now. The question remains though: what caused the funny things thta I witnessed earlier this week... I do realize that I may never find out exactly :-)
etavares Posted June 26, 2012 Posted June 26, 2012 I'm not sure we'll ever know what caused it, but it doesn't appear to be malware. Let's wait a bit before we clean up. Please reply back in a day or two and confirm everything is still OK, then we will clean up the latest round of work. etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted June 29, 2012 Author Posted June 29, 2012 Hi, everything has been running well in the last 3 days, I have not noticed anything wrong or strange. Are we done? Thanks.
etavares Posted June 30, 2012 Posted June 30, 2012 Hello, csnagyg. Great news! :) We are almost done. A few last items: Step 1 Uninstall ComboFix and Clean Up Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below: http://i517.photobucket.com/albums/u338/Eextremeboy/CF_Uninstall-1.jpg Please advise if this step is missed for any reason as it performs some important actions. Download and Run OTC We will now remove the tools we used during this fix using OTC. Download OTC by OldTimer and save it to your desktop. If that link doesn't work, try this one. Double click http://i517.photobucket.com/albums/u338/Eextremeboy/OTC_Icon.jpgicon to start the program. If you are using Vista, please right-click and choose run as administrator Then Click the big http://i517.photobucket.com/albums/u338/Eextremeboy/CleanUp.jpg button. You will get a prompt saying "Begin Cleanup Process". Please select Yes. Restart your computer when prompted. No need to reply back if it works. I'll leave the thread open for a few more days in case you have questions. etavares etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted July 2, 2012 Author Posted July 2, 2012 Hi, the uninstall did not find Combofix and could not uninstall it. I still have an etavaresCF.exe file but its properties say it is from June 4th while you asked me to run it on June 22nd for the last time. Now that I re-read that post of yours from June 22 I think I may have not downloaded a new version of Combofix but just ran what I still had from earlier - I am not sure by now but believe this was the case. I am sorry for missing this piece of the instruction at the time - does it mean I need to download and run it again?
etavares Posted July 3, 2012 Posted July 3, 2012 Sort of. Best to delete your copy. Then, download a new copy and name it uninstall.exe and save to your desktop. Then double-click and it should uninstall. etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
csnagyg Posted July 5, 2012 Author Posted July 5, 2012 Hi, OK it worked fine both for Combofix and OTC so I guess we are done? Thanks again!
Recommended Posts